fix: validate filenames for NUL bytes from chunkFileNames/entryFileNames

[IWANABETHATGUY]

When a chunkFileNames/entryFileNames callback uses virtual module IDs (prefixed with \0) directly in the returned filename, rolldown previously crashed with an UNHANDLEABLE_ERROR when trying to write the file. This adds validation in FilenameTemplate::render() to detect NUL bytes in the rendered filename and return a clear BuildDiagnostic error instead.

This matches Rollup's behavior where the same scenario produces a clean error from Node.js. Rollup keeps \0 in moduleIds/facadeModuleId as-is — \0 is an internal convention for virtual modules. Rollup's sanitizeFileName (which replaces \u0000-\u001F with _) is only applied to chunk names used for the [name] pattern, not to callback return values.

This is how rollup behaves on newly added tests.

Rollup doesn't validate or strip \0 from the callback result — it passes it straight through to the filesystem, and Node.js throws the error.

Our fix is actually better than Rollup's behavior: we catch the NUL byte before it reaches the filesystem and provide a helpful error message explaining virtual module IDs and how to fix it, rather than letting it bubble up as a cryptic Node.js TypeError.

closed #8627

[IWANABETHATGUY]

• fix: validate filenames for NUL bytes from chunkFileNames/entryFileNames #8644 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add the label graphite: merge-when-ready to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[netlify]

✅ Deploy Preview for rolldown-rs ready!

Name	Link
🔨 Latest commit	2899596
🔍 Latest deploy log	https://app.netlify.com/projects/rolldown-rs/deploys/69b23346810747000885f979
😎 Deploy Preview	https://deploy-preview-8644--rolldown-rs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[netlify]

✅ Deploy Preview for rolldown-rs ready!

Name	Link
🔨 Latest commit	9710def
🔍 Latest deploy log	https://app.netlify.com/projects/rolldown-rs/deploys/69b2b958efbe4d0008188b48
😎 Deploy Preview	https://deploy-preview-8644--rolldown-rs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[github-actions]

Benchmarks Rust

• target: main(4a9e9b3)
• pr: 03-11-fix_8627(9710def)

group                                                        pr                                     target
-----                                                        --                                     ------
bundle/bundle@multi-duplicated-top-level-symbol              1.06     83.2±4.57ms        ? ?/sec    1.00     78.6±1.45ms        ? ?/sec
bundle/bundle@multi-duplicated-top-level-symbol-sourcemap    1.03     89.4±2.45ms        ? ?/sec    1.00     86.4±1.53ms        ? ?/sec
bundle/bundle@rome_ts                                        1.04    165.9±6.40ms        ? ?/sec    1.00    159.8±3.38ms        ? ?/sec
bundle/bundle@rome_ts-sourcemap                              1.00    176.2±2.55ms        ? ?/sec    1.00    176.7±2.95ms        ? ?/sec
bundle/bundle@threejs                                        1.00     71.9±2.27ms        ? ?/sec    1.01     72.7±1.28ms        ? ?/sec
bundle/bundle@threejs-sourcemap                              1.03     80.9±2.20ms        ? ?/sec    1.00     78.2±1.15ms        ? ?/sec
bundle/bundle@threejs10x                                     1.00    773.3±6.39ms        ? ?/sec    1.00    773.7±6.44ms        ? ?/sec
bundle/bundle@threejs10x-sourcemap                           1.00    882.8±5.05ms        ? ?/sec    1.01    889.1±7.97ms        ? ?/sec
scan/scan@rome_ts                                            1.00     75.8±1.62ms        ? ?/sec    1.00     76.1±2.37ms        ? ?/sec
scan/scan@threejs                                            1.02     27.2±1.56ms        ? ?/sec    1.00     26.7±0.33ms        ? ?/sec
scan/scan@threejs10x                                         1.00    263.9±3.03ms        ? ?/sec    1.00    264.8±2.38ms        ? ?/sec

[Copilot]

Pull request overview

Adds a user-facing diagnostic for filenames that contain NUL (\0) bytes (commonly introduced when virtual module IDs are used directly in chunkFileNames/entryFileNames), preventing a crash during file writes and validating behavior via a new fixture test.

Changes:

• Add a new InvalidOptionType::NulByteInFilename diagnostic event with a targeted error message.
• Validate output filenames for \0 before writing bundle outputs and return a BuildDiagnostic instead of crashing.
• Add a new fixture test that reproduces the virtual-module-ID filename scenario and asserts the error message.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File	Description
packages/rolldown/tests/fixtures/output/file-names/no-virtual-module-ids/main.js	Adds an entry that imports a virtual module to trigger the problematic filename path.
packages/rolldown/tests/fixtures/output/file-names/no-virtual-module-ids/_config.ts	Adds a fixture config and assertion expecting a “null byte” error when chunkFileNames returns a \0-prefixed ID.
crates/rolldown_error/src/build_diagnostic/events/invalid_option.rs	Introduces a new invalid-option variant and message for NUL bytes in filenames.
crates/rolldown/src/bundle/bundle.rs	Adds a runtime validation check to detect \0 in output filenames before writing to disk.

[graphite-app]

Merge activity

• Mar 12, 1:01 PM UTC: IWANABETHATGUY added this pull request to the Graphite merge queue.
• Mar 12, 1:06 PM UTC: Merged by the Graphite merge queue.