Make sure we check offset and length bounds

Author: khellang

src/Microsoft.AspNetCore.Http.Abstractions/HttpResponse.cs

@@ -141,9 +141,7 @@ public virtual Task SendFileAsync(IFileInfo file)
             {
                 using (var readStream = file.CreateReadStream())
                 {
-                    readStream.Seek(offset, SeekOrigin.Begin); // TODO: What if !CanSeek?
-
-                    await StreamCopyOperation.CopyToAsync(readStream, Body, count, cancellationToken);
+                    await SendFileAsync(Body, readStream, offset, count, cancellationToken);
                     return;
                 }
             }
@@ -159,23 +157,8 @@ public virtual Task SendFileAsync(IFileInfo file)
             await sendFile.SendFileAsync(file.PhysicalPath, offset, count, cancellationToken);
         }
 
-        // Not safe for overlapped writes.
-        private static async Task SendFileAsync(Stream outputStream, string fileName, long offset, long? length, CancellationToken cancellationToken)
+        private static async Task SendFileAsync(Stream outputStream, string fileName, long offset, long? count, CancellationToken cancellationToken)
         {
-            cancellationToken.ThrowIfCancellationRequested();
-
-            var fileInfo = new FileInfo(fileName);
-            if (offset < 0 || offset > fileInfo.Length)
-            {
-                throw new ArgumentOutOfRangeException(nameof(offset), offset, string.Empty);
-            }
-
-            if (length.HasValue &&
-                (length.Value < 0 || length.Value > fileInfo.Length - offset))
-            {
-                throw new ArgumentOutOfRangeException(nameof(length), length, string.Empty);
-            }
-
             int bufferSize = 1024 * 16;
 
             var fileStream = new FileStream(
@@ -188,10 +171,29 @@ private static async Task SendFileAsync(Stream outputStream, string fileName, lo
 
             using (fileStream)
             {
-                fileStream.Seek(offset, SeekOrigin.Begin);
+                await SendFileAsync(outputStream, fileStream, offset, count, cancellationToken);
+            }
+        }
+
+        // Not safe for overlapped writes.
+        private static async Task SendFileAsync(Stream outputStream, Stream readStream, long offset, long? length, CancellationToken cancellationToken)
+        {
+            cancellationToken.ThrowIfCancellationRequested();
+
+            if (offset < 0 || offset > readStream.Length)
+            {
+                throw new ArgumentOutOfRangeException(nameof(offset), offset, string.Empty);
+            }
 
-                await StreamCopyOperation.CopyToAsync(fileStream, outputStream, length, cancellationToken);
+            if (length.HasValue &&
+                (length.Value < 0 || length.Value > readStream.Length - offset))
+            {
+                throw new ArgumentOutOfRangeException(nameof(length), length, string.Empty);
             }
+
+            readStream.Seek(offset, SeekOrigin.Begin); // TODO: What if !CanSeek?
+
+            await StreamCopyOperation.CopyToAsync(readStream, outputStream, length, cancellationToken);
         }
     }
 }