From fa0c945d915521fa0546535bfd7dfd9613bc65cc Mon Sep 17 00:00:00 2001
From: Claude Bot <claude-bot@bun.sh>
Date: Tue, 20 Jan 2026 02:20:00 +0000
Subject: [PATCH] fix: correct pool node type and add validation for path
 buffer pool

Two fixes:
1. In http/zlib.zig: Fix the type annotation for the pool node from
   `BufferPool.Node` (value type) to `*BufferPool.Node` (pointer type).
   The @fieldParentPtr builtin returns a pointer, not a value.

2. In path_buffer_pool.zig: Add debug assertions to validate the allocator
   pointer after computing the node from @fieldParentPtr. This helps catch
   cases where an invalid buffer pointer is passed to put(), which would
   cause @fieldParentPtr to compute garbage and lead to crashes like
   "index out of bounds" when the garbage pointer is dereferenced.

This addresses a Windows-specific crash with error "index out of bounds:
index 49151, len 49151" occurring in path_buffer_pool.put().

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 src/http/zlib.zig              | 2 +-
 src/paths/path_buffer_pool.zig | 8 +++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/http/zlib.zig b/src/http/zlib.zig
index 473bf236fe..b038db3e17 100644
--- a/src/http/zlib.zig
+++ b/src/http/zlib.zig
@@ -9,7 +9,7 @@ pub fn get(allocator: std.mem.Allocator) *MutableString {
 
 pub fn put(mutable: *MutableString) void {
     mutable.reset();
-    var node: BufferPool.Node = @fieldParentPtr("data", mutable);
+    const node: *BufferPool.Node = @fieldParentPtr("data", mutable);
     node.release();
 }
 
diff --git a/src/paths/path_buffer_pool.zig b/src/paths/path_buffer_pool.zig
index 4c950f8095..dd1cd77b65 100644
--- a/src/paths/path_buffer_pool.zig
+++ b/src/paths/path_buffer_pool.zig
@@ -13,7 +13,13 @@ fn PathBufferPoolT(comptime T: type) type {
 
         pub fn put(buffer: *const T) void {
             // there's no deinit function on T so @constCast is fine
-            var node: *Pool.Node = @alignCast(@fieldParentPtr("data", @constCast(buffer)));
+            const node: *Pool.Node = @alignCast(@fieldParentPtr("data", @constCast(buffer)));
+            // Validate the allocator pointer to catch use-after-free or invalid buffer pointers.
+            // A valid allocator should have non-null ptr and vtable fields.
+            if (comptime Environment.isDebug) {
+                bun.debugAssert(@intFromPtr(node.allocator.ptr) != 0);
+                bun.debugAssert(@intFromPtr(node.allocator.vtable) != 0);
+            }
             node.release();
         }