I use pwsafe on Android. Recently, I decided to backup my password file and wanted to open it with Linux version of pwsafe. It crashed, so I debugged it and found out the reason. It turns out that HDR_LASTUPDATEUSER was set to a value that is an invalid UTF-8 sequence.
What happens when you get an invalid UTF-8 sequence?
1. CUTF8Conv::FromUTF8 is called.
2. It calls pws_os::mbstowcs in order to determine size of the output buffer.
3. pws_os::mbstowcs is a wrapper to mbstowcs.
4. mbstowcs returns -1
5. Wrapper function (Linux) adds 1 to the result and returns 0.
6. According to the comments, it is not expected.
7. Second execution of mbstowcs follows, but it returns -1 again.
8. An assertion fails.
I know, you can build the application with assertions turned off and it will all go smooth. But the thing is... why does Android app set the HDR_LASTUPDATEUSER to an invalid UTF-8 sequence?