Skip to content

We are relying on undocumented behavior of GetUserProfileDirectoryW #124325

New issue
New issue
Open
Open
We are relying on undocumented behavior of GetUserProfileDirectoryW#124325
Labels
C-bugCategory: This is a bug.O-windowsOperating system: WindowsT-libsRelevant to the library team, which will review and decide on the PR/issue.
@RalfJung

Description

@RalfJung
RalfJung
opened on Apr 24, 2024

This is about this code:

rust/library/std/src/sys/pal/windows/os.rs

Lines 327 to 340 in b58f647

super::fill_utf16_buf(
|buf, mut sz| {
match c::GetUserProfileDirectoryW(
ptr::without_provenance_mut(CURRENT_PROCESS_TOKEN),
buf,
&mut sz,
) {
0 if api::get_last_error().code != c::ERROR_INSUFFICIENT_BUFFER => 0,
0 => sz,
_ => sz - 1, // sz includes the null terminator
}
},
super::os2path,
)

According to the docs, the size pointer is updated as follows:

"If the buffer specified by lpProfileDir is not large enough or lpProfileDir is NULL, the function fails and this parameter receives the necessary buffer size, including the terminating null character."

The docs say nothing about what happens to the size pointer if the buffer is large enough (and not NULL). std however assumes that in that case, the size pointer is updated to the actual length of the data (including the null terminator). Reality seems to agree as otherwise we'd long have seen issues (and FWIW, wine agrees as well). Still, we're technically relying on undocumented behavior here.

Probably the best way forward is for the Windows docs to be updated.

Metadata

Metadata

Assignees

No one assigned

    Labels

    C-bugCategory: This is a bug.O-windowsOperating system: WindowsT-libsRelevant to the library team, which will review and decide on the PR/issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions