DEV/flutter_flutter
1
0
Fork 0
mirror of https://github.com/flutter/flutter.git synced 2026-02-20 02:29:02 +08:00
Code Issues Packages Projects Releases Wiki Activity
flutter_flutter/packages/flutter_tools
History
David Bebawy 99e01e108a
fix(windows): use wcsnlen for defensive programming (CWE-126) (#180419) 
## Description

This PR replaces `wcslen` with `wcsnlen` in the Windows runner template
and all example/dev/integration test files to address CWE-126 (Buffer
Over-read) flagged by static analysis tools (Semgrep/GitLab SAST).

## Changes

The `Utf8FromUtf16` function now uses `wcsnlen` with the
`UNICODE_STRING_MAX_CHARS` constant (32767) as the maximum length,
providing defensive programming against potential buffer over-reads.

**Key improvements:**
1. Calculate `input_length` **first** using `wcsnlen(utf16_string,
UNICODE_STRING_MAX_CHARS)`
2. Use that bounded length for **both** `WideCharToMultiByte` calls
(eliminates the `-1` unbounded read)
3. Remove the `-1` adjustment since explicit length excludes null
terminator
4. Use `static_cast` instead of C-style casts per Google C++ Style Guide

## Test Coverage

Added comprehensive edge case tests for `Utf8FromUtf16` in
`windows_startup_test`:
- **nullptr input**: Verifies function returns empty string
- **Empty string input**: Verifies function returns empty string  
- **Invalid UTF-16 (unpaired surrogate)**: Verifies function handles
malformed input gracefully

These tests address reviewer feedback from @loic-sharma requesting
coverage for corner cases.

## Files Updated

**Template (source of truth):**
- `packages/flutter_tools/templates/app/windows.tmpl/runner/utils.cpp`

**Integration tests (4 files):**
- `dev/integration_tests/flutter_gallery/windows/runner/utils.cpp`
- `dev/integration_tests/ui/windows/runner/utils.cpp`
- `dev/integration_tests/windowing_test/windows/runner/utils.cpp`
- `dev/integration_tests/windows_startup_test/windows/runner/utils.cpp`

**Examples and dev apps (10 files):**
- `examples/hello_world/windows/runner/utils.cpp`
- `examples/layers/windows/runner/utils.cpp`
- `examples/platform_view/windows/runner/utils.cpp`
- `examples/flutter_view/windows/runner/utils.cpp`
- `examples/platform_channel/windows/runner/utils.cpp`
- `examples/api/windows/runner/utils.cpp`
- `examples/multiple_windows/windows/runner/utils.cpp`
- `dev/manual_tests/windows/runner/utils.cpp`
- `dev/benchmarks/complex_layout/windows/runner/utils.cpp`
- `dev/a11y_assessments/windows/runner/utils.cpp`

**Test files (4 files):**
-
`dev/integration_tests/windows_startup_test/windows/runner/flutter_window.cpp`
- `dev/integration_tests/windows_startup_test/lib/main.dart`
- `dev/integration_tests/windows_startup_test/lib/windows.dart`
-
`dev/integration_tests/windows_startup_test/test_driver/main_test.dart`

## Rationale

While the Windows API guarantees null-termination for strings returned
by `CommandLineToArgvW`, using `wcsnlen` with an explicit bound is a
defensive programming best practice that:
- Satisfies static analysis tools
- Provides an extra safety layer
- Follows the principle of defense in depth

The limit of 32767 (`UNICODE_STRING_MAX_CHARS`) is the maximum length of
a `UNICODE_STRING` structure and is far beyond any realistic
command-line argument length.

## Related Issues

Fixes https://github.com/flutter/flutter/issues/180418

## Pre-launch Checklist

- [x] I read the [Contributor Guide] and followed the process outlined
there for submitting PRs.
- [x] I read the [Tree Hygiene] wiki page, which explains my
responsibilities.
- [x] I read and followed the [Flutter Style Guide], including [Features
we expect every widget to implement].
- [x] I signed the [CLA].
- [x] I listed at least one issue that this PR fixes in the description
above.
- [x] I updated/added relevant documentation (doc comments with `///`).
- [x] I added new tests to check the change I am making, or this PR is
[test-exempt].
- [x] I followed the [breaking change policy] and labeled this PR with
`severe: API break` if it contains a breaking change.
- [x] All existing and new tests are passing.

[Contributor Guide]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#overview
[Tree Hygiene]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md
[test-exempt]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#tests
[Flutter Style Guide]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Style-guide-for-Flutter-repo.md
[Features we expect every widget to implement]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement
[CLA]: https://cla.developers.google.com/
[breaking change policy]:
https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#breaking-changes
2026-01-16 18:21:15 +00:00
..
bin
Add Flutter as a Swift Package dependency (#178931)
2026-01-13 17:58:58 +00:00
doc
Add structured warning event for slow wireless debugging on iOS 26+ d… (#176673)
2025-10-08 19:06:34 +00:00
gradle
[AGP 9] Added Proguard File Check (#178191)
2025-11-10 20:55:19 +00:00
ide_templates/intellij
lib
[ Tool ] Ensure flutter.version.json is regenerated on upgrade (#180857)
2026-01-14 20:11:00 +00:00
static
templates
fix(windows): use wcsnlen for defensive programming (CWE-126) (#180419)
2026-01-16 18:21:15 +00:00
test
[ Tool ] Ensure flutter.version.json is regenerated on upgrade (#180857)
2026-01-14 20:11:00 +00:00
tool
[ Widget Preview ] Move widget_preview_scaffold tests to dev/integration_tests/widget_preview_scaffold (#180658)
2026-01-08 20:25:09 +00:00
.gitignore
analysis_options.yaml
Reverts "[ Analysis ] Added initial implementation of the flutter_analyzer_plugin (#175679)" (#179766)
2025-12-12 00:13:27 +00:00
dart_test.yaml
pubspec.yaml
Manual roll of pub packages including an update to meta version 1.18.0 (#181078)
2026-01-16 17:12:33 +00:00
README.md

README.md

Flutter Tools

This section of the Flutter repository contains the command line developer tools for building Flutter applications.

Working on Flutter Tools

Be sure to follow the instructions on CONTRIBUTING.md to set up your development environment. Further, familiarize yourself with the style guide, which we follow.

Setting up

First, ensure that the Dart SDK and other necessary artifacts are available by invoking the Flutter Tools wrapper script. In this directory run:

$ flutter --version

Running the Tool

To run Flutter Tools from source, in this directory run:

$ dart bin/flutter_tools.dart

followed by command-line arguments, as usual.

As a convenience for folks developing the flutter tool itself, you can also use the bin/flutter-dev script:

# Assuming flutter/bin is on your PATH
$ flutter-dev

Note: flutter-dev is identical to flutter, except it does not use a cached on-disk snapshot. In other words, it will be significantly slower but you will not need to forget (remember?) to delete the cached snapshot.

Running the analyzer

To run the analyzer on Flutter Tools, in this directory run:

$ flutter analyze

Writing tests

As with other parts of the Flutter repository, all changes in behavior must be tested. Tests live under the test/ subdirectory.

  • Hermetic unit tests of tool internals go under test/general.shard and must run in significantly less than two seconds.

  • Tests of tool commands go under test/commands.shard. Hermetic tests go under its hermetic/ subdirectory. Non-hermetic tests go under its permeable sub-directory. Avoid adding tests here and prefer writing either a unit test or a full integration test.

  • Integration tests (e.g. tests that run the tool in a subprocess) go under test/integration.shard.

  • Slow web-related tests go in the test/web.shard directory.

In general, the tests for the code in a file called file.dart should go in a file called file_test.dart in the subdirectory that matches the behavior of the test.

The dart_test.yaml file configures the timeout for these tests to be 15 minutes. The test.dart script that is used in CI overrides this to two seconds for the test/general.shard directory, to catch behaviour that is unexpectedly slow.

Please avoid setting any other timeouts.

Using local engine builds in integration tests

The integration tests can be configured to use a specific local engine variant by setting the FLUTTER_LOCAL_ENGINE and FLUTTER_LOCAL_ENGINE_HOST environment variables to the name of the local engines (e.g. android_debug_unopt and host_debug_unopt). If the local engine build requires a source path, this can be provided by setting the FLUTTER_LOCAL_ENGINE_SRC_PATH environment variable. This second variable is not necessary if the flutter and engine checkouts are in adjacent directories.

export FLUTTER_LOCAL_ENGINE=android_debug_unopt
export FLUTTER_LOCAL_ENGINE_HOST=host_debug_unopt
flutter test test/integration.shard/some_test_case

Running the tests

To run all of the unit tests:

$ flutter test test/general.shard

The tests in test/integration.shard are slower to run than the tests in test/general.shard. Depending on your development computer, you might want to limit concurrency. Generally it is easier to run these on CI, or to manually verify the behavior you are changing instead of running the test.

The integration tests also require the FLUTTER_ROOT environment variable to be set. The full invocation to run everything might therefore look something like:

$ export FLUTTER_ROOT=~/path/to/flutter-sdk
$ flutter test --concurrency 1

This may take some time (on the order of an hour). The unit tests alone take much less time (on the order of a minute).

You can run the tests in a specific file, e.g.:

$ flutter test test/general.shard/utils_test.dart

Forcing snapshot regeneration

To force the Flutter Tools snapshot to be regenerated, delete the following files:

$ rm ../../bin/cache/flutter_tools.stamp ../../bin/cache/flutter_tools.snapshot