Windows template utils.cpp: Use wcsnlen instead of wcslen for defensive programming (CWE-126)

[dbebawy]

Description

The Windows runner template file packages/flutter_tools/templates/app/windows.tmpl/runner/utils.cpp uses wcslen at line 52, which doesn't handle non-null-terminated strings. While the current usage is safe (input comes from Windows APIs that guarantee null-termination), using wcsnlen would be better defensive programming and resolves security scanner warnings (CWE-126: Buffer Over-read).

Current Code (line 52)

int input_length = (int)wcslen(utf16_string);

Proposed Fix

int input_length = (int)wcsnlen(utf16_string, 32767);

Why This Matters

1. Security Scanners: Tools like Semgrep/GitLab SAST flag this as HIGH severity (CWE-126)
2. Defensive Programming: Even though current usage is safe, wcsnlen provides an extra safety bound
3. No Performance Impact: wcsnlen has negligible overhead for typical string lengths
4. Consistency: Aligns with Microsoft's secure CRT recommendations

Related

• Related to Signed/Unsigned mismatch warning in Windows template utils.cpp #134227 (Signed/Unsigned mismatch in same file)
• CWE-126: Buffer Over-read
• Microsoft strnlen documentation

Risk Assessment

LOW - This is a minor defensive improvement. The existing code is functionally correct because:

• Input strings come from CommandLineToArgvW which guarantees null-termination
• The null check on line 45 handles the nullptr case

However, the fix follows security best practices and silences legitimate scanner warnings.

Checklist

• I have read the contributor guide
• I have an issue that this PR addresses
• All tests pass locally