99e01e108a
## Description This PR replaces `wcslen` with `wcsnlen` in the Windows runner template and all example/dev/integration test files to address CWE-126 (Buffer Over-read) flagged by static analysis tools (Semgrep/GitLab SAST). ## Changes The `Utf8FromUtf16` function now uses `wcsnlen` with the `UNICODE_STRING_MAX_CHARS` constant (32767) as the maximum length, providing defensive programming against potential buffer over-reads. **Key improvements:** 1. Calculate `input_length` **first** using `wcsnlen(utf16_string, UNICODE_STRING_MAX_CHARS)` 2. Use that bounded length for **both** `WideCharToMultiByte` calls (eliminates the `-1` unbounded read) 3. Remove the `-1` adjustment since explicit length excludes null terminator 4. Use `static_cast` instead of C-style casts per Google C++ Style Guide ## Test Coverage Added comprehensive edge case tests for `Utf8FromUtf16` in `windows_startup_test`: - **nullptr input**: Verifies function returns empty string - **Empty string input**: Verifies function returns empty string - **Invalid UTF-16 (unpaired surrogate)**: Verifies function handles malformed input gracefully These tests address reviewer feedback from @loic-sharma requesting coverage for corner cases. ## Files Updated **Template (source of truth):** - `packages/flutter_tools/templates/app/windows.tmpl/runner/utils.cpp` **Integration tests (4 files):** - `dev/integration_tests/flutter_gallery/windows/runner/utils.cpp` - `dev/integration_tests/ui/windows/runner/utils.cpp` - `dev/integration_tests/windowing_test/windows/runner/utils.cpp` - `dev/integration_tests/windows_startup_test/windows/runner/utils.cpp` **Examples and dev apps (10 files):** - `examples/hello_world/windows/runner/utils.cpp` - `examples/layers/windows/runner/utils.cpp` - `examples/platform_view/windows/runner/utils.cpp` - `examples/flutter_view/windows/runner/utils.cpp` - `examples/platform_channel/windows/runner/utils.cpp` - `examples/api/windows/runner/utils.cpp` - `examples/multiple_windows/windows/runner/utils.cpp` - `dev/manual_tests/windows/runner/utils.cpp` - `dev/benchmarks/complex_layout/windows/runner/utils.cpp` - `dev/a11y_assessments/windows/runner/utils.cpp` **Test files (4 files):** - `dev/integration_tests/windows_startup_test/windows/runner/flutter_window.cpp` - `dev/integration_tests/windows_startup_test/lib/main.dart` - `dev/integration_tests/windows_startup_test/lib/windows.dart` - `dev/integration_tests/windows_startup_test/test_driver/main_test.dart` ## Rationale While the Windows API guarantees null-termination for strings returned by `CommandLineToArgvW`, using `wcsnlen` with an explicit bound is a defensive programming best practice that: - Satisfies static analysis tools - Provides an extra safety layer - Follows the principle of defense in depth The limit of 32767 (`UNICODE_STRING_MAX_CHARS`) is the maximum length of a `UNICODE_STRING` structure and is far beyond any realistic command-line argument length. ## Related Issues Fixes https://github.com/flutter/flutter/issues/180418 ## Pre-launch Checklist - [x] I read the [Contributor Guide] and followed the process outlined there for submitting PRs. - [x] I read the [Tree Hygiene] wiki page, which explains my responsibilities. - [x] I read and followed the [Flutter Style Guide], including [Features we expect every widget to implement]. - [x] I signed the [CLA]. - [x] I listed at least one issue that this PR fixes in the description above. - [x] I updated/added relevant documentation (doc comments with `///`). - [x] I added new tests to check the change I am making, or this PR is [test-exempt]. - [x] I followed the [breaking change policy] and labeled this PR with `severe: API break` if it contains a breaking change. - [x] All existing and new tests are passing. [Contributor Guide]: https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#overview [Tree Hygiene]: https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md [test-exempt]: https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#tests [Flutter Style Guide]: https://github.com/flutter/flutter/blob/master/docs/contributing/Style-guide-for-Flutter-repo.md [Features we expect every widget to implement]: https://github.com/flutter/flutter/blob/master/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement [CLA]: https://cla.developers.google.com/ [breaking change policy]: https://github.com/flutter/flutter/blob/master/docs/contributing/Tree-hygiene.md#breaking-changes
Flutter Examples
This directory contains several examples of using Flutter. To run an example,
use flutter run inside that example's directory. See the getting started
guide to install the flutter tool.
For additional samples, see the
flutter/samples repo.
Available examples include:
-
Hello, world The hello world app is a minimal Flutter app that shows the text "Hello, world!"
-
Flutter gallery The flutter gallery app no longer lives in this repo. Please see the gallery repo.
-
Layers The layers vignettes show how to use the various layers in the Flutter framework. For details, see the layers README.
-
Platform Channel The platform channel app demonstrates how to connect a Flutter app to platform-specific APIs. For documentation, see https://flutter.dev/to/platform-channels/.
-
Platform Channel Swift The platform channel swift app is the same as platform channel but the iOS version is in Swift and there is no Android version.
Notes
Note on Gradle wrapper files in .gitignore:
Gradle wrapper files should normally be checked into source control. The example projects don't do that to avoid having several copies of the wrapper binary in the Flutter repo. Instead, the Gradle wrapper is injected by Flutter tooling, and the wrapper files are .gitignore'd to avoid making the Flutter repository dirty as a side effect of running the examples.