>Number:         19620
>Category:       lib
>Synopsis:       mbstowcs seg faults when passed a NULL pwcs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 01 02:25:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Berin Lautenbach
>Release:        1.6
>Organization:
>Environment:
NetBSD hermes 1.6 NetBSD 1.6 (HERMES) #2: Tue Dec 24 07:25:06 EST 2002 root@hermes:/usr/src/sys/arch/i386/compile/HERMES i386
>Description:
When called with a NULL pwcs, mbstowcs seg-faults.  When called 
with a valid buffer, it returns an incorrect count
of the number of characters (0)
>How-To-Repeat:
The following (C++) code makes the break occur on my system - I never
see any output and ddd shows that the program dies inside (or
returning from) mbstowcs :

---

#include <stdlib.h>
#include <iostream.h>

int main(int argc, char ** argv) {

        int t = mbstowcs(NULL, "berin", 0);
        cout << "Result = " << t << endl;
        return 0;
}

---

My understanding of mbstowcs is that it should return the number of
wchat_t elements that will be needed to store the translated string.

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted: