#1296 windres crashes processing files with UTF-8 encoding.

binutils (105)
Tom Bramer

OS: Windows XP SP2

windres, version 2.18 and up, when processing an rc file that contains at least
one quoted string, will crash with an access violation (on dereference of NULL
pointer) if the code page is explicitly set to 65001 (UTF-8).

Here is an example input that causes the issue:

======================== BEGIN =========================
#define IDS_STRING1 1
#pragma code_page(65001)

IDS_STRING1 "Any string will do..."
========================= END ==========================

The cause:

When calling the MultiByteToWideChar function with a code page of 65000, 65001,
or others (see http://msdn.microsoft.com/en-us/library/dd319072\(VS.85).aspx),
the dwFlags parameter must be 0, unless when using Windows XP and later, in
which it may be 0 or MB_ERR_INVALID_CHARS. If the value given for dwFlags is in
fact set to a value other than the aforementioned valid cases, the function will
set the last error to ERROR_INVALID_FLAGS. The wind_MultiByteToWideChar
function always passes MB_PRECOMPOSED as the dwFlags parameter to
MultiByteToWideChar, causing the function to fail and not convert the UTF-7/8
string to UTF-16. The wind_MultiByteToWideChar function assumes that the
MultiByteToWideChar function is successful, when in reality, the wide character
buffer still contains uninitialized data.

What worked for me:

======================== BEGIN =========================
--- binutils-2.19.1/binutils/winduni.c 2007-07-05 12:54:44 -0400
+++ binutils-2.19.1-new/binutils/winduni.c 2009-05-17 17:52:33 -0400
@@ -661,7 +661,15 @@ wind_MultiByteToWideChar (rc_uint_type c
rc_uint_type ret = 0;

#if defined (_WIN32) || defined (__CYGWIN__)
- ret = (rc_uint_type) MultiByteToWideChar (cp, MB_PRECOMPOSED,
+ rc_uint_type conv_flags = MB_PRECOMPOSED;
+ /* MB_PRECOMPOSED is not allowed for UTF-7 or UTF-8.
+ MultiByteToWideChar will set the last error to ERROR_INVALID_FLAGS
+ if we do anyways. */
+ if (cp == CP_UTF8 || cp == CP_UTF7)
+ conv_flags = 0;
+ ret = (rc_uint_type) MultiByteToWideChar (cp, conv_flags,
mb, -1, u, u_len);
/* Convert to bytes. */
ret *= sizeof (unichar);
======================== END =========================


  • Chris Sutcliffe

    Chris Sutcliffe - 2009-06-08
    • assigned_to: nobody --> ir0nh34d
  • Chris Sutcliffe

    Chris Sutcliffe - 2009-06-08

    I've raised this patch to the attention of the upstream binutils maintainers, since MinGW binutils is compiled from the Vanilla binutils sources. Please see the email chain here for details:


    Quoting Nick Clifton from the email chain mentioned above:

    "Ideally they should open a bug report at http://sourceware.org/bugzilla
    and include the patch as an uploaded file. It will help if this bug report also includes a small test case that we can use to reproduce the problem locally. If your user has run any regression tests, (to make sure that the patch does not introduce any new bugs), then mentioning what tests they ran would also be helpful."

    Thank you for the patch!

  • Chris Sutcliffe

    Chris Sutcliffe - 2009-06-09

    Thank you for posting this to the binutils bug tracker. I'll leave this bug report open until I validate that this patch has made it in to mainline windres.

  • FX

    FX - 2009-07-14

    Patch was commited to binutils mainline on 2009-06-09. I think this issue should be closed.

  • Chris Sutcliffe

    Chris Sutcliffe - 2009-07-15

    Thank you for the heads up about this patch being applied upstream.

  • Chris Sutcliffe

    Chris Sutcliffe - 2009-07-15
    • status: open --> closed-accepted
  • Earnie Boyd

    Earnie Boyd - 2013-01-30
    • status: closed-accepted --> closed
    • resolution: --> fixed
    • category: --> Known_bugs
    • milestone: --> OTHER