Fix parse_ranges UB, serve stat-before-open; add CLAUDE.md and 34 tests#8
Draft
troglodyne-bot wants to merge 1 commit into
Conversation
Two bugs fixed in lib/TPSGI.pm: 1. parse_ranges: `my $range = val if cond` is Perl UB — when the condition is false, $range retains the value from the previous call rather than being reset to undef. On keepalive connections, a request without Range headers after one that had them would incorrectly return stale ranges. Fixed with an explicit if/else. 2. serve: stat($path) was called before open(), so when the file doesn't exist or can't be opened, $mt and $sz are undef — triggering warnings in gmtime() and the numeric comparison. Moved stat inside the open block, stat-ing the filehandle ($fh) instead of the path. Also adds: - CLAUDE.md: project orientation for agent sessions - t/lib/TPSGITestStubs.pm: stub loader for missing CPAN deps in test env - t/04-parse-ranges.t: 8 tests including stale-variable regression - t/05-serve.t: 7 tests for static file serving (200/304/403/streaming) - t/06-route-and-query.t: 19 tests for route dispatch, extract_query, HTTP error helpers, and redirect methods
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Two bug fixes in
lib/TPSGI.pm, project documentation, and 34 new tests across 3 test files.Why
parse_ranges:
my $range = val if condis Perl undefined behaviour — when the condition is false,$rangeretains its value from the previous call rather than resetting toundef. On keepalive connections, a non-range request following a range request would silently inherit stale range data. Same pattern as theextract_queryfix in PR #7.serve stat-before-open:
stat($path)was called beforeopen(), so nonexistent or unreadable files caused undef warnings fromgmtime()and the numeric>comparison. Now stat happens on the filehandle inside the open block.How
parse_ranges: replacedmy $range = val if condwith an explicitif/elseserve: movedstat+ mtime/size variables inside theif (open ...)block; switched fromstat($path)tostat($fh)(more reliable: no TOCTOU, uses the already-open descriptor)CLAUDE.md: project orientation doc for agent sessions (arch overview, test instructions, key patterns)t/lib/TPSGITestStubs.pm: stub loader that prefers real modules, falls back to minimal fakes for 9 CPAN deps not installed in the test environmentt/04-parse-ranges.t: 8 tests including stale-variable regression (calls parse_ranges twice, verifies second call returns empty)t/05-serve.t: 7 tests covering 200/304/403 responses, MIME types, Accept-Ranges, Server-Timing, streamingt/06-route-and-query.t: 19 tests for HTTP error helpers, route method/content-type dispatch, Server-Timing, extract_query GET params, captures, data injection, and redirect methodsTesting