Forbid reading an empty range in file serving handles#7657
Merged
achamayou merged 13 commits intomicrosoft:mainfrom Feb 12, 2026
Merged
Forbid reading an empty range in file serving handles#7657achamayou merged 13 commits intomicrosoft:mainfrom
achamayou merged 13 commits intomicrosoft:mainfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR tightens HTTP Range handling in the file-serving RPC endpoints (snapshot/ledger chunk download) to prevent attempts to read an empty byte range, avoiding underflow-style edge cases highlighted in #7643.
Changes:
- Reject requests whose computed range length is 0, returning a 400 with an “empty range” error.
- Extend snapshot range e2e coverage to include an additional open-ended range case and assert the new empty-range rejection.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
src/node/rpc/file_serving_handlers.h |
Adds a guard to reject zero-length ranges before reading/constructing Content-Range. |
tests/e2e_operations.py |
Adds e2e cases to validate open-ended range behavior and the new “empty range” error path. |
Comments suppressed due to low confidence (1)
tests/e2e_operations.py:428
- The added invalid-range case exercises the new empty-range rejection for
start > end, but the original motivation mentions the edge case of an empty file (egContent-Range: bytes 0-0/0). There isn’t currently a test that hits the 0-byte file path, so a regression in that specific scenario could slip through. Consider adding an e2e or lower-level test that serves a known empty file and asserts the chosen behavior (error vs empty 200/206 response).
("-1-5", "Invalid format"),
("-", "Invalid range"),
("-foo", "Unable to parse end of range offset value foo"),
("", "Invalid format"),
(f"{a}-{a-1}", "empty range"),
]:
r = do_request("GET", path, headers={"range": f"bytes={invalid_range}"})
assert r.status_code == http.HTTPStatus.BAD_REQUEST.value, r
assert err_msg in r.body.json()["error"]["message"], r
achamayou
approved these changes
Feb 10, 2026
…mpty_range_read
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Sparked by a potential underflow mentioned in a comment here: #7643 (comment)
I view this is a change from exclusive to inclusive range-ends. With exclusive, you can spell the empty range, but with inclusive you can't. Most attempts to do so will hit a different kind of parsing error (you need to specify the range => you try to spell an invalid one), but you could hit this path for an empty file.