## Description
This PR replaces `wcslen` with `wcsnlen` in the Windows runner template
and all example/dev/integration test files to address CWE-126 (Buffer
Over-read) flagged by static analysis tools (Semgrep/GitLab SAST).
## Changes
The `Utf8FromUtf16` function now uses `wcsnlen` with the
`UNICODE_STRING_MAX_CHARS` constant (32767) as the maximum length,
providing defensive programming against potential buffer over-reads.
**Key improvements:**
1. Calculate `input_length` **first** using `wcsnlen(utf16_string,
UNICODE_STRING_MAX_CHARS)`
2. Use that bounded length for **both** `WideCharToMultiByte` calls
(eliminates the `-1` unbounded read)
3. Remove the `-1` adjustment since explicit length excludes null
terminator
4. Use `static_cast` instead of C-style casts per Google C++ Style Guide
## Test Coverage
Added comprehensive edge case tests for `Utf8FromUtf16` in
`windows_startup_test`:
- **nullptr input**: Verifies function returns empty string
- **Empty string input**: Verifies function returns empty string
- **Invalid UTF-16 (unpaired surrogate)**: Verifies function handles
malformed input gracefully
These tests address reviewer feedback from @loic-sharma requesting
coverage for corner cases.
## Files Updated
**Template (source of truth):**
- `packages/flutter_tools/templates/app/windows.tmpl/runner/utils.cpp`
**Integration tests (4 files):**
- `dev/integration_tests/flutter_gallery/windows/runner/utils.cpp`
- `dev/integration_tests/ui/windows/runner/utils.cpp`
- `dev/integration_tests/windowing_test/windows/runner/utils.cpp`
- `dev/integration_tests/windows_startup_test/windows/runner/utils.cpp`
**Examples and dev apps (10 files):**
- `examples/hello_world/windows/runner/utils.cpp`
- `examples/layers/windows/runner/utils.cpp`
- `examples/platform_view/windows/runner/utils.cpp`
- `examples/flutter_view/windows/runner/utils.cpp`
- `examples/platform_channel/windows/runner/utils.cpp`
- `examples/api/windows/runner/utils.cpp`
- `examples/multiple_windows/windows/runner/utils.cpp`
- `dev/manual_tests/windows/runner/utils.cpp`
- `dev/benchmarks/complex_layout/windows/runner/utils.cpp`
- `dev/a11y_assessments/windows/runner/utils.cpp`
**Test files (4 files):**
-
`dev/integration_tests/windows_startup_test/windows/runner/flutter_window.cpp`
- `dev/integration_tests/windows_startup_test/lib/main.dart`
- `dev/integration_tests/windows_startup_test/lib/windows.dart`
-
`dev/integration_tests/windows_startup_test/test_driver/main_test.dart`
## Rationale
While the Windows API guarantees null-termination for strings returned
by `CommandLineToArgvW`, using `wcsnlen` with an explicit bound is a
defensive programming best practice that:
- Satisfies static analysis tools
- Provides an extra safety layer
- Follows the principle of defense in depth
The limit of 32767 (`UNICODE_STRING_MAX_CHARS`) is the maximum length of
a `UNICODE_STRING` structure and is far beyond any realistic
command-line argument length.
## Related Issues
Fixes https://github.com/flutter/flutter/issues/180418
## Pre-launch Checklist
- [x] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [x] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [x] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [x] I signed the [CLA].
- [x] I listed at least one issue that this PR fixes in the description
above.
- [x] I updated/added relevant documentation (doc comments with `///`).
- [x] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [x] I followed the [breaking change policy] and labeled this PR with
`severe: API break` if it contains a breaking change.
- [x] All existing and new tests are passing.
[Contributor Guide]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#overview
[Tree Hygiene]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md
[test-exempt]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#tests
[Flutter Style Guide]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Style-guide-for-Flutter-repo.md
[Features we expect every widget to implement]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement
[CLA]: https://cla.developers.google.com/
[breaking change policy]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#breaking-changes
Previously, we were comparing the signed int `target_length` (returned by WideCharToMultiByte) to a size_t string length, resulting in a signed/unsigned comparison warning as follows:
```
windows\runner\utils.cpp(54,43): warning C4018: '>': signed/unsigned mismatch
```
WideCharToMultiByte returns:
* 0 on error
* the number of bytes written to the buffer pointed to by its fifth parameter, lpMultiByteStr, on success.
As a result it's safe to store the return value in an unsigned int, which eliminates the warning.
No changes to tests since this is dependent on end-user project settings/modifications and does not trigger a warning with default project settings.
Fixes: https://github.com/flutter/flutter/issues/134227
Some files are supposed to ignore, but don't.
- **/windows/flutter/generated_plugins.cmake
- **/linux/flutter/generated_plugin_registrant.cc
- **/linux/flutter/generated_plugin_registrant.h
- **/linux/flutter/generated_plugins.cmake
- **/windows/flutter/generated_plugin_registrant.cc
- **/windows/flutter/generated_plugin_registrant.h
- **/ios/Runner/GeneratedPluginRegistrant.h
- **/ios/Runner/GeneratedPluginRegistrant.m
*List which issues are fixed by this PR. You must list at least one issue.*
*If you had to change anything in the [flutter/tests] repo, include a link to the migration guide as per the [breaking change policy].*
Previously developers had to edit their `Runner.rc` file to update their executable's version information. Now, version information will automatically be set from `flutter build`'s arguments or the `pubspec.yaml` file for new projects.
Addresses https://github.com/flutter/flutter/issues/73652
This patch adds an additional check to ensure the target length of a string is within the supported maximum string length prior to calling WideCharToMultiByte/MultiByteToWideChar in the Windows runner template.
This is to prevent resize() from failing if called with a count > std::string::max_size().
According to Win32 API docs (WideCharToMultiByte, MultiByteToWideChar) it's the caller responsibility to make sure the buffers are correctly allocated.
Authored by: Tomasz Gucio <tgucio@gmail.com>
This adds a smoke test for every single API example. It also fixes 17 tests that had bugs in them, or were otherwise broken, and even fixes one actual bug in the framework, and one limitation in the framework.
The bug in the framework is that NetworkImage's _loadAsync method had await response.drain<List<int>>();, but if the response is null, it will throw a cryptic exception saying that Null can't be assigned to List<int>. The fix was just to use await response.drain<void>(); instead.
The limitation is that RelativePositionedTransition takes an Animation<Rect> rect parameter, and if you want to use a RectTween with it, the value emitted there is Rect?, and one of the examples was just casting from Animation<Rect> to Animation<Rect?>, which is invalid, so I modified RelativePositionedTransition to take a Rect? and just use Rect.zero if the rect is null.
This extracts the sample code out from the API doc comments, and places them in separate files on disk, allowing running of the examples locally, testing them, and building of slightly larger examples.
