select() API usages add ASSERT() to validate fd number is in-range

This encapsulates the expectation the 'fd' is in the permitted range for
the standard sizes 'fd_set'.

This is so there is some form of detection with issues in this area, if
the RLIMIT_NOFILE limit is increased.

sim/SimRsim.c

@@ -650,6 +650,13 @@ SimFillBuffer(buffHead, pLastChar, charCount)
     FD_ZERO(&exceptfds);
 #endif  /* SYSV */
 
+    ASSERT(pipeIn >= 0 && pipeIn < FD_SETSIZE, "pipeIn>=0&&pipeIn<FD_SETSIZE");
+    if (pipeIn < 0 || pipeIn >= FD_SETSIZE)
+    {
+        TxError("WARNING: SimFillBuffer(fd=%d) called with fd out of range 0..%d\n", pipeIn, FD_SETSIZE-1);
+        return -1; /* allowing things to continue is UB */
+    }
+
     nfd = pipeIn + 1;
 
 try_again:

textio/txCommands.c

@@ -489,6 +489,12 @@ TxAdd1InputDevice(
     ClientData cdata)
 {
     fd_set fs;
+    ASSERT(fd >= 0 && fd < FD_SETSIZE, "fd>=0&&fd<FD_SETSIZE");
+    if (fd < 0 || fd >= FD_SETSIZE)
+    {
+	TxError("WARNING: TxAdd1InputDevice(fd=%d) called with fd out of range 0..%d\n", fd, FD_SETSIZE-1);
+	return; /* allowing things to continue is UB */
+    }
     FD_ZERO(&fs);
     FD_SET(fd, &fs);
     TxAddInputDevice(&fs, inputProc, cdata);
@@ -524,8 +530,14 @@ void
 TxDelete1InputDevice(
     int fd)
 {
-    int i, j;
+    ASSERT(fd >= 0 && fd < FD_SETSIZE, "fd>=0&&fd<FD_SETSIZE");
+    if (fd < 0 || fd >= FD_SETSIZE)
+    {
+	TxError("WARNING: TxDelete1InputDevice(fd=%d) called with fd out of range 0..%d\n", fd, FD_SETSIZE-1);
+	return; /* allowing things to continue is UB */
+    }
 
+    int i, j;
     for (i = 0; i <= txLastInputEntry; i++)
     {
 	FD_CLR(fd, &(txInputDevice[i].tx_fdmask));