Null terminate UNICODE_STRINGs

library/std/src/sys/fs/windows/remove_dir_all.rs

@@ -90,7 +90,16 @@ fn open_link_no_reparse(
     static ATTRIBUTES: Atomic<u32> = AtomicU32::new(c::OBJ_DONT_REPARSE);
 
     let result = unsafe {
+        // Workaround for #143078.
+        // While the Windows OS itself handles zero length strings,
+        // some security software that hooks system functions may expect it to
+        // be null terminated. So as a workaround we ensure zero length strings
+        // always point to a zero u16 even though it should never be read.
+        static EMPTY_STR: [u16; 1] = [0];
         let mut path_str = c::UNICODE_STRING::from_ref(path);
+        if path_str.Length == 0 {
+            path_str.Buffer = EMPTY_STR.as_ptr().cast_mut();
+        }
         let mut object = c::OBJECT_ATTRIBUTES {
             ObjectName: &mut path_str,
             RootDirectory: parent.as_raw_handle(),

library/std/src/sys/pal/windows/pipe.rs

@@ -1,7 +1,7 @@
 use crate::io::{self, BorrowedCursor, IoSlice, IoSliceMut};
 use crate::ops::Neg;
 use crate::os::windows::prelude::*;
-use crate::sys::api::utf16;
+use crate::sys::api::wide_str;
 use crate::sys::c;
 use crate::sys::handle::Handle;
 use crate::sys_common::{FromInner, IntoInner};
@@ -73,7 +73,8 @@ pub fn anon_pipe(ours_readable: bool, their_handle_inheritable: bool) -> io::Res
         // Open a handle to the pipe filesystem (`\??\PIPE\`).
         // This will be used when creating a new annon pipe.
         let pipe_fs = {
-            let path = c::UNICODE_STRING::from_ref(utf16!(r"\??\PIPE\"));
+            static PIPE_PATH: [u16; 10] = *wide_str!(r"\??\PIPE\");
+            let path = c::UNICODE_STRING::from_ref(&PIPE_PATH[..PIPE_PATH.len() - 1]);
             object_attributes.ObjectName = &path;
             let mut pipe_fs = ptr::null_mut();
             let status = c::NtOpenFile(