#968 Invalid UTF-8 sequence in LASTUPDATEUSER set by Android app

Linux (75)

I use pwsafe on Android. Recently, I decided to backup my password file and wanted to open it with Linux version of pwsafe. It crashed, so I debugged it and found out the reason. It turns out that HDR_LASTUPDATEUSER was set to a value that is an invalid UTF-8 sequence.

What happens when you get an invalid UTF-8 sequence?
1. CUTF8Conv::FromUTF8 is called.
2. It calls pws_os::mbstowcs in order to determine size of the output buffer.
3. pws_os::mbstowcs is a wrapper to mbstowcs.
4. mbstowcs returns -1
5. Wrapper function (Linux) adds 1 to the result and returns 0.
6. According to the comments, it is not expected.
7. Second execution of mbstowcs follows, but it returns -1 again.
8. An assertion fails.

I know, you can build the application with assertions turned off and it will all go smooth. But the thing is... why does Android app set the HDR_LASTUPDATEUSER to an invalid UTF-8 sequence?



  • Rony Shapiro
    Rony Shapiro

    Well, the Android port isn't part of this project, so you might want to contact the developer directly for the invalid encoding.
    We will look into a more graceful recovery on our end.



  • If I can suggest a solution... I noticed that the #ifdef UNICODE part already handles the case when wcLen is 0, so it was only matter of the #else branch to manage such situation gracefully too. If you add a check and remove the ASSERT, you get the following diff:

    sliwers@ubuntu:~/projekty/passwordsafe/tags/V3_25$ svn diff
    Index: src/core/UTF8Conv.cpp
    --- src/core/UTF8Conv.cpp (revision 4154)
    +++ src/core/UTF8Conv.cpp (working copy)
    @@ -162,7 +162,7 @@
    #endif / _WIN32 /
    - ASSERT(wcLen != 0);
    #ifdef UNICODE
    if (wcLen != 0) {
    m_wc[wcLen - 1] = TCHAR('\0');
    @@ -171,6 +171,10 @@
    } else
    return false;
    #else / Go from Unicode to Locale encoding /
    + if (wcLen == 0) {
    + data = _T("");
    + return false;
    + }
    // first get needed utf8 buffer size
    size_t mbLen = pws_os::wcstombs(NULL, 0, m_wc, size_t(-1), false);
    if (mbLen == 0) { // uh-oh

    But if you choose not to touch it, I will understand. I have already submitted a bug report against the Android app.


  • Saurav Ghosh
    Saurav Ghosh

    The assertions were turned on in the released builds by mistake. It was fixed with 3357926, so now this shouldn't be an issue.