Summary
New HTTP clients are added to the shared client array without holding a lock. Worker threads iterating the array could access a partially initialized HTTPC structure.
Affected Files
Details
httpc = calloc(1, sizeof(HTTPC));
/* ... initialize fields ... */
array_add(&httpd->httpc, httpc); /* no lock */
Fix
Wrap array_add() in lock(httpd, 0) / unlock(httpd, 0).
Severity
HIGH — potential crash or data corruption under concurrent load.
Summary
New HTTP clients are added to the shared client array without holding a lock. Worker threads iterating the array could access a partially initialized HTTPC structure.
Affected Files
src/httpd.c:670-704Details
Fix
Wrap
array_add()inlock(httpd, 0)/unlock(httpd, 0).Severity
HIGH — potential crash or data corruption under concurrent load.