fix: make httplib handlers more defensive during shutdown

claude · claude · commit e9cf580a7faa · 2025-12-04T20:30:02.000Z
Additional crash fixes for write_response_core SIGSEGV:

1. Exception handler now captures m_stopping by pointer and m_logger
   by shared_ptr instead of capturing 'this'. This prevents accessing
   invalid memory if the exception handler is called during shutdown.

2. Exception handler checks m_stopping flag first and returns early
   with 503 if shutting down, avoiding any access to potentially
   invalid state.

3. Route handlers now check m_stopping multiple times:
   - At entry before any work
   - After acquiring mutex (shutdown may have started while waiting)
   - Before setting response content

4. Logging is now guarded by m_stopping checks to avoid accessing
   the logger after it may have been invalidated.

The crash was occurring in write_response_core with a corrupted pointer
(0x0000002d000000ac), suggesting use-after-free of a std::function or
map during response writing. These changes minimize the window where
handlers can access Impl state during shutdown.
diff --git a/src/odr/http_server.cpp b/src/odr/http_server.cpp
@@ -21,17 +21,31 @@ class HttpServer::Impl {
         m_server{std::make_unique<httplib::Server>()} {
     // Set up exception handler to catch any internal httplib exceptions.
     // This prevents crashes when exceptions occur during request processing.
+    // NOTE: We capture m_stopping by pointer (not 'this') to safely check
+    // if we're shutting down before accessing other members.
     m_server->set_exception_handler(
-        [this](const httplib::Request & /*req*/, httplib::Response &res,
-               std::exception_ptr ep) {
+        [stopping = &m_stopping, logger = m_logger](
+            const httplib::Request & /*req*/, httplib::Response &res,
+            std::exception_ptr ep) {
+          // Check stopping flag before accessing any other state.
+          // During shutdown, just set error status without logging.
+          if (stopping->load(std::memory_order_acquire)) {
+            res.status = 503;
+            res.set_content("Service Unavailable", "text/plain");
+            return;
+          }
           try {
             if (ep) {
               std::rethrow_exception(ep);
             }
           } catch (const std::exception &e) {
-            ODR_ERROR(*m_logger, "Exception in HTTP handler: " << e.what());
+            if (logger) {
+              ODR_ERROR(*logger, "Exception in HTTP handler: " << e.what());
+            }
           } catch (...) {
-            ODR_ERROR(*m_logger, "Unknown exception in HTTP handler");
+            if (logger) {
+              ODR_ERROR(*logger, "Unknown exception in HTTP handler");
+            }
           }
           res.status = 500;
           res.set_content("Internal Server Error", "text/plain");
@@ -90,6 +104,13 @@ class HttpServer::Impl {
 
   void serve_file(const httplib::Request &req, httplib::Response &res) {
     try {
+      // Check stopping flag at entry - return immediately if shutting down
+      if (m_stopping.load(std::memory_order_acquire)) {
+        res.status = 503;
+        res.set_content("Service Unavailable", "text/plain");
+        return;
+      }
+
       std::string id = req.matches[1].str();
       std::string path = req.matches.size() > 1 ? req.matches[2].str() : "";
 
@@ -103,27 +124,50 @@ class HttpServer::Impl {
       auto [_, service] = it->second;
       lock.unlock();
 
+      // Check again after lock - shutdown may have started while waiting
+      if (m_stopping.load(std::memory_order_acquire)) {
+        res.status = 503;
+        res.set_content("Service Unavailable", "text/plain");
+        return;
+      }
+
       serve_file(res, service, path);
     } catch (const std::exception &e) {
-      ODR_ERROR(*m_logger, "Error handling request: " << e.what());
+      // Don't log if we're shutting down - logger may be invalid
+      if (!m_stopping.load(std::memory_order_acquire)) {
+        ODR_ERROR(*m_logger, "Error handling request: " << e.what());
+      }
       res.status = 500;
       res.set_content("Internal Server Error", "text/plain");
     } catch (...) {
-      ODR_ERROR(*m_logger, "Unknown error handling request");
+      if (!m_stopping.load(std::memory_order_acquire)) {
+        ODR_ERROR(*m_logger, "Unknown error handling request");
+      }
       res.status = 500;
       res.set_content("Internal Server Error", "text/plain");
     }
   }
 
   void serve_file(httplib::Response &res, const HtmlService &service,
                   const std::string &path) const {
+    // Check stopping flag - return early if shutting down
+    if (m_stopping.load(std::memory_order_acquire)) {
+      res.status = 503;
+      res.set_content("Service Unavailable", "text/plain");
+      return;
+    }
+
     if (!service.exists(path)) {
-      ODR_ERROR(*m_logger, "File not found: " << path);
+      if (!m_stopping.load(std::memory_order_acquire)) {
+        ODR_ERROR(*m_logger, "File not found: " << path);
+      }
       res.status = 404;
       return;
     }
 
-    ODR_VERBOSE(*m_logger, "Serving file: " << path);
+    if (!m_stopping.load(std::memory_order_acquire)) {
+      ODR_VERBOSE(*m_logger, "Serving file: " << path);
+    }
 
     // Buffer content to avoid streaming issues on Android.
     // Using ContentProviderWithoutLength (chunked transfer encoding) can cause
@@ -136,13 +180,25 @@ class HttpServer::Impl {
     try {
       std::ostringstream buffer;
       service.write(path, buffer);
+
+      // Final check before setting content
+      if (m_stopping.load(std::memory_order_acquire)) {
+        res.status = 503;
+        res.set_content("Service Unavailable", "text/plain");
+        return;
+      }
+
       res.set_content(buffer.str(), service.mimetype(path));
     } catch (const std::exception &e) {
-      ODR_ERROR(*m_logger, "Error serving file " << path << ": " << e.what());
+      if (!m_stopping.load(std::memory_order_acquire)) {
+        ODR_ERROR(*m_logger, "Error serving file " << path << ": " << e.what());
+      }
       res.status = 500;
       res.set_content("Internal Server Error", "text/plain");
     } catch (...) {
-      ODR_ERROR(*m_logger, "Unknown error serving file: " << path);
+      if (!m_stopping.load(std::memory_order_acquire)) {
+        ODR_ERROR(*m_logger, "Unknown error serving file: " << path);
+      }
       res.status = 500;
       res.set_content("Internal Server Error", "text/plain");
     }
