Fix potential arithmatic overflow problem

2026-01-19 04:52:08 +00:00 · 2025-12-25 22:19:37 -05:00
parent d23cf77cd0
commit b7c2f04318
1 changed files with 10 additions and 1 deletions
--- a/httplib.h
+++ b/httplib.h
@@ -8957,7 +8957,16 @@ inline bool Server::read_content(Stream &strm, Request &req, Response &res) {
          strm, req, res,
          // Regular
          [&](const char *buf, size_t n) {
-            if (req.body.size() + n > req.body.max_size()) { return false; }
+            // Prevent arithmetic overflow when checking sizes.
+            // Avoid computing (req.body.size() + n) directly because
+            // adding two unsigned `size_t` values can wrap around and
+            // produce a small result instead of indicating overflow.
+            // Instead, check using subtraction: ensure `n` does not
+            // exceed the remaining capacity `max_size() - size()`.
+            if (req.body.size() >= req.body.max_size() ||
+                n > req.body.max_size() - req.body.size()) {
+              return false;
+            }
            req.body.append(buf, n);
            return true;
          },