From 4c5bc45dfdf6c3a0ac44ee3cb9c4c6938d3a8c9b Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Mon, 6 Jan 2025 16:36:36 +0100
Subject: [PATCH 1/2] Add value checking to @validateByteRange

---
 src/operators/validate_byte_range.cc | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/src/operators/validate_byte_range.cc b/src/operators/validate_byte_range.cc
index 2553b9c1a4..a309091a0f 100644
--- a/src/operators/validate_byte_range.cc
+++ b/src/operators/validate_byte_range.cc
@@ -37,6 +37,11 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
                 "' into a number");
             return false;
         }
+        if ((start < 0) || (start > 255)) {
+            error->assign("Invalid range start value: " +
+                std::to_string(start));
+            return false;
+        }
         table[start >> 3] = (table[start >> 3] | (1 << (start & 0x7)));
         return true;
     }
@@ -60,11 +65,6 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
         return false;
     }
 
-    if ((start < 0) || (start > 255)) {
-        error->assign("Invalid range start value: " +
-            std::to_string(start));
-        return false;
-    }
     if ((end < 0) || (end > 255)) {
        error->assign("Invalid range end value: " + std::to_string(end));
        return false;
@@ -87,21 +87,29 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
 bool ValidateByteRange::init(const std::string &file,
     std::string *error) {
     size_t pos = m_param.find_first_of(",");
+    bool rc;
 
     if (pos == std::string::npos) {
-        getRange(m_param, error);
+        rc = getRange(m_param, error);
     } else {
-        getRange(std::string(m_param, 0, pos), error);
+        rc = getRange(std::string(m_param, 0, pos), error);
+    }
+
+    if (rc == false) {
+        return false;
     }
 
     while (pos != std::string::npos) {
         size_t next_pos = m_param.find_first_of(",", pos + 1);
 
         if (next_pos == std::string::npos) {
-            getRange(std::string(m_param, pos + 1, m_param.length() -
+            rc = getRange(std::string(m_param, pos + 1, m_param.length() -
                 (pos + 1)), error);
         } else {
-            getRange(std::string(m_param, pos + 1, next_pos - (pos + 1)), error);
+            rc = getRange(std::string(m_param, pos + 1, next_pos - (pos + 1)), error);
+        }
+        if (rc == false) {
+            return false;
         }
         pos = next_pos;
     }

From 9158477561f70d002f816cd4ba3719db4f5b1420 Mon Sep 17 00:00:00 2001
From: Ervin Hegedus <airween@gmail.com>
Date: Mon, 6 Jan 2025 17:36:49 +0100
Subject: [PATCH 2/2] Add check after intervall parsing, spell fix

---
 src/operators/validate_byte_range.cc | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/operators/validate_byte_range.cc b/src/operators/validate_byte_range.cc
index a309091a0f..05d06c7880 100644
--- a/src/operators/validate_byte_range.cc
+++ b/src/operators/validate_byte_range.cc
@@ -38,7 +38,7 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
             return false;
         }
         if ((start < 0) || (start > 255)) {
-            error->assign("Invalid range start value: " +
+            error->assign("Invalid byte value: " +
                 std::to_string(start));
             return false;
         }
@@ -65,6 +65,11 @@ bool ValidateByteRange::getRange(const std::string &rangeRepresentation,
         return false;
     }
 
+    if ((start < 0) || (start > 255)) {
+        error->assign("Invalid range start value: " +
+            std::to_string(start));
+        return false;
+    }
     if ((end < 0) || (end > 255)) {
        error->assign("Invalid range end value: " + std::to_string(end));
        return false;