Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: etr/libhttpserver
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: master
Choose a base ref
...
head repository: etr/libhttpserver
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: fix/issue-371-uri-log-null-uri
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 5 commits
  • 7 files changed
  • 1 contributor

Commits on Apr 7, 2026

  1. Fix std::terminate when uri_log receives null uri pointer 

    libmicrohttpd may invoke MHD_OPTION_URI_LOG_CALLBACK with a null uri
pointer before the request line is parsed - for example on port scans,
TLS clients hitting a plain HTTP port, or half-open connections. The
previous code assigned the raw pointer directly into a std::string,
which throws std::logic_error("basic_string::_M_construct null not
valid"). Because the throw originates inside an MHD C callback with
no enclosing handler, std::terminate() was called and the process
aborted under load.

Treat a null uri as an empty string so the assignment is well-defined.
An empty URI fails to match any registered resource and surfaces as a
404, which is the correct graceful behaviour.

Resolves #371.
    @etr
    etr committed Apr 7, 2026
    Configuration menu
    Copy the full SHA
    2efd41a View commit details
    Browse the repository at this point in the history

  2. ci(codeql): bump bundled libmicrohttpd to 1.0.3 

    The CodeQL workflow was still pulling libmicrohttpd-0.9.64 from S3,
which is below the project's stated minimum of 1.0.0 and is no longer
served by the bucket - the install step was failing with "gzip:
stdin: not in gzip format" because curl received a 243-byte error
response instead of the tarball. Bump to 1.0.3 from the same S3
location so CodeQL can build the project again.
    @etr
    etr committed Apr 7, 2026
    Configuration menu
    Copy the full SHA
    0c83a22 View commit details
    Browse the repository at this point in the history

  3. ci: bump bundled libmicrohttpd to 1.0.3 in release and verify-build 

    Aligns release.yml and verify-build.yml with codeql-analysis.yml so all
workflows pull the same libmicrohttpd-1.0.3.tar.gz from S3. This also
brings CI in line with the project's documented minimum of >= 1.0.0
(0.9.77 was below that threshold). Cache keys include the new version
so existing 0.9.77 entries are not reused.
    @etr
    etr committed Apr 7, 2026
    Configuration menu
    Copy the full SHA
    ddef5c7 View commit details
    Browse the repository at this point in the history

  4. test: add unit test for uri_log null/empty/valid uri handling 

    Adds test/unit/uri_log_test.cpp to lock in the fix for issue #371. The
test calls uri_log() directly (re-declaring the symbol since it has no
public header) and verifies three cases:

  - null uri does not throw and yields an empty complete_uri
  - valid uri is stored verbatim
  - empty uri is stored verbatim

The first case is the regression check: against the unfixed code,
running the test crashes the process (SIGSEGV from dereferencing the
null pointer inside std::string's assignment operator on libstdc++ 13;
on the older libstdc++ 10 from the bug report it threw std::logic_error
and aborted via std::terminate). With the fix in place, all three sub-
tests pass cleanly.

The new test target needs an explicit -lmicrohttpd in its link line
because it instantiates ~modded_request() directly, which references
MHD_destroy_post_processor; the default LDADD only pulls libmicrohttpd
in transitively via libhttpserver.la, and modern ld enforces
--no-copy-dt-needed-entries.
    @etr
    etr committed Apr 7, 2026
    Configuration menu
    Copy the full SHA
    9fde128 View commit details
    Browse the repository at this point in the history

  5. test(uri_log): satisfy cpplint build/include_subdir for httpserver.hpp 

    cpplint flags bare "httpserver.hpp" with build/include_subdir [4].
Match the convention used by every other test file in the repo and
prefix the include with "./" so cpplint considers the directory
explicit.
    @etr
    etr committed Apr 7, 2026
    Configuration menu
    Copy the full SHA
    f9c0d4e View commit details
    Browse the repository at this point in the history
Loading