Fix setmaxstdio crash on Windows with values exceeding c_int::MAX

[Copilot]

Calling setmaxstdio(u32::MAX) caused crashes due to integer overflow when casting to c_int. Values exceeding 2,147,483,647 wrapped to negative numbers, triggering undefined behavior in Windows CRT's _setmaxstdio.

Changes

• Input validation: Reject values > c_int::MAX with InvalidInput error before calling underlying C function
• Documentation: Clarified platform-dependent limits (typically 8,192 max) and error conditions
• Tests: Added coverage for u32::MAX and boundary conditions

Example

// Previously: crashed or undefined behavior
setmaxstdio(u32::MAX)?; 

// Now: returns Err with InvalidInput
assert!(setmaxstdio(u32::MAX).is_err());
assert!(setmaxstdio(c_int::MAX as u32 + 1).is_err());

// Valid calls unchanged
setmaxstdio(2048)?; // OK

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Final review before 1.0</issue_title>
<issue_description>The current APIs are nearly stable.

Remaining questions:

• rlimit will not add cgroups API. cgroups-rs is recommanded now.
• Is it ok to use u64 as the rlim type for all platforms? (Yes)
• The signature of rlimit::prlimit seems sightly strange. Is there a better way?
• setmaxstdio(u32::MAX) can lead to crash. Should it be a feature or a bug?

Related issues:

• RLIM_* constants mismatch with system header files rust-lang/libc#2724</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Final review before 1.0 #27

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Pull request overview

This PR fixes a critical crash bug in setmaxstdio on Windows where passing values exceeding c_int::MAX caused integer overflow and undefined behavior. The fix adds input validation to reject such values with a proper error before the unsafe cast occurs.

Key Changes:

• Added bounds checking to reject values exceeding c_int::MAX with InvalidInput error
• Enhanced documentation to clarify platform limits and error conditions
• Added comprehensive test coverage for overflow scenarios (u32::MAX and c_int::MAX + 1)

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
src/windows.rs	Added input validation before casting to c_int to prevent overflow; updated documentation to explain limits and error conditions
tests/it/windows.rs	Added two new tests to verify that overflow values are properly rejected with InvalidInput error

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.