Subject: lib/19620: mbstowcs seg faults when passed a NULL pwcs
To: None <gnats-bugs@gnats.netbsd.org>
From: None <berin@ozemail.com.au>
List: netbsd-bugs
Date: 01/01/2003 02:24:26
>Number: 19620
>Category: lib
>Synopsis: mbstowcs seg faults when passed a NULL pwcs
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Jan 01 02:25:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Berin Lautenbach
>Release: 1.6
>Organization:
>Environment:
NetBSD hermes 1.6 NetBSD 1.6 (HERMES) #2: Tue Dec 24 07:25:06 EST 2002 root@hermes:/usr/src/sys/arch/i386/compile/HERMES i386
>Description:
When called with a NULL pwcs, mbstowcs seg-faults. When called
with a valid buffer, it returns an incorrect count
of the number of characters (0)
>How-To-Repeat:
The following (C++) code makes the break occur on my system - I never
see any output and ddd shows that the program dies inside (or
returning from) mbstowcs :
---
#include <stdlib.h>
#include <iostream.h>
int main(int argc, char ** argv) {
int t = mbstowcs(NULL, "berin", 0);
cout << "Result = " << t << endl;
return 0;
}
---
My understanding of mbstowcs is that it should return the number of
wchat_t elements that will be needed to store the translated string.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: