From 57847fa44647a1670f49bc22d1889b7e6203e0c8 Mon Sep 17 00:00:00 2001
From: wjqserver <114663932+WJQSERVER@users.noreply.github.com>
Date: Tue, 7 Apr 2026 09:32:14 +0800
Subject: [PATCH] fix: avoid unsafe header buffer reuse

Use safe string copies for pooled header buffers and simplify case-insensitive lookup buffering now that the pseudo stack path was ineffective. This addresses review concerns without changing the routing semantics.
---
 engine.go       |  4 ++--
 reverseproxy.go |  2 +-
 tree.go         | 11 +----------
 3 files changed, 4 insertions(+), 13 deletions(-)

diff --git a/engine.go b/engine.go
index 5214654..698fbd5 100644
--- a/engine.go
+++ b/engine.go
@@ -145,7 +145,7 @@ var methodNotAllowedHandler HandlerFunc = func(c *Context) {
 				allowHeader = append(allowHeader, method...)
 			}
 			c.allowHeaderBuf = allowHeader[:0]
-			c.Writer.Header().Set("Allow", BytesToString(allowHeader))
+			c.Writer.Header().Set("Allow", string(allowHeader))
 			c.Status(http.StatusOK)
 			return
 		}
@@ -810,7 +810,7 @@ func (engine *Engine) handleRequest(c *Context) {
 				ciPath, found := rootNode.findCaseInsensitivePathWithBuffer(requestPath, c.fixedPathBuf, engine.RedirectTrailingSlash)
 				if found {
 					c.fixedPathBuf = ciPath[:0]
-					c.Redirect(http.StatusMovedPermanently, BytesToString(ciPath)) // 301 永久重定向到修正后的路径
+					c.Redirect(http.StatusMovedPermanently, string(ciPath)) // 301 永久重定向到修正后的路径
 					return
 				}
 				c.fixedPathBuf = ciPath[:0]
diff --git a/reverseproxy.go b/reverseproxy.go
index ff49aef..fe66e2b 100644
--- a/reverseproxy.go
+++ b/reverseproxy.go
@@ -709,7 +709,7 @@ func (p *reverseProxyHandler) writeLocalOptionsResponse(c *Context) {
 					allowHeader = append(allowHeader, method...)
 				}
 				c.allowHeaderBuf = allowHeader[:0]
-				c.Writer.Header().Set("Allow", BytesToString(allowHeader))
+				c.Writer.Header().Set("Allow", string(allowHeader))
 			}
 		}
 	}
diff --git a/tree.go b/tree.go
index 6595655..b159c8d 100644
--- a/tree.go
+++ b/tree.go
@@ -723,20 +723,11 @@ func (n *node) findCaseInsensitivePath(path string, fixTrailingSlash bool) ([]by
 }
 
 func (n *node) findCaseInsensitivePathWithBuffer(path string, buf []byte, fixTrailingSlash bool) ([]byte, bool) {
-	const stackBufSize = 128 // 栈上缓冲区的默认大小
-
-	// 在常见情况下使用栈上静态大小的缓冲区.
-	// 如果路径太长, 则在堆上分配缓冲区.
 	if buf != nil {
 		buf = buf[:0]
 	}
 	if cap(buf) < len(path)+1 {
-		var stackBuf [stackBufSize]byte
-		if len(path)+1 <= stackBufSize {
-			buf = stackBuf[:0]
-		} else {
-			buf = make([]byte, 0, len(path)+1) // 如果路径太长, 则分配更大的缓冲区
-		}
+		buf = make([]byte, 0, len(path)+1)
 	}
 
 	ciPath := n.findCaseInsensitivePathRec(