4825356e637c9de04de21505c471e2fe1361c6bc
angie
  Fri Jan 11 11:01:19 2019 -0800
Daniel pointed out that we were accepting short files with 0 valid settings but a not-too-high number of errors -- reject those files.  refs #22638

diff --git src/hg/lib/cart.c src/hg/lib/cart.c
index c1910f3..3e430cb 100644
--- src/hg/lib/cart.c
+++ src/hg/lib/cart.c
@@ -760,41 +760,50 @@
                 freez(&stats->dataExample);
             stats->lastType = vsNone;
             break;
         case vsBinary:
         case vsVarLong:
         case vsValLong:
             errAbort("vsUndo: not supported for lastType vsBinary, vsVarLong or vsValLong (%d)",
                      stats->lastType);
             break;
         default:
             errAbort("vsUndo: invalid lastType %d", stats->lastType);
         }
     }
 }
 
+static uint vsErrorCount(struct validityStats *stats)
+/* Return the sum of all error counts. */
+{
+return (stats->binaryCount +
+        stats->weirdCharsCount +
+        stats->dataCount +
+        stats->varTooLongCount +
+        stats->valTooLongCount);
+}
+
 #define CART_LOAD_TOO_MANY_ERRORS 100
 #define CART_LOAD_ENOUGH_VALID 20
 #define CART_LOAD_WAY_TOO_MANY_ERRORS 1000
 
 static boolean vsTooManyErrors(struct validityStats *stats)
 /* Return TRUE if the input seems to be completely invalid. */
 {
 if (stats)
     {
-    uint errorSum = (stats->binaryCount + stats->weirdCharsCount + stats->dataCount +
-                     stats->varTooLongCount);
+    uint errorSum = vsErrorCount(stats);
     uint total = errorSum + stats->validCount;
     return ((total > (CART_LOAD_TOO_MANY_ERRORS + CART_LOAD_ENOUGH_VALID) &&
              errorSum > CART_LOAD_TOO_MANY_ERRORS &&
              stats->validCount < CART_LOAD_ENOUGH_VALID) ||
             errorSum > CART_LOAD_WAY_TOO_MANY_ERRORS);
     }
 return FALSE;
 }
 
 #define CART_VAR_MAX_LENGTH 1024
 #define CART_VAL_MAX_LENGTH (64 * 1024)
 
 static void vsReport(struct validityStats *stats, struct dyString *dyMessage)
 /* Append summary/explanation to dyMessage.   */
 {
@@ -1164,30 +1173,32 @@
         // Ignore blank line / comment
         continue;
     else if (sameString(var, sessionVar))
         // Ignore old sessionVar (already set above)
 	continue;
     else if (! cartAddSettingIfValid(cart, var, val, &stats, &prevVar, TRUE))
         {
         if (vsTooManyErrors(&stats))
             {
             isValidEnough = FALSE;
             break;
             }
         }
     }
 freeMem(prevVar);
+if (stats.validCount == 0 && vsErrorCount(&stats) > 0)
+    isValidEnough = FALSE;
 if (isValidEnough)
     {
     if (oldVars)
         hashEmpty(oldVars);
     /* Overload settings explicitly passed in via CGI (except for the
      * command that sent us here): */
     loadCgiOverHash(cart, oldVars);
     }
 if (isNotEmpty(actionVar))
     cartRemove(cart, actionVar);
 vsReport(&stats, dyMessage);
 vsFreeMembers(&stats);
 return isValidEnough;
 }