http_server: fix bad overflow check

[intrigus-lgtm]

No description provided.

[Copilot]

Pull request overview

This PR fixes an integer overflow check when parsing the HTTP Content-Length header in the waltz HTTP server and adds a regression test to ensure overflow triggers the expected connection close path.

Changes:

• Replace the content_len*10 + digit wraparound-based overflow detection with a bounds-based check against ULONG_MAX.
• Add a unit test that opens a loopback TCP connection and sends an oversized Content-Length value, asserting the server closes with FD_HTTP_SERVER_CONNECTION_CLOSE_LARGE_REQUEST.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File	Description
src/waltz/http/test_http_server.c	Adds a new regression test and supporting helpers to validate overflow handling via a real socket connection.
src/waltz/http/fd_http_server.c	Updates Content-Length parsing to use a correct pre-multiply overflow check.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The close-wait loop uses a fixed 200-iteration bound with fd_http_server_poll(http, 1), which can be flaky on slow/loaded CI machines. Consider using a wallclock-based timeout (or a larger bound) so the test fails only after a real elapsed deadline.

[Copilot]

ULONG_MAX is used in the new overflow check, but this translation unit doesn't include <limits.h>. This can fail to compile on toolchains where ULONG_MAX isn't pulled in indirectly. Add an explicit #include <limits.h> near the other standard includes.

[ripatel-fd]

@copilot ULONG_MAX is provided by fd_util_base.h i think

[github-actions]

Performance Measurements ⏳

Suite	Baseline	New	Change
backtest mainnet-368528500-perf per slot	0.063137 s	0.063219 s	0.130% ✅
backtest mainnet-368528500-perf snapshot load	3.399 s	2.264 s	-33.392% ✅
backtest mainnet-368528500-perf total elapsed	63.136608 s	63.219282 s	0.131% ✅
firedancer mem usage with mainnet.toml	984.34 GiB	984.34 GiB	0.000% ✅

[ripatel-fd]

Can we just use __builtin_uaddl_overflow here?

[intrigus-lgtm]

@ripatel-fd something like this?
Doesn't look pretty, but would avoid a division although the compiler would have probably replaced the division by constant anyway with something smarter.

Suggested change

	ulong digit = (ulong)(content_length[ i ]-'0');
	if( FD_UNLIKELY( content_len>(ULONG_MAX-digit)/10UL ) ) { /* Overflow */
	close_conn( http, conn_idx, FD_HTTP_SERVER_CONNECTION_CLOSE_LARGE_REQUEST );
	return;
	}
	content_len = next;
	content_len = content_len*10UL + digit;
	}
	ulong total_len = (ulong)result+content_len;
	ulong digit = (ulong)(content_length[ i ]-'0');
	ulong next_content_len;
	if( FD_UNLIKELY( __builtin_mul_overflow( content_len, 10UL, &next_content_len ) ||
	__builtin_add_overflow( next_content_len, digit, &next_content_len ) ) ) { /* Overflow */
	close_conn( http, conn_idx, FD_HTTP_SERVER_CONNECTION_CLOSE_LARGE_REQUEST );
	return;
	}
	content_len = next_content_len;
	}
	ulong total_len = (ulong)result+content_len;

[Copilot]

@ripatel-fd I've opened a new pull request, #8433, to work on those changes. Once the pull request is ready, I'll request review from you.

[ripatel-fd]

@intrigus-lgtm How about we just copy out the integer string to uchar x[], zero terminate it, and then call https://man7.org/linux/man-pages/man3/strtoumax.3.html for the conversion? IMO that's the cleanest option

[ripatel-fd]

@copilot please implement this suggestion by modifying PR 8391 and submit it as a separate PR. Maintain original attribution

[Copilot]

@ripatel-fd I've opened a new pull request, #8434, to work on those changes. Once the pull request is ready, I'll request review from you.