Skip to content

[camera_windows] Use temp directory fallback when Pictures folder is unavailable #10723

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
tsafundzic wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[camera_windows] Use temp directory fallback when Pictures folder is unavailable #10723

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
af87096
Use temp directory fallback when Pictures folder is unavailable
tsafundzic Jan 6, 2026
cdd1611
Version bump, changelog update
tsafundzic Jan 6, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions packages/camera/camera_windows/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## 0.2.6+5

* Use temp directory fallback when Pictures folder is unavailable

## 0.2.6+4

* Removes usage of the deprecated and ignored `maxVideoDuration` in the example.
Expand Down
2 changes: 1 addition & 1 deletion packages/camera/camera_windows/pubspec.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: camera_windows
description: A Flutter plugin for getting information about and controlling the camera on Windows.
repository: https://github.com/flutter/packages/tree/main/packages/camera/camera_windows
issue_tracker: https://github.com/flutter/flutter/issues?q=is%3Aissue+is%3Aopen+label%3A%22p%3A+camera%22
version: 0.2.6+4
version: 0.2.6+5

environment:
sdk: ^3.8.0
Expand Down
25 changes: 21 additions & 4 deletions packages/camera/camera_windows/windows/camera_plugin.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,17 +86,34 @@ std::string GetCurrentTimeString() {
}

// Builds file path for picture capture.
/// If Pictures folder exist use it, otherwise use temp directory
/// This fallback prevents crashes or unexpected failures on systems where the Pictures folder is unavailable or restricted
std::optional<std::string> GetFilePathForPicture() {
ComHeapPtr<wchar_t> known_folder_path;
HRESULT hr = SHGetKnownFolderPath(FOLDERID_Pictures, KF_FLAG_CREATE, nullptr,
&known_folder_path);
if (FAILED(hr)) {
return std::nullopt;

std::wstring wpath;

if (SUCCEEDED(hr)) {
wpath = std::wstring(known_folder_path);
} else {
// Fallback to temp folder
wchar_t tempPath[MAX_PATH];
DWORD len = GetTempPathW(MAX_PATH, tempPath);
if (len == 0 || len > MAX_PATH) {
Copy link

@gemini-code-assist gemini-code-assist bot Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

high

The condition len > MAX_PATH is incorrect and could lead to a buffer over-read. For WinAPI functions like GetTempPathW, if the returned length is equal to the buffer size (MAX_PATH in this case), the written string is not guaranteed to be null-terminated. Constructing a std::wstring from a non-null-terminated C-style string results in undefined behavior as it will read past the end of the buffer. The check should be len >= MAX_PATH to correctly handle this edge case.

Suggested change
if (len == 0 || len > MAX_PATH) {
if (len == 0 || len >= MAX_PATH) {

return std::nullopt;
}
wpath = std::wstring(tempPath);
}
Comment on lines +98 to 108
Copy link

@gemini-code-assist gemini-code-assist bot Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This change introduces new logic, including a fallback path, but doesn't include corresponding tests. The repository style guide states that 'Code should be tested'. To ensure the correctness and robustness of this new functionality, please add unit tests that cover both the successful retrieval of the Pictures folder and the fallback to the temporary directory. This might require some refactoring to allow for mocking of the Windows API calls.

References
  1. Code should be tested. Changes to plugin packages, which include code written in C, C++, Java, Kotlin, Objective-C, or Swift, should have appropriate tests. (link)


std::string path = Utf8FromUtf16(std::wstring(known_folder_path));
if (!wpath.empty() && wpath.back() != L'\\' && wpath.back() != L'/') {
wpath.push_back(L'\\');
}

std::string path = Utf8FromUtf16(wpath);

return path + "\\" + "PhotoCapture_" + GetCurrentTimeString() + "." +
return path + "PhotoCapture_" + GetCurrentTimeString() + "." +
kPictureCaptureExtension;
}

Expand Down