Bug
library/std/src/sys/paths/windows.rs join_paths encodes segments with encode_wide() and rejects " and ;, but not interior U+0000. Joined results are commonly used as PATH-style environment blocks / C-style wide strings, where an embedded NUL truncates the value.
Origin
Join logic predates systematic to_u16s / ensure_no_nuls usage elsewhere in the Windows PAL.
Impact
Untrusted path segments (from configs, archives, or user input) can inject a NUL and silently shorten the effective PATH/env block, changing search order or cutting off later entries.
Fix
Reject segments containing 0 wide code units (same JoinPathsError as illegal ").
Bug
library/std/src/sys/paths/windows.rsjoin_pathsencodes segments withencode_wide()and rejects"and;, but not interiorU+0000. Joined results are commonly used asPATH-style environment blocks / C-style wide strings, where an embedded NUL truncates the value.Origin
Join logic predates systematic
to_u16s/ensure_no_nulsusage elsewhere in the Windows PAL.Impact
Untrusted path segments (from configs, archives, or user input) can inject a NUL and silently shorten the effective PATH/env block, changing search order or cutting off later entries.
Fix
Reject segments containing
0wide code units (sameJoinPathsErroras illegal").