From: Stefan Sperling Subject: Re: gotwebd: avoid calloc/free per fcgi record To: Omar Polo Cc: gameoftrees@openbsd.org Date: Fri, 29 Jul 2022 15:42:30 +0200 On Fri, Jul 29, 2022 at 03:28:09PM +0200, Omar Polo wrote: > to send something to the browser we have to go through > fcgi_send_response. > > diff below uses a static buffer in fcgi_send_response (now > send_response) to avoid dynamically allocating ~16K for each bit of the > reply. Are you sure this approach is safe? Doesn't this introduce a risk where cross-request data leaks could become a potential issue?