strcoll(1): Fix named locale case where conversion fails
When strcoll is used with a locale other than C/POSIX, it uses the
mbsrtowcs_l(1) function which can alter the src pointer upon failure.
If that happens in the current implementation of strcoll, a null pointer
is send to strcmp (resulting in wrong answer) and it will change the s
or s2 argument of strcoll(1), which is not behavior expected by the POSIX
standard.
Using a copy of the s and s2 arguments prevents this situation. Note that
Illumos, which which the source came, still has this vulnerability.
Reported by: Romick (YRabbit) on IRC
projects / dragonfly.git / commit