← 返回首页
Comparing master...fix/issue-375-null-key-post-iterator · etr/libhttpserver · GitHub
Skip to content

Navigation Menu

Toggle navigation
Sign in
Appearance settings
Search or jump to...

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Appearance settings
Resetting focus
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also compare across forks or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also compare across forks . Learn more about diff comparisons here.
base repository: etr/libhttpserver
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
Branches Tags
Could not load branches
Nothing to show
{{ refName }}
...
head repository: etr/libhttpserver
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: fix/issue-375-null-key-post-iterator
Choose a head ref
Branches Tags
Could not load branches
Nothing to show
{{ refName }}
Checking mergeability… Don’t worry, you can still create the pull request.
  • 4 commits
  • 4 files changed
  • 2 contributors

Commits on Jun 29, 2026

  1. Fix null key dereference in post_iterator (#375)

    MHD may invoke the post iterator with a null key on a continuation chunk (off > 0): the field name is supplied only on the first call and not repeated. The no-file branch passed the raw key pointer into std::string (via grow_last_arg / set_arg), which throws std::logic_error on null. Because the throw escapes the C post-iterator callback, it propagates as an uncaught exception and aborts the process via std::terminate. Guard key for null before constructing std::string: with no field name there is nothing to store the value under, so accept and silently skip the chunk (MHD_YES keeps the request alive; MHD_NO would abort it). Same class of bug as the null-uri fix in uri_log (#371). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Rkuh4aSmrD8m2f2vYqakb6
    etr and claude committed Jun 29, 2026
    Configuration menu
    Copy the full SHA
    bcc1ead View commit details
    Browse the repository at this point in the history
  2. Add ChangeLog entry for #375 fix

    Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Rkuh4aSmrD8m2f2vYqakb6
    etr and claude committed Jun 29, 2026
    Configuration menu
    Copy the full SHA
    4d48e0d View commit details
    Browse the repository at this point in the history
  3. Add regression unit test for null key in post_iterator (#375)

    White-box unit test that drives webserver::post_iterator directly with a null key on both the continuation (off > 0) and initial chunks. Without the guard the test process terminates (std::logic_error from std::string(nullptr) escaping the callback); with it the chunk is accepted and skipped. Adds happy-path coverage (initial store and large-field continuation append) to pin that the guard does not regress normal form handling. post_iterator and http_request's constructor / setters are private, so the test uses the standard private->public white-box include technique (standard + libmicrohttpd headers are pulled in first so only libhttpserver's own declarations are affected; member order is unchanged, so object layout matches the normally-compiled library). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Rkuh4aSmrD8m2f2vYqakb6
    etr and claude committed Jun 29, 2026
    Configuration menu
    Copy the full SHA
    37d2f93 View commit details
    Browse the repository at this point in the history
  4. Make post_iterator null-key test portable across stdlibs (#375)

    The first version of the test used `#define private public` to reach the private static webserver::post_iterator. That breaks libstdc++'s <sstream> (struct __xfer_bufptrs redeclared with different access) when it is pulled in transitively under the redefined keyword, failing the Linux CI build while passing on macOS/libc++. Replace it with the explicit-instantiation access loophole: access checks do not apply to names used in an explicit template instantiation, so a filler<> whose static member runs at dynamic-init time captures a pointer to post_iterator without redefining any keyword or touching a shipped header. Portable across libstdc++ and libc++. Drop the http_request-backed happy-path cases (still covered by the file_upload integration test's 192 checks) and assert the two null-key paths return MHD_YES without throwing; dhr is left null since a correct guard returns before any dhr access. Verified: clean under -Wall -Wextra -Werror -pedantic and cpplint; the test still terminates without the guard and passes with it. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Rkuh4aSmrD8m2f2vYqakb6
    etr and claude committed Jun 29, 2026
    Configuration menu
    Copy the full SHA
    1f59143 View commit details
    Browse the repository at this point in the history
Loading

Footer

© 2026 GitHub, Inc.