fix: address race conditions and safety issues in FileCacheEx

- Add per-entry mutex to file_cache_ex_s for thread-safe mutations
- Hold fc->mutex during is_modified() / stat check to prevent data race
- Hold fc->mutex during resize_buf() / read to prevent use-after-free
- Make prepend_header() thread-safe with lock_guard
- Defer put() into LRU cache until entry is fully initialized
  (prevents stale/incomplete cache entries on ERR_OVER_LIMIT)
- Use read() loop to handle partial reads (EINTR)
- Invalidate httpbuf pointers after resize_buf() reallocation
- Thread-safe get_header_used() / get_header_remaining() accessors

Author: Yundi339

http/server/FileCacheEx.cpp

@@ -29,6 +29,7 @@ file_cache_ex_ptr FileCacheEx::Open(const char* filepath, OpenParam* param) {
 #endif
     bool modified = false;
     if (fc) {
+        std::lock_guard<std::mutex> lock(fc->mutex);
         time_t now = time(NULL);
         if (now - fc->stat_time > stat_interval) {
             fc->stat_time = now;
@@ -89,26 +90,36 @@ file_cache_ex_ptr FileCacheEx::Open(const char* filepath, OpenParam* param) {
                 time(&fc->open_time);
                 fc->stat_time = fc->open_time;
                 fc->stat_cnt = 1;
-                put(filepath, fc);
+                // NOTE: do NOT put() into cache yet — defer until fully initialized
             } else {
                 param->error = ERR_MISMATCH;
                 return NULL;
             }
         }
+        // Hold fc->mutex for the remainder of initialization
+        std::lock_guard<std::mutex> lock(fc->mutex);
         if (S_ISREG(fc->st.st_mode)) {
             param->filesize = fc->st.st_size;
             // FILE
             if (param->need_read) {
                 if (fc->st.st_size > param->max_read) {
                     param->error = ERR_OVER_LIMIT;
+                    // Don't cache incomplete entries
                     return NULL;
                 }
                 fc->resize_buf(fc->st.st_size, max_header_length);
-                int nread = read(fd, fc->filebuf.base, fc->filebuf.len);
-                if (nread != (int)fc->filebuf.len) {
-                    hloge("Failed to read file: %s", filepath);
-                    param->error = ERR_READ_FILE;
-                    return NULL;
+                // Loop to handle partial reads (EINTR, etc.)
+                char* dst = fc->filebuf.base;
+                size_t remaining = fc->filebuf.len;
+                while (remaining > 0) {
+                    int nread = read(fd, dst, remaining);
+                    if (nread <= 0) {
+                        hloge("Failed to read file: %s", filepath);
+                        param->error = ERR_READ_FILE;
+                        return NULL;
+                    }
+                    dst += nread;
+                    remaining -= nread;
                 }
             }
             const char* suffix = strrchr(filepath, '.');
@@ -133,6 +144,8 @@ file_cache_ex_ptr FileCacheEx::Open(const char* filepath, OpenParam* param) {
         gmtime_fmt(fc->st.st_mtime, fc->last_modified);
         snprintf(fc->etag, sizeof(fc->etag), ETAG_FMT,
                  (size_t)fc->st.st_mtime, (size_t)fc->st.st_size);
+        // Cache the fully initialized entry
+        put(filepath, fc);
     }
     return fc;
 }

http/server/FileCacheEx.h

@@ -25,12 +25,16 @@
 #include "hstring.h"
 #include "LRUCache.h"
 
+// Forward declare to avoid header pollution
+struct file_cache_ex_s;
+
 // Default values — may be overridden at runtime via FileCacheEx setters
 #define FILECACHE_EX_DEFAULT_HEADER_LENGTH  4096        // 4K
 #define FILECACHE_EX_DEFAULT_MAX_NUM        100
 #define FILECACHE_EX_DEFAULT_MAX_FILE_SIZE  (1 << 22)   // 4M
 
 typedef struct file_cache_ex_s {
+    mutable std::mutex  mutex;      // protects all mutable state below
     std::string filepath;
     struct stat st;
     time_t      open_time;
@@ -56,30 +60,39 @@ typedef struct file_cache_ex_s {
     }
 
     // Fixed: avoids shadowing struct stat member with stat() call
+    // NOTE: caller must hold mutex
     bool is_modified() {
         time_t mtime = st.st_mtime;
         ::stat(filepath.c_str(), &st);
         return mtime != st.st_mtime;
     }
 
+    // NOTE: caller must hold mutex
     bool is_complete() {
         if (S_ISDIR(st.st_mode)) return filebuf.len > 0;
         return filebuf.len == (size_t)st.st_size;
     }
 
+    // NOTE: caller must hold mutex — invalidates filebuf/httpbuf pointers
     void resize_buf(int filesize, int reserved) {
         header_reserve = reserved;
         buf.resize(reserved + filesize);
         filebuf.base = buf.base + reserved;
         filebuf.len = filesize;
+        // Invalidate httpbuf since buffer may have been reallocated
+        httpbuf.base = NULL;
+        httpbuf.len = 0;
+        header_used = 0;
     }
 
     void resize_buf(int filesize) {
         resize_buf(filesize, header_reserve);
     }
 
-    // Returns true on success, false if header exceeds reserved space
+    // Thread-safe: prepend header into reserved space.
+    // Returns true on success, false if header exceeds reserved space.
     bool prepend_header(const char* header, int len) {
+        std::lock_guard<std::mutex> lock(mutex);
         if (len > header_reserve) return false;
         httpbuf.base = filebuf.base - len;
         httpbuf.len = len + filebuf.len;
@@ -88,10 +101,10 @@ typedef struct file_cache_ex_s {
         return true;
     }
 
-    // --- accessors ---
+    // --- thread-safe accessors ---
     int  get_header_reserve()  const { return header_reserve; }
-    int  get_header_used()     const { return header_used; }
-    int  get_header_remaining() const { return header_reserve - header_used; }
+    int  get_header_used()     const { std::lock_guard<std::mutex> lock(mutex); return header_used; }
+    int  get_header_remaining() const { std::lock_guard<std::mutex> lock(mutex); return header_reserve - header_used; }
     bool header_fits(int len)  const { return len <= header_reserve; }
 } file_cache_ex_t;