lib/54414: wcsrtombs(3) doesn't update the source argument on conversion error

[uwe%stderr.spb.ru@localhost]

>Number:         54414
>Category:       lib
>Synopsis:       wcsrtombs(3) doesn't update the source argument on conversion error
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 27 23:00:00 +0000 2019
>Originator:     Valery Ushakov
>Release:        NetBSD-8
>Organization:
>Environment:
>Description:
wcsrtombs(3) definition in C99 says:

       [#3]  If  dst  is  not  a  null  pointer, the pointer object
       pointed to by src is assigned  either  a  null  pointer  (if
       conversion  stopped  due to reaching a terminating null wide
       character) or the address just past the last wide  character
       converted (if any).

Our wcsrtombs(3) does NOT update its src (pwcs) parameter if it
encounters a conversion error.

>How-To-Repeat:
#include <wchar.h>
#include <string.h>
#include <stdio.h>

#if !defined(__arraycount)
#define __arraycount(a) (sizeof(a)/sizeof(a[0]))
#endif

int
main()
{
    wchar_t label[] = L"L" L"\u0403" L"bel";
    char lbuf[128] = { 0 };
    mbstate_t mbstate;
    size_t n;

    memset(&mbstate, 0, sizeof(mbstate));
    const wchar_t *wp = label;
    n = wcsrtombs(lbuf, &wp, sizeof(lbuf), &mbstate);
    if (n == (size_t)-1) {
	printf("%p %p\n", label, wp);
    }

    memset(&mbstate, 0, sizeof(mbstate));
    char *dst = lbuf;
    for (int i = 0; i < __arraycount(label); ++i) {
	wchar_t wc = label[i];
	n = wcrtomb(dst, wc, &mbstate);
	if (n == (size_t)-1) {
	    printf("failed to convert \\x%x at %d\n", wc, i);
	    break;
	}
	dst += n;
    }

    return 0;
}


On Linux I get, e.g.:

0x7fff71f762e0 0x7fff71f762e4
failed to convert \x403 at 1

on NetBSD

0xffffe148 0xffffe148
failed to convert \x403 at 1

>Fix: