net/http: test that ParseMultipartForm returns an error for int overflow

ParseMultipartForm has been changed to return an error if maxMemory
parameter + 10MB causes int overflows. This adds a test for the new
behaviour.

For #40430

Change-Id: I4f66ce8a9382940182011d22a84ee52b1d1364cf
Reviewed-on: https://go-review.googlesource.com/c/go/+/254977
Reviewed-by: Damien Neil <dneil@google.com>
Trust: Damien Neil <dneil@google.com>
Trust: Brad Fitzpatrick <bradfitz@golang.org>

diff --git a/src/net/http/request_test.go b/src/net/http/request_test.go
index 461d66e05d70798a22d2aad0f549df59e6f48980..4f4f435814cc6e2956237252b3e99f85731ed9c8 100644 (file)
--- a/src/net/http/request_test.go
+++ b/src/net/http/request_test.go
@@ -13,6 +13,7 @@ import (
        "fmt"
        "io"
        "io/ioutil"
+       "math"
        "mime/multipart"
        . "net/http"
        "net/http/httptest"
@@ -245,6 +246,41 @@ func TestParseMultipartForm(t *testing.T) {
        }
 }
 
+// Issue #40430: ParseMultipartForm should return error for int overflow
+func TestMaxInt64ForMultipartFormMaxMemory(t *testing.T) {
+       cst := httptest.NewServer(HandlerFunc(func(rw ResponseWriter, req *Request) {
+               if err := req.ParseMultipartForm(math.MaxInt64); err != nil {
+                       Error(rw, err.Error(), StatusBadRequest)
+                       return
+               }
+       }))
+       defer cst.Close()
+       fBuf := new(bytes.Buffer)
+       mw := multipart.NewWriter(fBuf)
+       mf, err := mw.CreateFormFile("file", "myfile.txt")
+       if err != nil {
+               t.Fatal(err)
+       }
+       if _, err := mf.Write(bytes.Repeat([]byte("abc"), 1<<10)); err != nil {
+               t.Fatal(err)
+       }
+       if err := mw.Close(); err != nil {
+               t.Fatal(err)
+       }
+       req, err := NewRequest("POST", cst.URL, fBuf)
+       if err != nil {
+               t.Fatal(err)
+       }
+       req.Header.Set("Content-Type", mw.FormDataContentType())
+       res, err := cst.Client().Do(req)
+       if err != nil {
+               t.Fatal(err)
+       }
+       if g, w := res.StatusCode, StatusBadRequest; g != w {
+               t.Fatalf("Status code mismatch: got %d, want %d", g, w)
+       }
+}
+
 func TestRedirect_h1(t *testing.T) { testRedirect(t, h1Mode) }
 func TestRedirect_h2(t *testing.T) { testRedirect(t, h2Mode) }
 func testRedirect(t *testing.T, h2 bool) {