PAL: Skip directories when looking for executables for CreateProcess

[hoyosjs]

This pull request improves the behavior of CreateProcessW on Unix-like systems to more closely match Windows by ensuring directories in the PATH are skipped when searching for executables. It also adds new tests to validate this behavior.

[Copilot]

Pull request overview

This PR updates Unix PAL CreateProcessW PATH resolution to skip directories when searching for an executable (aligning more closely with Windows behavior) and adds a new palsuite test to validate the behavior.

Changes:

• Add a getPath helper check to ignore PATH candidates that are directories.
• Add new CreateProcessW/test3 (parent + child) to validate directory-skipping behavior in PATH resolution.
• Register the new test in palsuite build/test lists.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
src/coreclr/pal/src/thread/process.cpp	Adds a helper used by getPath to skip directory matches during PATH/app-dir/current-dir probing.
src/coreclr/pal/tests/palsuite/threading/CreateProcessW/test3/test3.cpp	New parent test covering negative/positive PATH scenarios involving a directory named like the executable.
src/coreclr/pal/tests/palsuite/threading/CreateProcessW/test3/test3_child.cpp	New child entrypoint used by the parent test when launched via PATH resolution.
src/coreclr/pal/tests/palsuite/paltestlist.txt	Registers the new CreateProcessW/test3 parent test for execution.
src/coreclr/pal/tests/palsuite/CMakeLists.txt	Includes the new test sources in the paltests build.

[Copilot]

GetEnvironmentVariableA("PATH", ...) can return 0 with ERROR_ENVVAR_NOT_FOUND, but savedPath is never initialized in that case and later gets used to restore PATH. That can leave PATH set to garbage or an empty string instead of restoring the original state. Track whether PATH existed and restore with SetEnvironmentVariableA("PATH", NULL) when it didn’t, and/or initialize savedPath[0] = '\0' before calling GetEnvironmentVariableA.

[Copilot]

The symlink target uses argv[0] directly. If argv[0] is a relative path (common in test harnesses), the symlink created in tmpDir2 will point to a non-existent location when resolved from that directory, causing the positive test to fail. Resolve argv[0] to an absolute path (e.g., via realpath) before calling symlink (or create the symlink using an absolute target path).

[Copilot]

The return value of MultiByteToWideChar isn’t checked here. If conversion fails (or the buffer is too small), cmdLineW may be left uninitialized and CreateProcessW behavior becomes undefined. Capture the return value and Fail() on 0 (as done in the existing CreateProcessW test1/test2).

Suggested change

	MultiByteToWideChar(CP_ACP, 0, cmdLineA, -1, cmdLineW, (int)(sizeof(cmdLineW) / sizeof(WCHAR)));
	if (MultiByteToWideChar(CP_ACP, 0, cmdLineA, -1, cmdLineW, (int)(sizeof(cmdLineW) / sizeof(WCHAR))) == 0)
	{
	CleanupTestDirs(tmpDir1, blockerDir, tmpDir2, symlinkPath);
	Fail("MultiByteToWideChar failed with error %u\n", GetLastError());
	}

[Copilot]

The test hardcodes temp directories under /tmp. Other CreateProcessW palsuite tests use GetTempPath* to respect platform/temp directory configuration. Consider building the temp dir paths under GetTempPathA (and using a unique suffix like mkdtemp-style) to avoid failures on systems where /tmp is unavailable or not writable.

[github-actions]

🤖 Copilot Code Review — PR #126888

Note

This review was generated by Copilot and should be treated as AI-generated analysis.

Holistic Assessment

Motivation: The PR mirrors a fix from dotnet/diagnostics#5803 for a real bug: when a directory has the same name as the target executable in $PATH, getPath() incorrectly treated the directory as a match (because access(F_OK) succeeds for directories). This caused CreateProcessW to stop the PATH search and return ERROR_ACCESS_DENIED instead of continuing to find the real executable. The motivation is well justified and the bug is clearly real.

Approach: The fix is well-targeted — a small fileExistsAndIsNotDirectory helper replaces three access() calls in getPath() to filter out directories early. This is the right layer to fix: getPath() is responsible for finding candidates, and directories are never valid candidates. The existing checkFileType() already had directory detection but was called too late (after getPath() returned), so the PATH search had already stopped. The test coverage is solid with both negative and positive scenarios.

Summary: ✅ LGTM. The core fix in process.cpp is correct, minimal, and properly addresses the root cause. The test is well-structured and follows sibling test patterns (test2). Two minor observations below are non-blocking.

---

Detailed Findings

✅ Correctness — fileExistsAndIsNotDirectory helper

The new helper correctly uses stat() to both check existence and verify the candidate is not a directory. All three access() call sites in getPath() are consistently updated. The existing checkFileType() (called downstream after getPath() returns) provides defense-in-depth — if a directory somehow slipped through, it would still be caught. Verified the remaining access() call at line 3650 in checkFileType() is independent and correct (it serves a different purpose: checking the final resolved path).

✅ Test coverage — Negative and positive scenarios

The test properly covers both failure cases:

• Negative: Only a blocker directory exists in PATH → ERROR_FILE_NOT_FOUND (not ERROR_ACCESS_DENIED)
• Positive: Blocker directory precedes real executable → CreateProcessW skips directory, finds real executable

The WaitForSingleObject return value check (commit 2) correctly matches the pattern established in test2/parentprocess.cpp (line 162-167). Cleanup is thorough with CleanupTestDirs called on all error paths.

💡 Minor inconsistency — Negative test WaitForSingleObject (line 132)

The WaitForSingleObject call on line 132 (the negative test's unexpected-success cleanup path) still doesn't check its return value, unlike the fix applied at line 180 for the positive test. This is in an error path that immediately calls Fail(), so it's not a real bug — the process will terminate regardless. But for consistency with the pattern established by commit 2, the same return-value check could be applied here.

✅ Build integration

CMakeLists.txt and paltestlist.txt are both correctly updated. Test entry names follow established conventions (paltest_createprocessw_test3).

Generated by Code Review for issue #126888 · ◷