The old code sized the buffer according to the UTF-16 size of the input, but in fact wrote UTF-8 output, which can be up to twice as large as UTF-16, overflowing the buffer size. Not a buffer overflow, because qs_n_printf(), but truncation would create an invalid XBM file here. Fix by converting to UTF-8 first (and only once), and taking the buffer size from there. Introduced by 2883a6de408c991ecf6184d7216c7d3de6fa4f4f, which replaced toAscii() (whose result has the same size as the input) with toUtf8() (which can be larger). Pick-to: 6.8 6.7 6.5 Change-Id: I4acc0816a94060520695c3e6895ed982812fdee2 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>