Skip to content

std: reject interior NULs in Windows Command program name (argv0)#598

Open
SebTardif wants to merge 1 commit into
mainfrom
fix-r75-windows-cmd-argv0-nul
Open

std: reject interior NULs in Windows Command program name (argv0)#598
SebTardif wants to merge 1 commit into
mainfrom
fix-r75-windows-cmd-argv0-nul

Conversation

@SebTardif

@SebTardif SebTardif commented Jun 24, 2026

Copy link
Copy Markdown
Owner

Fixes #595

Summary

Call ensure_no_nuls(argv0)? in make_command_line before encoding the program name into the wide CreateProcessW command line. Arguments already go through append_arg (NUL-checked); env and cwd helpers in the same module use ensure_no_nuls. This closes the argv0 gap.

Origin

External-input audit (Windows process spawn / WinAPI string truncation), SebTardif/rust.

Test plan

  • Existing make_command_line unit tests unchanged for normal paths.
  • Manual / follow-up: spawn with program OsString containing interior 0 should return InvalidInput (cannot run on this host; Windows-only).

@SebTardif
std: reject interior NULs in Windows Command program name (argv0)
ca1340e 
make_command_line copied argv0 via encode_wide without ensure_no_nuls.
An embedded wide NUL would truncate the CreateProcessW command line while
args already go through append_arg which checks for NULs. Align argv0 with
make_envp / make_dirp.

Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Windows make_command_line copies argv0 without rejecting interior NUL

1 participant

@SebTardif