In BazaRb#download on lib/baza-rb.rb:794, the guard that validates the total part of the Content-Range response header at lib/baza-rb.rb:855 reads unless total.match?(/^\*|[0-9]+$/). Because | has the lowest precedence in Ruby regex, the alternatives parse as (^\*) | ([0-9]+$) — "string starts with *" OR "string ends in one or more digits" — instead of "the whole string is either * or a non-negative integer". The intent is /\A(?:\*|[0-9]+)\z/.
The current guard lets values like *abc, abc123, 12 34, or 0xff through silently. The downstream total.to_i on the next two lines then coerces these to 0 or to a leading-digit prefix, after which break if e.to_i == total.to_i - 1 checks against -1 (never true for the non-negative e) and break if total == 0 fails the literal match. The loop in download then never reaches either break, the chunk counter keeps climbing, and the download spins on a malformed Content-Range header instead of raising the "Total size is not valid" error the guard exists to surface.
The smallest fix is to anchor the alternation with a non-capturing group and \A...\z so it matches the whole string: change /^\*|[0-9]+$/ to /\A(?:\*|[0-9]+)\z/ on line 855. The same \A...\z hardening applies to the e guard on line 857 (/\A[0-9]+\z/) so a stray newline cannot slip past $.
In
BazaRb#downloadonlib/baza-rb.rb:794, the guard that validates thetotalpart of theContent-Rangeresponse header atlib/baza-rb.rb:855readsunless total.match?(/^\*|[0-9]+$/). Because|has the lowest precedence in Ruby regex, the alternatives parse as(^\*) | ([0-9]+$)— "string starts with*" OR "string ends in one or more digits" — instead of "the whole string is either*or a non-negative integer". The intent is/\A(?:\*|[0-9]+)\z/.The current guard lets values like
*abc,abc123,12 34, or0xffthrough silently. The downstreamtotal.to_ion the next two lines then coerces these to0or to a leading-digit prefix, after whichbreak if e.to_i == total.to_i - 1checks against-1(never true for the non-negativee) andbreak if total == 0fails the literal match. The loop indownloadthen never reaches either break, the chunk counter keeps climbing, and the download spins on a malformedContent-Rangeheader instead of raising the "Total size is not valid" error the guard exists to surface.The smallest fix is to anchor the alternation with a non-capturing group and
\A...\zso it matches the whole string: change/^\*|[0-9]+$/to/\A(?:\*|[0-9]+)\z/on line 855. The same\A...\zhardening applies to theeguard on line 857 (/\A[0-9]+\z/) so a stray newline cannot slip past$.