On Fri, 31 Oct 2025 11:45:51 GMT, Daniel Fuchs <[email protected]> wrote:
>> Peyang has updated the pull request incrementally with one additional commit
>> since the last revision:
>>
>> Add documentation for HTTP range requests support in SimpleFileServer
>
> src/jdk.httpserver/share/classes/sun/net/httpserver/simpleserver/FileServerHandler.java
> line 347:
>
>> 345: end = fileSize - 1;
>> 346: } else { // "<start>-<end>" or "<start>-"
>> 347: start = Long.parseLong(startStr);
>
> We only want to accept base 10 numbers, don't we?
>
> Suggestion:
>
> start = Long.parseLong(startStr, 10);
Maybe we should additionally reject startStr if it begins with '+'
> src/jdk.httpserver/share/classes/sun/net/httpserver/simpleserver/FileServerHandler.java
> line 348:
>
>> 346: } else { // "<start>-<end>" or "<start>-"
>> 347: start = Long.parseLong(startStr);
>> 348: end = endStr.isEmpty() ? fileSize - 1 :
>> Long.parseLong(endStr);
>
> Suggestion:
>
> end = endStr.isEmpty() ? fileSize - 1 :
> Long.parseLong(endStr, 10);
and same here - we should additionally reject endStr if it starts with '+'
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/28021#discussion_r2481156352
PR Review Comment: https://git.openjdk.org/jdk/pull/28021#discussion_r2481160730
