netbsd-bugs: lib/34632: isalpha() and possibly other ctype functions segfault

Subject: lib/34632: isalpha() and possibly other ctype functions segfault
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <tony2001@php.net>
List: netbsd-bugs
Date: 09/26/2006 20:15:00

>Number:         34632
>Category:       lib
>Synopsis:       isalpha() and possibly other ctype functions segfault
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 26 20:15:00 +0000 2006
>Originator:     Antony Dovgal
>Release:        Netbsd 3.0.1 AMD64
>Organization:
>Environment:
>Description:
(gdb) p word[w_idx]
$1 = -61 'Ă'
(gdb) p toupper(word[w_idx])
$2 = 28518
(gdb) p isalpha(toupper(word[w_idx]))

Program received signal SIGSEGV, Segmentation fault.
0x0000000200e4eced in isalpha () from /usr/lib/libc.so.12

See some more details here: http://bugs.php.net/bug.php?id=38961

Even though the documentation says "the result is undefined when the argument is not EOF or unsigned char", the segfault is definitely not what I would expect to get in this case.
>How-To-Repeat:
I guess it should be easy to reproduce with this code:
#include <ctype.h>

int main() {
  isalpha(28518);
  return 0;
}

>Fix: