standalone fortify-source implementation
git clone git://
Log | Files | Refs | README | LICENSE

commit 9730e9d297068f7555621891072360c58095efc8
parent 2bc423c355a992fea2f95724235898218575c95e
Author: sin <>
Date:   Tue Aug 22 11:31:49 +0100

Don't trap if an encoding error occurs in wcrtomb()

The POSIX definition of wcrtomb

"When wc is not a valid wide character, an encoding error shall occur.
In this case, the function shall store the value of the macro [EILSEQ]
in errno and shall return (size_t)-1; the conversion state shall be

The fortify-headers implementation of wcrtomb interprets the result -1
as 18446744073709551615 bytes. Since this is the highest 64-bit number
possible, it is pretty safe to say this will always be larger than any
buffer provided to wcrtomb. Therefore, it traps.

Fixes bug

Patch by A. Wilcox <>

include/wchar.h | 4+++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/wchar.h b/include/wchar.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2015-2016 Dimitris Papastamos <> + * Copyright (C) 2015-2017 Dimitris Papastamos <> * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted. @@ -109,6 +109,8 @@ _FORTIFY_FN(wcrtomb) size_t wcrtomb(char *__s, wchar_t __w, mbstate_t *__st) if (__s) { __r = __orig_wcrtomb(__buf, __w, __st); + if (__r == (size_t)-1) + return __r; if (__r > __b) __builtin_trap(); memcpy(__s, __buf, __r);