We are a happy user of the mongoose embedded web server module (see https://midas.triumf.ca). We selected mongoose partially because of simple support for building multithreaded servers.
Now I am updating our application from mongoose 4.x to 6.4 and I see a number of problems with the multithread server:
a) a crash due to double-free/use-after-free of nc->proto_data (see below)
b) MG_EV_ACCEPT events are not sent to my handler (need this to implement application-level access controls)
c) MG_EV_RECV also not sent to my handler (not important)
d) the mongoose code does some kind of insane forwarding of data between connections (see forward_ev_handler()). Seems unnecessary, kills performance, and introduces bugs.
More about the crash:
a) the pointer to nc->proto_data is duplicated in spawn_handling_thread() resulting in two connections pointing to the same proto_data address.
b) first connection is closed, proto_data is deleted
c) second connection now points to a deallocated address (use-after-free)
d) eventually crashes (for me) in mg_http_handler() because pd->file.fp contains garbage
This is easy to see by printing the address of nc->proto_data newly allocated in mg_http_get_proto_data(), address deleted mg_http_conn_destructor() and address duplicated in spawn_handling_thread().
It turns out there already is a bug report for this, with maybe solution:
If mongoose supports multithreading, somebody should better fix at least the crasher.