Fix loader crash when UTF8 space exceeds UTF16 space.

The code that converts the clink_???.exe UTF16 command line to UTF8 took an unsafe shortcut and assumed the UTF8 representations would always take fewer bytes than the UTF16 representations. But that is of course not true, and the code could crash. This has been fixed.
chrisant996 · Feb 26, 2023 · f624f82 · f624f82
1 parent 529a4c7
commit f624f82
Showing 1 changed file with 18 additions and 4 deletions.
diff --git a/clink/app/src/loader/loader.cpp b/clink/app/src/loader/loader.cpp
@@ -235,12 +235,26 @@ int loader(int argc, char** argv)
 int loader_main_impl()
 {
     int argc = 0;
-    LPWSTR* argv = CommandLineToArgvW(GetCommandLineW(), &argc);
+    LPWSTR* argvw = CommandLineToArgvW(GetCommandLineW(), &argc);
+
+    char** argv = static_cast<char**>(calloc(argc + 1, sizeof(char*)));
     for (int i = 0; i < argc; ++i)
-        to_utf8((char*)argv[i], 0xffff, argv[i]);
+    {
+        const int needed = WideCharToMultiByte(CP_UTF8, 0, argvw[i], -1, nullptr, 0, nullptr, nullptr);
+        if (!needed)
+            return 1;
+        argv[i] = static_cast<char*>(malloc(needed));
+        WideCharToMultiByte(CP_UTF8, 0, argvw[i], -1, argv[i], needed, nullptr, nullptr);
+    }
+    assert(argv[argc] == nullptr);
 
-    int ret = loader(argc, (char**)argv);
+    LocalFree(argvw);
+
+    int ret = loader(argc, argv);
+
+    for (int i = 0; i < argc; ++i)
+        free(argv[i]);
+    free(argv);
 
-    LocalFree(argv);
     return ret;
 }