Hello, While running the unit tests in Ulfius, I just realized that MHD 0.9.70 generates an error while testing post processor limits.
The context is the following. Inside the callback function, MHD_create_post_processor is called first with a buffer size of 1024. I just read in MHD doc that "for good performance, use 32k or 64k", but even with 64k, the problem remains. MHD_create_post_processor (connection, 1024, mhd_iterate_post_data, (void *) con_info); Then, MHD_post_process is called using upload_data and upload_data_size: MHD_post_process (con_info->post_processor, upload_data, *upload_data_size); The problem occurs when *upload_data_size is bigger than buffer_size. It seems that MHD_post_process iterates until it reaches upload_data, and then fails. In my test case, the callback function echoes the request body in the response, then several body lengths are tested: 128, 256, 512, 1024, 2048, 16k, 2M. The request content-type is x-url-encoded, but the body is a simple set of '0' aligned. This is the failing test: https://github.com/babelouest/ulfius/blob/master/test/core.c#L476 Using the current parameters, the test will fail after request.binary_body_length = 2048; I don't know if my code doesn't use MHD API properly, but for now the only way I find to fix this is avoiding testing outer limits. Valgrind says that a problem occurs in postprocessor.c:640 memcpy (&kbuf[pp->buffer_pos], start_key, end_key - start_key); Valgrind's output is like that: ==266354== Thread 3 MHD-connection: ==266354== Invalid write of size 2 ==266354== at 0x4842B33: memmove (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==266354== by 0x4C3717F: memcpy (string_fortified.h:34) ==266354== by 0x4C3717F: post_process_urlencoded (postprocessor.c:640) ==266354== by 0x4C37B9D: MHD_post_process (postprocessor.c:1383) ==266354== by 0x4A6DE09: ulfius_webservice_dispatcher (ulfius.c:481) ==266354== by 0x4C2B0D0: process_request_body (connection.c:2422) ==266354== by 0x4C2B0D0: MHD_connection_handle_idle (connection.c:3433) ==266354== by 0x4C2C45D: call_handlers (daemon.c:1215) ==266354== by 0x4C2FC58: thread_main_handle_connection (daemon.c:2077) ==266354== by 0x4C08608: start_thread (pthread_create.c:477) ==266354== by 0x498E102: clone (clone.S:95) ==266354== Address 0x5f89af8 is 1,192 bytes inside a block of size 1,193 alloc'd ==266354== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==266354== by 0x4C379D2: MHD_create_post_processor (postprocessor.c:340) ==266354== by 0x4A6DB44: ulfius_webservice_dispatcher (ulfius.c:452) ==266354== by 0x4C289B0: call_connection_handler (connection.c:2220) ==266354== by 0x4C2A27F: MHD_connection_handle_idle (connection.c:3397) ==266354== by 0x4C2C45D: call_handlers (daemon.c:1215) ==266354== by 0x4C2FC58: thread_main_handle_connection (daemon.c:2077) ==266354== by 0x4C08608: start_thread (pthread_create.c:477) ==266354== by 0x498E102: clone (clone.S:95) ==266354== ==266354== Invalid write of size 1 ==266354== at 0x4842B63: memmove (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==266354== by 0x4C3717F: memcpy (string_fortified.h:34) ==266354== by 0x4C3717F: post_process_urlencoded (postprocessor.c:640) ==266354== by 0x4C37B9D: MHD_post_process (postprocessor.c:1383) ==266354== by 0x4A6DE09: ulfius_webservice_dispatcher (ulfius.c:481) ==266354== by 0x4C2B0D0: process_request_body (connection.c:2422) ==266354== by 0x4C2B0D0: MHD_connection_handle_idle (connection.c:3433) ==266354== by 0x4C2C45D: call_handlers (daemon.c:1215) ==266354== by 0x4C2FC58: thread_main_handle_connection (daemon.c:2077) ==266354== by 0x4C08608: start_thread (pthread_create.c:477) ==266354== by 0x498E102: clone (clone.S:95) ==266354== Address 0x5fbfa89 is 0 bytes after a block of size 1,193 alloc'd ==266354== at 0x483DD99: calloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) ==266354== by 0x4C379D2: MHD_create_post_processor (postprocessor.c:340) ==266354== by 0x4A6DB44: ulfius_webservice_dispatcher (ulfius.c:452) ==266354== by 0x4C289B0: call_connection_handler (connection.c:2220) ==266354== by 0x4C2A27F: MHD_connection_handle_idle (connection.c:3397) ==266354== by 0x4C2C45D: call_handlers (daemon.c:1215) ==266354== by 0x4C2FC58: thread_main_handle_connection (daemon.c:2077) ==266354== by 0x4C08608: start_thread (pthread_create.c:477) ==266354== by 0x498E102: clone (clone.S:95) ==266354== --266354-- VALGRIND INTERNAL ERROR: Valgrind received a signal 11 (SIGSEGV) - exiting --266354-- si_code=128; Faulting address: 0x0; sp: 0x1005e87df0 valgrind: the 'impossible' happened: Killed by fatal signal
