Include parser.finalize() in MultiPartParser error handling#3153
Open
bysiber wants to merge 1 commit intoKludex:mainfrom
Open
Include parser.finalize() in MultiPartParser error handling#3153bysiber wants to merge 1 commit intoKludex:mainfrom
parser.finalize() in MultiPartParser error handling#3153bysiber wants to merge 1 commit intoKludex:mainfrom
Conversation
parser.finalize() can trigger callbacks that raise MultiPartException (e.g. when multipart data is truncated or malformed). Since it was called outside the try/except block, any exception raised during finalize would skip the file cleanup, leaking SpooledTemporaryFile handles until the garbage collector eventually collects them. Moving finalize() inside the try block ensures that temporary files are properly closed on any MultiPartException, whether it occurs during chunk processing or during finalization.
Owner
|
That said, there's a TODO in python-multipart indicating Please don't open AI-generated PRs without verifying the claims. It wastes maintainer time reviewing incorrect descriptions. |
Kludex
approved these changes
Feb 22, 2026
Kludex
changed the title
parser.finalize() in MultiPartParser error handling
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
MultiPartParser.parse()callsparser.finalize()outside thetry/except MultiPartExceptionblock. Iffinalize()triggers a callback that raisesMultiPartException(for example, when the multipart stream is truncated or contains malformed data), theSpooledTemporaryFilehandles stored inself._files_to_close_on_errorwon't be closed. They will only be reclaimed when the garbage collector runs, which can be a problem in long-running servers processing many file uploads.Changes
Moved the
parser.finalize()call inside the existingtryblock so that anyMultiPartExceptionraised during finalization also triggers the file cleanup path.The
finalize()call can invoke parser callbacks likeon_part_endandon_end, both of which may raiseMultiPartException(e.g. if required headers are missing or limits are exceeded). The file cleanup in theexceptblock should cover these cases as well.