github yhirose/cpp-httplib v0.43.4
on GitHub

5 hours ago

What's Changed

Security / bug fixes

  • Reject malformed chunk-size in chunked decoder: strtoul silently accepted a leading - and wrapped via
    unsigned arithmetic, so chunk-size -2 produced ULONG_MAX-1, bypassing the ULONG_MAX guard and letting
    a client drive the server toward unbounded allocation. Replaced with a manual hex parser that requires at
    least one hex digit, detects size_t overflow per digit, and accepts only chunk-ext or end-of-line after
    the digits (RFC 9112 §7.1) (87d62db)
  • Fix #2441: only invoke setarch on Linux in test/Makefile so the test build works on FreeBSD and other
    non-Linux systems where setarch is unavailable (a9bfe59)

CI / tests

  • Use vswhere to locate the Visual Studio install in the 32-bit Windows CI workflow, so it keeps working
    as windows-latest migrates from VS 2022 to VS 2026 (#2442)
  • Guard nullptr res in the KeepAliveTest proxy template so a transient upstream failure to
    httpbingo.org produces a clean test failure instead of a SEGV under ASan (#2443)

Full Changelog: v0.43.3...v0.43.4

Check out latest releases or
releases around yhirose/cpp-httplib v0.43.4

Don't miss a new cpp-httplib release

NewReleases is sending notifications on new releases.

Get notifications