aiohttp `FileResponse` has undefined behavior if the file is changed out from under it between the `stat` and `open` calls

`FileResponse` has undefined behavior if the file is changed out from under it between the `stat` and `open` calls

Open bdraco opened this issue 5 months ago • 0 comments

This was discovered while fixing another issue in https://github.com/aio-libs/aiohttp/pull/8012#issuecomment-1883851654

This is a rare case so its not likely we need to prioritize fixing it but I'm sure this race has bitten someone with random unexplained failures who uses aiohttp to serve index or signature files that get changed out frequently.

Describe the bug

We can fix this by opening the file first, doing fstat to get the stat

To Reproduce

replace the file on the FS between the stat and open call

Expected behavior

The handler should still send the original file

Logs/tracebacks

n/a

Python Version

$ python --version

aiohttp Version

$ python -m pip show aiohttp

multidict Version

$ python -m pip show multidict

yarl Version

$ python -m pip show yarl

OS

n/a

Related component

Server

Additional context

n/a

Code of Conduct

[X] I agree to follow the aio-libs Code of Conduct

Jan 09 '24 21:01 bdraco

aiohttp aiohttp copied to clipboard

`FileResponse` has undefined behavior if the file is changed out from under it between the `stat` and `open` calls

Describe the bug

To Reproduce

Expected behavior

Logs/tracebacks

Python Version

aiohttp Version

multidict Version

yarl Version

OS

Related component

Additional context

Code of Conduct

aiohttp
aiohttp copied to clipboard