When the target pointer 'pwcs' passed to mbsrtowcs() is NULL, mbsrtowcs()
is supposed to ignore the 'n' parameter and return the number of wide
characters needed to represent the given multi-byte character sequence.
However, in the special case where 'pwcs' is NULL and 'n' is zero, our
mbsrtowcs() implementation for single-byte locales mistakenly returned zero.
Before the UTF-8 locale was added, this bug was invisible to callers of
mbstowcs() because mbstowcs() handled this special case itself.
But our new mbstowcs() implementation simply forwards to the locale-specific
mbsrtowcs() implementation and expects it to do the right thing.
The "awesome" window manager's "Run:" command prompt uses mbstowcs() to
measure how many (possibly multi-byte) characters a user has typed, and
due to this bug would always be tricked into thinking the user had entered
zero characters when a single-byte locale was used.
Found after prodding by dcoppa.
ok deraadt sthen espie
projects / openbsd / commit