The value passed as maxval, SIZE_MAX, doesn't fit on a long long int due to signedness. It was causing legitimate range request to be discarded as bad.
I tested it serving an mp4 and opening it with Firefox. A "range=0-" was requested, and it triggered the bug. --- http.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/http.c b/http.c index 1862dc4..d7b04e9 100644 --- a/http.c +++ b/http.c @@ -478,10 +478,10 @@ parse_range(const char *str, size_t size, size_t *lower, size_t *upper) * last byte if 'last' is not given), * inclusively, and byte-numbering beginning at 0 */ - *lower = strtonum(first, 0, SIZE_MAX, &err); + *lower = strtonum(first, 0, LLONG_MAX, &err); if (!err) { if (last[0] != '\0') { - *upper = strtonum(last, 0, SIZE_MAX, &err); + *upper = strtonum(last, 0, LLONG_MAX, &err); } else { *upper = size - 1; } @@ -513,7 +513,7 @@ parse_range(const char *str, size_t size, size_t *lower, size_t *upper) * use upper as a temporary storage for 'num', * as we know 'upper' is size - 1 */ - *upper = strtonum(last, 0, SIZE_MAX, &err); + *upper = strtonum(last, 0, LLONG_MAX, &err); if (err) { return S_BAD_REQUEST; } -- 2.29.2