Skip to content
Permalink
Browse files

Auto merge of #23036 - gterzian:fix_range_request, r=jdm

Fix substraction with overflow in range request

<!-- Please describe your changes on the following line: -->

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [ ] `./mach build -d` does not report any errors
- [ ] `./mach test-tidy` does not report any errors
- [ ] These changes fix #23030 (GitHub issue number if applicable)

<!-- Either: -->
- [ ] There are tests for these changes OR
- [ ] These changes do not require tests because ___

<!-- Also, please make sure that "Allow edits from maintainers" checkbox is checked, so that we can help you if you get stuck somewhere along the way.-->

<!-- Pull requests that do not address these steps are welcome, but they will require additional verification as part of the review process. -->

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23036)
<!-- Reviewable:end -->
  • Loading branch information...
bors-servo committed Mar 15, 2019
2 parents bc03d32 + 5836bd2 commit 858f91938863b0e313831f26fe3ae25e41aaf6c1
Showing with 17 additions and 1 deletion.
  1. +17 −1 components/net/http_cache.rs
@@ -401,6 +401,10 @@ fn handle_range_request(
// whose body is in the ResponseBody::Receiving state.
(&(Bound::Included(beginning), Bound::Included(end)), Some(ref complete_resource)) => {
if let ResponseBody::Done(ref body) = *complete_resource.body.lock().unwrap() {
if end == u64::max_value() {
// Prevent overflow on the addition below.
return None;
}
let b = beginning as usize;
let e = end as usize + 1;
let requested = body.get(b..e);
@@ -428,7 +432,7 @@ fn handle_range_request(
},
_ => continue,
};
if res_beginning - 1 < beginning && res_end + 1 > end {
if res_beginning <= beginning && res_end >= end {
let resource_body = &*partial_resource.body.lock().unwrap();
let requested = match resource_body {
&ResponseBody::Done(ref body) => {
@@ -474,6 +478,10 @@ fn handle_range_request(
} else {
continue;
};
if total == 0 {
// Prevent overflow in the below operations from occuring.
continue;
};
if res_beginning < beginning && res_end == total - 1 {
let resource_body = &*partial_resource.body.lock().unwrap();
let requested = match resource_body {
@@ -519,6 +527,14 @@ fn handle_range_request(
} else {
continue;
};
if !(total >= res_beginning) ||
!(total >= res_end) ||
offset == 0 ||
offset == u64::max_value()
{
// Prevent overflow in the below operations from occuring.
continue;
}
if (total - res_beginning) > (offset - 1) && (total - res_end) < offset + 1 {
let resource_body = &*partial_resource.body.lock().unwrap();
let requested = match resource_body {

0 comments on commit 858f919

Please sign in to comment.
You can’t perform that action at this time.