Skip to content

fix(export): clamp oversized Lightning media probe ranges #522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
webadderall merged 2 commits into from
May 17, 2026
Merged

fix(export): clamp oversized Lightning media probe ranges #522

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7b137e0
fix(export): clamp oversized media probe ranges
webadderall May 17, 2026
9876b8c
fix(media-server): reject malformed range headers
webadderall May 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions electron/mediaServer.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,36 @@ describe("media server path policy", () => {
expect(isAllowedMediaPath(missingPath)).toBe(false);
});
});

describe("resolveHttpByteRange", () => {
it("rejects malformed and multi-range headers", async () => {
const { resolveHttpByteRange } = await import("./mediaServer");

expect(resolveHttpByteRange("bytes=0-1,2-3", 100)).toBeNull();
expect(resolveHttpByteRange("bytes=0-1foo", 100)).toBeNull();
});

it("clamps oversized explicit end offsets to EOF", async () => {
const { resolveHttpByteRange } = await import("./mediaServer");

expect(resolveHttpByteRange("bytes=0-9999999999", 3_221_225_472)).toEqual({
start: 0,
end: 3_221_225_471,
});
});

it("rejects ranges that start beyond EOF", async () => {
const { resolveHttpByteRange } = await import("./mediaServer");

expect(resolveHttpByteRange("bytes=500-999", 500)).toBeNull();
});

it("preserves suffix range semantics", async () => {
const { resolveHttpByteRange } = await import("./mediaServer");

expect(resolveHttpByteRange("bytes=-500", 1_000)).toEqual({
start: 500,
end: 999,
});
});
});
74 changes: 47 additions & 27 deletions electron/mediaServer.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,48 @@ import { getMediaContentType } from "./mediaTypes";
let mediaServerBaseUrl: string | null = null;
let mediaServerStartPromise: Promise<string> | null = null;

export function resolveHttpByteRange(
rangeHeader: string,
fileSize: number,
): { start: number; end: number } | null {
const match = rangeHeader.trim().match(/^bytes=(\d*)-(\d*)$/);
if (!match || (!match[1] && !match[2])) {
return null;
}

if (fileSize === 0) {
return null;
}

if (!match[1] && match[2]) {
// Suffix range: bytes=-500
const suffixLength = Number.parseInt(match[2], 10);
if (Number.isNaN(suffixLength) || suffixLength <= 0) {
return null;
}

return {
start: Math.max(0, fileSize - suffixLength),
end: fileSize - 1,
};
}

const start = Number.parseInt(match[1], 10);
if (Number.isNaN(start) || start < 0 || start >= fileSize) {
return null;
}

const requestedEnd = match[2] ? Number.parseInt(match[2], 10) : fileSize - 1;
if (Number.isNaN(requestedEnd) || requestedEnd < start) {
return null;
}

return {
start,
end: Math.min(requestedEnd, fileSize - 1),
};
}

async function resolveRealPath(filePath: string): Promise<string | null> {
try {
return await fs.realpath(path.resolve(filePath));
Expand Down Expand Up @@ -76,42 +118,20 @@ async function handleMediaRequest(
}

if (rangeHeader) {
const match = rangeHeader.match(/bytes=(\d*)-(\d*)/);
if (!match || (!match[1] && !match[2])) {
response.writeHead(416, { ...corsHeaders, "Content-Range": `bytes */${fileSize}` });
if (fileSize === 0) {
response.writeHead(416, { ...corsHeaders, "Content-Range": `bytes */0` });
response.end();
return;
}

let start: number;
let end: number;

if (!match[1] && match[2]) {
// Suffix range: bytes=-500
const suffixLength = Number.parseInt(match[2], 10);
if (Number.isNaN(suffixLength) || suffixLength <= 0) {
response.writeHead(416, { ...corsHeaders, "Content-Range": `bytes */${fileSize}` });
response.end();
return;
}
start = Math.max(0, fileSize - suffixLength);
end = fileSize - 1;
} else {
start = Number.parseInt(match[1], 10);
end = match[2] ? Number.parseInt(match[2], 10) : fileSize - 1;
}

if (Number.isNaN(start) || Number.isNaN(end) || start > end || start >= fileSize || end >= fileSize) {
const byteRange = resolveHttpByteRange(rangeHeader, fileSize);
if (!byteRange) {
response.writeHead(416, { ...corsHeaders, "Content-Range": `bytes */${fileSize}` });
response.end();
return;
}

if (fileSize === 0) {
response.writeHead(416, { ...corsHeaders, "Content-Range": `bytes */0` });
response.end();
return;
}
const { start, end } = byteRange;

const chunkSize = end - start + 1;
response.writeHead(206, {
Expand Down