Print this page
5366 strcoll_l may destroy its arguments, then crash
@@ -53,13 +53,10 @@
wchar_t *t1 = NULL, *t2 = NULL;
wchar_t *w1 = NULL, *w2 = NULL;
size_t sz1, sz2;
const struct lc_collate *lcc = loc->collate;
- mbstate_t mbs1 = { 0 }; /* initial states */
- mbstate_t mbs2 = { 0 };
-
if (lcc->lc_is_posix)
return (strcmp(s1, s2));
sz1 = strlen(s1) + 1;
sz2 = strlen(s2) + 1;
@@ -87,14 +84,14 @@
} else {
if ((w2 = alloca(sz2 * sizeof (wchar_t))) == NULL)
goto error;
}
- if ((mbsrtowcs_l(w1, &s1, sz1, &mbs1, loc)) == (size_t)-1)
+ if ((mbstowcs_l(w1, s1, sz1, loc)) == (size_t)-1)
goto error;
- if ((mbsrtowcs_l(w2, &s2, sz2, &mbs2, loc)) == (size_t)-1)
+ if ((mbstowcs_l(w2, s2, sz2, loc)) == (size_t)-1)
goto error;
ret = wcscoll_l(w1, w2, loc);
if (t1)
free(t1);