From 6f97c060b37ae506e83807567959f3b9915fc6ff Mon Sep 17 00:00:00 2001
From: deepend <deepend@tilde.club>
Date: Mon, 16 Feb 2026 01:09:16 -0700
Subject: [PATCH] Added defensive input validation in waitline() to return -1
 when bufsize <= 0, preventing invalid buffer handling paths. Added a
 Windows-specific guard in waitline() that checks _get_osfhandle(sok) before
 calling read() in non-socket mode; if the CRT file descriptor is invalid, it
 now fails gracefully with -1 instead of hitting the debug CRT assertion you
 reported.

---
 src/common/util.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/common/util.c b/src/common/util.c
index 4f1023d9..4ad5dedd 100644
--- a/src/common/util.c
+++ b/src/common/util.c
@@ -185,6 +185,14 @@ waitline (int sok, char *buf, int bufsize, int use_recv)
 {
 	int i = 0;
 
+	if (bufsize <= 0)
+		return -1;
+
+#ifdef WIN32
+	if (!use_recv && _get_osfhandle (sok) == -1)
+		return -1;
+#endif
+
 	while (1)
 	{
 		if (use_recv)