Validate Iceberg metadata file path for null bytes

[alexey-milovidov]

A null byte in the iceberg_metadata_file_path setting causes std::length_error in filesystem path operations. Since std::length_error is a std::logic_error, the exception handler in executeQuery.cpp treats it as a logical error and aborts the server in debug/sanitizer builds.

Reject paths containing null bytes with a proper BAD_ARGUMENTS exception instead.

Closes #96811
https://s3.amazonaws.com/clickhouse-test-reports/json.html?PR=100176&sha=32a8de2243259ca5c69f22e0599aa41189972a69&name_0=PR&name_1=AST%20fuzzer%20%28amd_tsan%29
#100176

Changelog category (leave one):

• Bug Fix (user-visible misbehavior in an official stable release)

Changelog entry (a user-readable short description of the changes that goes into CHANGELOG.md):

Fix exception when Iceberg metadata file path setting contains a null byte.

Documentation entry for user-facing changes

• Documentation is written (mandatory for new features)

[clickhouse-gh]

Workflow [PR], commit [44401dd]

Summary: ✅

---

AI Review

Summary

This PR validates iceberg_metadata_file_path against embedded null bytes before constructing std::filesystem::path, converting a debug-build terminating std::length_error path into a proper user-facing BAD_ARGUMENTS exception. The change is small, targeted, and matches the linked issue scope. I did not find correctness, safety, or rollout problems in the diff.

ClickHouse Rules

Item	Status	Notes
Deletion logging	➖
Serialization versioning	➖
Core-area scrutiny	✅
No test removal	✅
Experimental gate	➖
No magic constants	✅
Backward compatibility	✅
SettingsChangesHistory.cpp	➖
PR metadata quality	✅
Safe rollout	✅
Compilation time	✅

Final Verdict

• Status: ✅ Approve

[clickhouse-gh]

LLVM Coverage Report

Metric	Baseline	Current	Δ
Lines	83.80%	83.80%	+0.00%
Functions	24.60%	24.60%	+0.00%
Branches	76.50%	76.40%	-0.10%

PR changed lines: PR changed-lines coverage: 87.50% (7/8, 0 noise lines excluded)
Diff coverage report
Uncovered code

[alexey-milovidov]

Ok.