The plain and decoded basic auth header string is written to a fixed size buffer. Supplying a username and password whose lengths sum to 63 or more will cause the buffer to overflow.
#include <yoctohttp/common.h>
#include <yoctohttp/client.h>
#include <stdio.h>
#include <string.h>
int main(int argc, char **argv) {
httpc_conn_t *conn;
conn = httpc_new();
httpc_set_basic_authorization(conn, "0123456789012345678901234567890123456789", "0123456789012345678901234567890123456789");
return 0;
}