In some MB encodings, there are MB upper/lower characters, and MB chars can be standardised using strupper_m and strlower_m. These two functions assume no change in size of string before and after the conversion, and the buffer size is fixed to the lenght of the string before the conversion. However, for some encodings like EUCJP-MS, this is not the case. For some MB chars, the size of the string grow after the strlower_m. If such a special character appears in a string, then the converted string would exceed the buffer allocated. It would be terminated before the end, hence some strings may not be converted properly.
This is non-trivial to fix in Samba 3.0. The buffer size is not passed down to strupper_m or strlower_m so it's hard to allow arbitrary string extension in these functions. How do you know where to allow the zero termination ? The only safe way to do this is to force an upper bound on strlower_m and strupper_m of something like a pstring length and ensure all callers have this amount of space available. Jeremy.
won't fix this in Samba 3.