Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
ContentRangeHeaderValue "to" must always be less than "length"
See original GitHub issueSummary
The ContentRangeHeaderValue constructor allows the creation of an invalid (range) instance.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Range
<range-start> and <range-end> are zero-indexed & inclusive
This means that to must always be a maximum of length - 1
Motivation and goals
Prevent people (like me) to create invalid content range headers.
In scope
None.
Out of scope
None.
Risks / unknowns
People sending invalid requests to forgiving servers might be broken.
Examples
I think this line https://github.com/dotnet/aspnetcore/blob/fd1891536f27e959d14a140ff9307b6a21191de9/src/Http/Headers/src/ContentRangeHeaderValue.cs#L41
Should be changed from
if ((to < 0) || (to > length))
to
if ((to < 0) || (to > Math.Max(0, length-1)))
Issue Analytics
- State:
- Created a year ago
- Comments:11 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Looks like this discussion has been quiet for a while, so I’m going to go ahead and open a PR.
I was checking the file and it looks like we have the same validation here https://github.com/dotnet/aspnetcore/blob/fd1891536f27e959d14a140ff9307b6a21191de9/src/Http/Headers/src/ContentRangeHeaderValue.cs#L421-L425
It will be useful to have a special scenario where this issue is triggered.