BUG: cause segmentfault when stat() passed invalid parameter

[Xishi Qiu]

Here is my test code.
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/stat.h>

int main(int ac, char **av)
{
    int test;
    char *path = "/tmp/stat01";  // I have created stat01 before
    test = stat(path, -1);
    printf("stat=%d\n", test);
    return 0;
}

Then I use strace to trace it.
...
ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B115200 opost isig icanon echo ...}) = 0
ioctl(1, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B115200 opost isig icanon echo ...}) = 0
stat64("/tmp/stat01", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xffffffff} ---  // This is the segmentfault
+++ killed by SIGSEGV +++
sh-4.2#

Here is uclibc code.
int stat(const char *file_name, struct stat *buf)
{
	int result;
# ifdef __NR_stat64
	/* normal stat call has limited values for various stat elements
	 * e.g. uid device major/minor etc.
	 * so we use 64 variant if available
	 * in order to get newer versions of stat elements
	 */
	struct kernel_stat64 kbuf;
	result = INLINE_SYSCALL(stat64, 2, file_name, &kbuf);  // return success
	if (result == 0) {
		__xstat32_conv(&kbuf, buf);  // memset address(-1) cause the segmentfault
	}
# else
	struct kernel_stat kbuf;

	result = INLINE_SYSCALL(stat, 2, file_name, &kbuf);
	if (result == 0) {
		__xstat_conv(&kbuf, buf);
	}
# endif /* __NR_stat64 */
	return result;
}
#endif /* __NR_fstat64 */
libc_hidden_def(stat)

Is this a bug or we should not pass a invalid parameter to stat()?

Thanks,
Xishi Qiu