In `@crates/stdlib/src/overlapped.rs`:
- Around line 835-841: The WSABUF creation for WSASend currently passes a null
pointer for non-contiguous buffers (same bug as WSARecvInto); update the code
that constructs the WSABUF in the WSASend path to use the contiguous_or_collect
pattern (like in WSARecvInto) instead of directly using
buf.as_contiguous().map(...).unwrap_or(null_mut()); ensure you allocate/collect
into a contiguous temporary when needed and use that temporary's pointer for
buf, keeping len = buf_len as u32; reference WSABUF, WSASend, and the
contiguous_or_collect helper/logic to locate where to apply the change.
- Around line 1390-1396: The WSARecvFromInto call builds a WSABUF from
buf.as_contiguous() which results in a null pointer for non-contiguous buffers;
apply the same contiguous_or_collect pattern used elsewhere: detect
non-contiguous buffers, collect them into a temporary contiguous Vec (or slice)
and use its pointer for WSABUF.buf, otherwise use buf.as_contiguous().as_ptr();
ensure the temporary collection outlives the WSARecvFromInto call (store it in a
local variable scoped for the syscall) and update the WSABUF.len accordingly so
WSARecvFromInto always receives a valid contiguous pointer.
- Around line 1227-1233: The WSABUF construction for WSASendTo currently uses
buf.as_contiguous().map(...).unwrap_or(null_mut()) which yields a null pointer
for non-contiguous buffers; update the WSASendTo call to follow the
contiguous_or_collect pattern used elsewhere: detect if buf.as_contiguous()
returns Some and use that pointer, otherwise collect into a contiguous Vec
(e.g., via contiguous_or_collect helper), keep that Vec alive in scope, and pass
its pointer into the WSABUF.len/buf fields so WSASendTo never receives a null
pointer; reference WSABUF, WSASendTo and the contiguous_or_collect pattern when
making the change.
- Around line 726-732: The WSABUF creation currently passes a null pointer when
buf.as_contiguous() returns None; instead ensure the buffer is made contiguous
(like ReadFileInto/WriteFile do) before building WSABUF: use the
contiguous_or_collect pattern on the incoming buffer (e.g., call
buf.contiguous_or_collect into a temporary Vec<u8> when as_contiguous() is
None), then set WSABUF.buf to the temporary Vec's pointer and WSABUF.len to the
proper length so WSARecv never receives a null data pointer; update the
surrounding function (the WSARecv call site in overlapped.rs where WSABUF is
constructed) to manage the temporary storage's lifetime until the
async/overlapped operation is initiated.

In `@crates/stdlib/src/overlapped.rs`:
- Around line 44-126: The early-return in initialize_winsock_extensions only
checks ACCEPT_EX and can return when others are unset, causing later .unwrap()
panics; change the check to verify all four OnceLock variables (ACCEPT_EX,
CONNECT_EX, DISCONNECT_EX, TRANSMIT_FILE) are set before returning (e.g.,
replace the single ACCEPT_EX.get().is_some() check with a combined check that
all four .get().is_some() are true), so the function only returns early when
every extension pointer is initialized.
- Around line 1364-1447: In WSARecvFromInto validate the user-provided size
against the actual contiguous buffer length before creating WSABUF: inside the
WSARecvFromInto function (where contiguous is obtained and before wsabuf is
constructed), convert contiguous.len() to u32 safely and either reject sizes
greater than the buffer (return a buffer/value error) or clamp the length (e.g.,
use min(size, contiguous_len_u32)); then use that validated length for
WSABUF.len to prevent overruns. Ensure the error path resets inner.data
consistently (same place where other failures set OverlappedData::NotStarted)
and keep references to OverlappedReadFromInto and inner.overlapped unchanged.
- Around line 1566-1651: The RegisterWaitWithQueue path currently leaks
PostCallbackData if UnregisterWait*/UnregisterWaitEx runs before the callback;
fix by tracking callback allocations and synchronizing free: create a global
concurrent registry (e.g., DashMap or Mutex<HashMap>) keyed by the wait HANDLE
(new_wait_object) that stores the Box pointer (data_ptr) wrapped with an atomic
guard (e.g., Arc<AtomicBool> or AtomicUsize) to detect/avoid double-free, insert
the entry before/after successful RegisterWaitForSingleObject in
RegisterWaitWithQueue, and on failure free as before; in post_to_queue_callback,
check and atomically set the guard to claim ownership, remove the entry from the
registry if present, then call Box::from_raw to free only if claimed; in
UnregisterWait and UnregisterWaitEx, look up and remove the registry entry and
atomically claim/free the Box if it wasn't already freed by the callback (and
only call UnregisterWait*/UnregisterWaitEx afterwards or handle return/error
transparently).

In `@crates/stdlib/src/overlapped.rs`:
- Around line 82-84: The early-return only checks ACCEPT_EX so if initialization
fails partway the other three locks remain unset and later .unwrap()s panic;
change the init to be atomic: either check that all four statics are already
Some before returning (ACCEPT_EX, CONNECT_EX, DISCONNECT_EX, SEND_EX) or,
better, perform initialization into local temporaries and only assign them to
the four static cells under a single Once/AtomicBool/OnceCell guard so partial
initialization cannot be observed; ensure you do not early-return after setting
just ACCEPT_EX and that any failure leaves the statics unchanged so subsequent
calls will retry the full init.

In `@crates/stdlib/src/overlapped.rs`:
- Around line 1577-1732: The callback can dereference freed PostCallbackData
(use-after-free) because cleanup_wait_callback_data frees the Box while
post_to_queue_callback may still read fields; switch to reference counting so
the allocation lives while callbacks run: change PostCallbackData instances to
be stored in Arc<PostCallbackData> (remove manual Box::from_raw frees and the
freed AtomicBool), update WAIT_CALLBACK_REGISTRY to hold Arc<PostCallbackData>
(not CallbackDataPtr) and make RegisterWaitWithQueue insert an Arc clone into
the registry and pass a raw Arc pointer or weak reference to the native
callback, and update post_to_queue_callback to obtain an Arc clone (ensuring the
struct stays alive while dereferencing completion_port/overlapped) and drop it
when done; also adjust
cleanup_wait_callback_data/UnregisterWait/UnregisterWaitEx to remove the Arc
from the registry without freeing the underlying data (letting Arc drop when all
callbacks finish).

In `@crates/stdlib/src/overlapped.rs`:
- Around line 610-618: The ReadFileInto call uses buf.contiguous_or_collect
which can create a temporary buffer that will be dropped while an
overlapped/asynchronous ReadFile is in-flight, causing data to be written into
freed memory; update the ReadFileInto path (the code that calls
buf.contiguous_or_collect and invokes ReadFile with inner.overlapped) to
explicitly reject non-contiguous buffers instead of collecting into a temporary
(mirror the approach used in WSARecvInto), returning an appropriate error when
buf.is_contiguous() is false, so the user's buffer remains valid for the
lifetime of the overlapped operation.