Subject: lib/19620: mbstowcs seg faults when passed a NULL pwcs
To: None <>
From: None <>
List: netbsd-bugs
Date: 01/01/2003 02:24:26
>Number:         19620
>Category:       lib
>Synopsis:       mbstowcs seg faults when passed a NULL pwcs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 01 02:25:00 PST 2003
>Originator:     Berin Lautenbach
>Release:        1.6
NetBSD hermes 1.6 NetBSD 1.6 (HERMES) #2: Tue Dec 24 07:25:06 EST 2002 root@hermes:/usr/src/sys/arch/i386/compile/HERMES i386
When called with a NULL pwcs, mbstowcs seg-faults.  When called 
with a valid buffer, it returns an incorrect count
of the number of characters (0)
The following (C++) code makes the break occur on my system - I never
see any output and ddd shows that the program dies inside (or
returning from) mbstowcs :


#include <stdlib.h>
#include <iostream.h>

int main(int argc, char ** argv) {

        int t = mbstowcs(NULL, "berin", 0);
        cout << "Result = " << t << endl;
        return 0;


My understanding of mbstowcs is that it should return the number of
wchat_t elements that will be needed to store the translated string.