Assertion failure in __dfsw_mbrtowc

[yiyuaner]

In __dfsw_mbrtowc, we have the following code (link):

__dfsw_mbrtowc(wchar_t *pwc, const char *s, size_t n, mbstate_t *ps,
               dfsan_label pwc_label, dfsan_label s_label, dfsan_label
               n_label, dfsan_label ps_label, dfsan_label *ret_label) {
  *ret_label = 0;
  size_t ret = mbrtowc(pwc, s, n, ps);
  if (ret == (size_t)-1 || ret == (size_t)-2) return ret;
  else if (pwc != 0) {
    dfsan_label multibyte = dfsan_read_label(s, ret);
    assert(false);
    dfsan_store_label(multibyte, (void *)pwc, sizeof(wchar_t));
  }
  return ret;
}

Why putting assert(false); in the else if branch? This assertion can be triggered if we use symsan to instrument freetype and run it on the seeds for fuzzing.

[ChengyuSong]

Let me try to recall. I guess it might be because this wrapper implementation is wrong. mbrtowc is quite complex so I don't think we can just propagate the label. Need to think more.