Skip to content

fix: reject truncated downloads#206

Merged
NianJiuZst merged 1 commit into
MiniMax-AI:mainfrom
shaoohh:agent/reject-truncated-downloads
Jul 18, 2026
Merged

fix: reject truncated downloads#206
NianJiuZst merged 1 commit into
MiniMax-AI:mainfrom
shaoohh:agent/reject-truncated-downloads

Conversation

@shaoohh

@shaoohh shaoohh commented Jul 18, 2026

Copy link
Copy Markdown
Contributor

Summary

  • compare received bytes with Content-Length before atomically replacing the destination
  • reject cleanly ended but incomplete responses as truncated downloads
  • preserve an existing destination and remove the partial temporary file on mismatch
  • skip the byte comparison for transparently decoded Content-Encoding responses

Root cause

The downloader handled explicit stream errors, but a response that ended cleanly before delivering its declared byte count was accepted. The partial temporary file was then renamed to the final destination, silently producing a corrupt artifact.

Impact

Image, video, and other shared downloader users no longer receive silently truncated files when a server or intermediary closes a response early.

Validation

  • bun test test/files/download.test.ts
  • bun run typecheck
  • bun run lint (no errors; two pre-existing warnings)
  • bun test
  • bun run build:dev

Refs #79 (item 6: network truncation goes undetected)


View with Codesmith Autofix with Codesmith
Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.

@shaoohh
shaoohh marked this pull request as ready for review July 18, 2026 17:58

@NianJiuZst NianJiuZst left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a reasonable defense-in-depth check: the implementation preserves the existing destination, removes partial files, and avoids comparing decoded response bytes against compressed Content-Length values. I could not reproduce silent truncation with Node, Undici, or Bun because their fetch implementations already reject premature EOF, so I would frame this as hardening rather than a confirmed production bug; otherwise the focused and full test suites pass, and this looks good to merge once Actions are approved and green.

@NianJiuZst
NianJiuZst merged commit 3615170 into MiniMax-AI:main Jul 18, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants