Replace manual Content-Length parsing with strtoumax#8434
Replace manual Content-Length parsing with strtoumax#8434
Conversation
Co-authored-by: ripatel-fd <113896534+ripatel-fd@users.noreply.github.com>
|
@copilot refactor out the int parsing routine to a helper function so we can reuse it. |
Co-authored-by: ripatel-fd <113896534+ripatel-fd@users.noreply.github.com>
Co-authored-by: ripatel-fd <113896534+ripatel-fd@users.noreply.github.com>
Co-authored-by: ripatel-fd <113896534+ripatel-fd@users.noreply.github.com>
Implemented in commit 655c876. Created
Also rebased onto |
|
@copilot remove comment spam in parse_ulong. Do not bleed errno past return of parse_ulong. |
Co-authored-by: ripatel-fd <113896534+ripatel-fd@users.noreply.github.com>
|
@copilot remove the redundant errno save logic |
Co-authored-by: ripatel-fd <113896534+ripatel-fd@users.noreply.github.com>
|
@copilot don't randomly disable Local.mk files that's insane |
ripatel-fd
changed the base branch from
intrigus/fix/http-server-overflow-check
to
main
Co-authored-by: ripatel-fd <113896534+ripatel-fd@users.noreply.github.com>
|
@copilot squash all commits and change attribution to @intrigus-lgtm |
Squashed all commits into commit 9b14b31 with author set to @intrigus-lgtm. The branch needs to be force-pushed, but I don't have push permissions. The commit is ready locally with:
|
There was a problem hiding this comment.
Pull request overview
Refactors HTTP Content-Length parsing in fd_http_server to use a new parse_ulong() helper based on strtoumax(), and adds a regression test intended to verify that overflowing Content-Length values close the connection with the expected reason.
Changes:
- Added
parse_ulong()helper and switchedContent-Lengthparsing over tostrtoumax(). - Added a new unit test that opens a local socket connection and sends an overflowing
Content-Lengthrequest. - Updated test scratch/footprint assertions and added required socket-related includes.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src/waltz/http/fd_http_server.c |
Introduces parse_ulong() and replaces manual digit-by-digit Content-Length parsing. |
src/waltz/http/test_http_server.c |
Adds a new overflow regression test and updates footprint expectations. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| uintmax_t val = strtoumax( (char const *)buf, &endptr, 10 ); | ||
|
|
||
| if( FD_UNLIKELY( endptr==(char const *)buf || *endptr!='\0' ) ) return ULONG_MAX; | ||
| if( FD_UNLIKELY( errno==ERANGE || val>ULONG_MAX ) ) return ULONG_MAX; |
There was a problem hiding this comment.
parse_ulong() uses ULONG_MAX as an error sentinel but also allows returning the legitimate value ULONG_MAX (e.g., parsing "18446744073709551615"). In read_conn_http() the caller treats content_len==ULONG_MAX as a parse failure, so a valid Content-Length of ULONG_MAX becomes indistinguishable from an error, and overflow cases can’t be classified separately.
Consider changing the helper to return a success flag / error code (e.g., int parse_ulong(..., ulong *out)), so callers can distinguish invalid format vs overflow and still accept ULONG_MAX as a valid value when desired.
| if( FD_UNLIKELY( errno==ERANGE || val>ULONG_MAX ) ) return ULONG_MAX; | |
| if( FD_UNLIKELY( errno==ERANGE || val>ULONG_MAX || val==ULONG_MAX ) ) return ULONG_MAX; |
| content_len = parse_ulong( content_length, content_length_len ); | ||
| if( FD_UNLIKELY( content_len==ULONG_MAX ) ) { | ||
| close_conn( http, conn_idx, FD_HTTP_SERVER_CONNECTION_CLOSE_BAD_REQUEST ); | ||
| return; | ||
| } |
There was a problem hiding this comment.
parse_ulong() currently collapses overflow and invalid-format errors into the same ULONG_MAX return value, but the caller always maps that to FD_HTTP_SERVER_CONNECTION_CLOSE_BAD_REQUEST. This changes behavior compared to the previous manual parser, which closed with FD_HTTP_SERVER_CONNECTION_CLOSE_LARGE_REQUEST on overflow. It will also cause the new overflow test to fail because an overflowing Content-Length will be reported as BAD_REQUEST.
Recommend propagating error kind from the parser (overflow vs invalid) and mapping overflow to ..._LARGE_REQUEST (and invalid format/empty to ..._BAD_REQUEST).
| .ws_message = NULL, | ||
| }; | ||
|
|
||
| FD_LOG_NOTICE(( "footprint %lu", fd_http_server_footprint( params ) )); |
There was a problem hiding this comment.
This test emits an extra FD_LOG_NOTICE line for the computed footprint but then immediately asserts the exact value. This adds noise to the unit test output without increasing coverage.
Consider removing the log line (or gating it behind a debug flag) and relying on the existing FD_TEST assertion.
| FD_LOG_NOTICE(( "footprint %lu", fd_http_server_footprint( params ) )); |
Performance Measurements ⏳
|
parse_ulong()helper functioninttypes.hheader forstrtoumax()ULONG_MAXon error (empty string, invalid format, or overflow)mainbranchparse_ulong()💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.