fix: prevent httplib header processing crashes on Android

claude · claude · commit 3e306b1d132c · 2025-12-20T20:01:06.000Z
This fixes a crash in httplib::Server::process_request during header
map operations that was causing SIGSEGV on Android devices. The crash
occurred in std::map operations with case-insensitive header comparison
when processing malformed or excessive HTTP headers.

Root causes:
1. Unbounded header sizes: Headers could grow arbitrarily large,
   causing memory allocation failures in map node construction
2. No payload limits: Requests without size limits could exhaust
   memory during processing
3. No timeouts: Slow or malicious clients could tie up server threads

Fixes:
1. Runtime limits via httplib API:
   - set_payload_max_length(100MB): Prevents unbounded memory usage
   - set_read_timeout(30s): Prevents slow requests from blocking threads
   - set_write_timeout(60s): Allows time for large document transfers

2. Compile-time limits via preprocessor definitions:
   - CPPHTTPLIB_HEADER_MAX_LENGTH=4KB: Reduced from default 8KB to
     limit header map memory consumption
   - CPPHTTPLIB_PAYLOAD_MAX_LENGTH=100MB: Compile-time enforcement
     as additional safety layer

These limits are appropriate for document serving use case and prevent
the crashes seen in Google Play crash reports affecting Android users.

Backtrace showed crash at:
  httplib::Server::process_request
    -&gt; std::__tree::__assign_multi (header map operations)
    -&gt; std::__tree::__construct_node (memory allocation)
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -198,6 +198,15 @@ target_include_directories(odr
         src
         ${CMAKE_CURRENT_BINARY_DIR}/src
 )
+target_compile_definitions(odr
+        PRIVATE
+        # httplib resource limits to prevent crashes from malformed requests
+        # Reduce header max length to 4KB (default is 8KB)
+        # This prevents memory allocation crashes in header map operations
+        CPPHTTPLIB_HEADER_MAX_LENGTH=4096
+        # Limit payload to 100MB at compile-time as additional safety
+        CPPHTTPLIB_PAYLOAD_MAX_LENGTH=104857600
+)
 target_link_libraries(odr
         PRIVATE
         pugixml::pugixml
diff --git a/src/odr/http_server.cpp b/src/odr/http_server.cpp
@@ -19,6 +19,15 @@ class HttpServer::Impl {
   Impl(Config config, std::shared_ptr<Logger> logger)
       : m_config{std::move(config)}, m_logger{std::move(logger)},
         m_server{std::make_unique<httplib::Server>()} {
+    // Set resource limits to prevent crashes from malformed or excessive requests.
+    // This prevents memory exhaustion and header processing crashes on Android.
+    // Max payload: 100MB (reasonable for document serving, prevents DoS)
+    m_server->set_payload_max_length(100 * 1024 * 1024);
+    // Read timeout: 30 seconds (prevents slow requests from tying up threads)
+    m_server->set_read_timeout(30, 0);
+    // Write timeout: 60 seconds (allows time for large document transfers)
+    m_server->set_write_timeout(60, 0);
+
     // Set up exception handler to catch any internal httplib exceptions.
     // This prevents crashes when exceptions occur during request processing.
     m_server->set_exception_handler([this](const httplib::Request & /*req*/,
