Description of problem: One of the patches backported for bug 2033684 results in a regression for mbsrtowcs where providing a NULL destination should result in the input length being ignored, but it isn't. Version-Release number of selected component (if applicable): glibc-2.28-194.el8 How reproducible: Always Steps to Reproduce: $ cat > test.c #include <wchar.h> int main (void) { const char *hw = "HelloWorld"; mbsrtowcs (NULL, &hw, (size_t)-1, NULL); return 0; } $ gcc -O2 -Wp,-D_FORTIFY_SOURCE=2 test.c -o test && ./test Actual results: In file included from /usr/include/features.h:490, from /usr/include/bits/libc-header-start.h:33, from /usr/include/wchar.h:27, from test.c:1: In function 'mbsrtowcs', inlined from 'main' at test.c:6:9: /usr/include/bits/wchar2.h:428:10: warning: call to '__mbsrtowcs_chk_warn' declared with attribute warning: mbsrtowcs called with dst buffer smaller than len * sizeof (wchar_t) [-Wattribute-warning] 428 | return __glibc_fortify_n (mbsrtowcs, __len, sizeof (wchar_t), | ^~~~~~~~~~~~~~~~~ Expected results: No warnings and no crash. Additional info:
When fixing mbstowcs we had the same issue. I noted this in commit 61af4bbb2ae5a4eefc4c4243135747bbdb0f0684 The mbsrtowcs and mbsnrtowcs behave similarly, and mbsrtowcs is documented as doing this in C11, even if the standard doesn't come out and call out this specific use case. We add one note to each of mbsrtowcs and mbsnrtowcs to call out that they support a null pointer for the destination. ... but I didn't extend the test case to cover these, sorry!
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (glibc bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7684