The function looks correct (although I have never seen that syntax, no idea what it is.) It does exactly what it says it does, under given preconditions.
The problem is with how this function was called, i.e. without checking preconditions, and handling the case where the preconditions aren't met. The default handler apparently was ending the program, which usually is a reasonable thing to do (and often, the only thing to do) but in this case, had some rather explody consequences.
A precondition is a condition, or a check, that must hold (i.e., the check must pass) before a function is called. The function only guarantees its behaviour if the preconditions hold, and if they don't, it might behave in an undocumented way, or crash, or throw an exception.
Similarly, a postcondition is a condition that holds after the function. If they break, it's usually because there's an error in the function implementation.
Generally, when writing a function, it's quite possible that there are sets of input parameters for which the function doesn't make sense, and you don't have enough control over the compiler to prohibit those sets of parameters. An example is a square root function with a signature like this: float sqrt(float value); Now, with these types it's not possible in C to limit value to non-negative values, but that is a precondition of the function. (Note: it cannot return complex values, since the return type is specified as float as well.) When sqrt(-42) is called, the precondition is violated, which is clearly a programming error outside the sqrt() function. The reasonable thing to do here is to abort() or throw an exception so the error can be easily identified and fixed. Or maybe, if this behaviour is documented, return some special value like 0; although such behaviour is likely more trouble than its worth in the long run, since it hides errors, making them much harder to track down.
With safety-conscious code, it's not uncommon to see preconditions and postconditions written down as code, and for the compiler to generate explicit checks for them, so that errors can be found as quickly as possible. But even if no code is generated to check them, all functions can be thought of as having pre- and postconditions. Sometimes they're documented, sometimes they're merely implied.