From 7200afaadb8a0afcf09906023eb68480a1edec3c Mon Sep 17 00:00:00 2001 From: Chris Denton Date: Fri, 25 Mar 2022 04:28:24 +0000 Subject: [PATCH] Check for `"` and `\` in a filename And also fix typo. --- library/std/src/sys/windows/args.rs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/std/src/sys/windows/args.rs b/library/std/src/sys/windows/args.rs index 1d3d3013e7e1..c5918103fec2 100644 --- a/library/std/src/sys/windows/args.rs +++ b/library/std/src/sys/windows/args.rs @@ -307,12 +307,20 @@ pub(crate) fn make_bat_command_line( ) -> io::Result> { // Set the start of the command line to `cmd.exe /c "` // It is necessary to surround the command in an extra pair of quotes, - // hence The trailing quote here. It will be closed after all arguments + // hence the trailing quote here. It will be closed after all arguments // have been added. let mut cmd: Vec = "cmd.exe /c \"".encode_utf16().collect(); // Push the script name surrounded by its quote pair. cmd.push(b'"' as u16); + // Windows file names cannot contain a `"` character or end with `\\`. + // If the script name does then return an error. + if script.contains(&(b'"' as u16)) || script.last() == Some(&(b'\\' as u16)) { + return Err(io::const_io_error!( + io::ErrorKind::InvalidInput, + "Windows file names may not contain `\"` or end with `\\`" + )); + } cmd.extend_from_slice(script.strip_suffix(&[0]).unwrap_or(script)); cmd.push(b'"' as u16);