From e8c50abe1bbaca7e7f4d690f9fd0219f47dbd1f8 Mon Sep 17 00:00:00 2001
From: woikos <woikos@users.noreply.github.com>
Date: Thu, 29 Jan 2026 10:35:43 +0100
Subject: [PATCH] Fix nil pointer panic in access tracker goroutine

Add recover() and capacity check to prevent crash when event ID slice
has corrupted header (nil data pointer with non-zero length).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 app/handle-req.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/handle-req.go b/app/handle-req.go
index bfbc9a5..6ecde13 100644
--- a/app/handle-req.go
+++ b/app/handle-req.go
@@ -733,9 +733,15 @@ func (l *Listener) HandleReq(msg []byte) (err error) {
 	// Record access for returned events (for GC access-based ranking)
 	if l.accessTracker != nil && len(events) > 0 {
 		go func(evts event.S, connID string) {
+			defer func() {
+				if r := recover(); r != nil {
+					log.W.F("access tracker panic (recovered): %v", r)
+				}
+			}()
 			for _, ev := range evts {
 				// Validate event ID before calling GetSerialById
-				if len(ev.ID) != 32 {
+				// Check both length and capacity to catch corrupted slice headers
+				if len(ev.ID) != 32 || cap(ev.ID) < 32 {
 					continue
 				}
 				if ser, err := l.DB.GetSerialById(ev.ID); err == nil && ser != nil {