From 0ee9383fae30c5d1be6d92e910f7cbe1896cc8b2 Mon Sep 17 00:00:00 2001
From: Aaron Sethman <androsyn@ratbox.org>
Date: Wed, 11 Feb 2026 15:12:35 -0500
Subject: [PATCH] Add additional input validation on rb_linebuf_get and change
 it to return size_t

---
 libratbox/include/rb_linebuf.h |  2 +-
 libratbox/src/linebuf.c        | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/libratbox/include/rb_linebuf.h b/libratbox/include/rb_linebuf.h
index 041543c5..6759a725 100644
--- a/libratbox/include/rb_linebuf.h
+++ b/libratbox/include/rb_linebuf.h
@@ -65,7 +65,7 @@ void rb_linebuf_init(void);
 void rb_linebuf_newbuf(rb_buf_head_t *);
 void rb_linebuf_donebuf(rb_buf_head_t *);
 int rb_linebuf_parse(rb_buf_head_t *, char *, size_t, bool);
-ssize_t rb_linebuf_get(rb_buf_head_t * bufhead, char *buf, size_t buflen, bool partial, bool raw);
+size_t rb_linebuf_get(rb_buf_head_t * bufhead, char *buf, size_t buflen, bool partial, bool raw);
 void rb_linebuf_putmsg(rb_buf_head_t *, const char *, va_list *, const char *, ...);
 void rb_linebuf_put(rb_buf_head_t *, const char *, ...);
 void rb_linebuf_putbuf(rb_buf_head_t * bufhead, const char *buffer);
diff --git a/libratbox/src/linebuf.c b/libratbox/src/linebuf.c
index 4f1d24f0..84ce85a2 100644
--- a/libratbox/src/linebuf.c
+++ b/libratbox/src/linebuf.c
@@ -439,7 +439,7 @@ rb_linebuf_parse(rb_buf_head_t * bufhead, char *data, size_t len, bool raw)
  * get the next buffer from our line. For the time being it will copy
  * data into the given buffer and free the underlying linebuf.
  */
-ssize_t
+size_t
 rb_linebuf_get(rb_buf_head_t * bufhead, char *buf, size_t buflen, bool partial, bool raw)
 {
 	rb_buf_line_t *bufline;
@@ -450,6 +450,10 @@ rb_linebuf_get(rb_buf_head_t * bufhead, char *buf, size_t buflen, bool partial,
 	if(bufhead->list.head == NULL)
 		return 0;	/* Obviously not.. hrm. */
 
+	/* make sure we have a buffer */
+	if(buf == NULL || buflen == 0)
+		return 0;
+
 	bufline = bufhead->list.head->data;
 
 	/* make sure that the buffer was actually *terminated */
@@ -490,13 +494,11 @@ rb_linebuf_get(rb_buf_head_t * bufhead, char *buf, size_t buflen, bool partial,
 	if(raw == false)
 		buf[cpylen] = '\0';
 
-	lrb_assert(cpylen >= 0);
-
 	/* Deallocate the line */
 	rb_linebuf_done_line(bufhead, bufline, bufhead->list.head);
 
 	/* return how much we copied */
- 	return (ssize_t)cpylen;
+	return cpylen;
 }
 
 /*