dotnet
diff --git a/‎src/Mvc/Mvc.Abstractions/ref/Microsoft.AspNetCore.Mvc.Abstractions.netcoreapp.cs
Lines changed: 5 additions & 0 deletions b/‎src/Mvc/Mvc.Abstractions/ref/Microsoft.AspNetCore.Mvc.Abstractions.netcoreapp.cs
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/Mvc/Mvc.Abstractions/src/ModelBinding/ModelStateDictionary.cs
Lines changed: 10 additions & 2 deletions b/‎src/Mvc/Mvc.Abstractions/src/ModelBinding/ModelStateDictionary.cs
Lines changed: 10 additions & 2 deletions
diff --git a/‎src/Mvc/Mvc.Abstractions/src/ModelBinding/ValueProviderException.cs
Lines changed: 33 additions & 0 deletions b/‎src/Mvc/Mvc.Abstractions/src/ModelBinding/ValueProviderException.cs
Lines changed: 33 additions & 0 deletions
diff --git a/‎src/Mvc/Mvc.Abstractions/test/ModelBinding/ModelStateDictionaryTest.cs
Lines changed: 42 additions & 5 deletions b/‎src/Mvc/Mvc.Abstractions/test/ModelBinding/ModelStateDictionaryTest.cs
Lines changed: 42 additions & 5 deletions
diff --git a/‎src/Mvc/Mvc.Core/src/ControllerBase.cs
Lines changed: 24 additions & 4 deletions b/‎src/Mvc/Mvc.Core/src/ControllerBase.cs
Lines changed: 24 additions & 4 deletions
diff --git a/‎src/Mvc/Mvc.Core/src/Controllers/ControllerBinderDelegateProvider.cs
Lines changed: 6 additions & 1 deletion b/‎src/Mvc/Mvc.Core/src/Controllers/ControllerBinderDelegateProvider.cs
Lines changed: 6 additions & 1 deletion
diff --git a/‎src/Mvc/Mvc.Core/src/Infrastructure/ProblemDetailsJsonConverter.cs
Lines changed: 1 addition & 1 deletion b/‎src/Mvc/Mvc.Core/src/Infrastructure/ProblemDetailsJsonConverter.cs
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Mvc/Mvc.Core/src/Infrastructure/ValidationProblemDetailsJsonConverter.cs
Lines changed: 1 addition & 1 deletion b/‎src/Mvc/Mvc.Core/src/Infrastructure/ValidationProblemDetailsJsonConverter.cs
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Mvc/Mvc.Core/src/ModelBinding/CompositeValueProvider.cs
Lines changed: 16 additions & 0 deletions b/‎src/Mvc/Mvc.Core/src/ModelBinding/CompositeValueProvider.cs
Lines changed: 16 additions & 0 deletions
diff --git a/‎src/Mvc/Mvc.Core/src/ModelBinding/FormFileValueProviderFactory.cs
Lines changed: 15 additions & 3 deletions b/‎src/Mvc/Mvc.Core/src/ModelBinding/FormFileValueProviderFactory.cs
Lines changed: 15 additions & 3 deletions
diff --git a/‎src/Mvc/Mvc.Core/src/ModelBinding/FormValueProviderFactory.cs
Lines changed: 15 additions & 1 deletion b/‎src/Mvc/Mvc.Core/src/ModelBinding/FormValueProviderFactory.cs
Lines changed: 15 additions & 1 deletion
diff --git a/‎src/Mvc/Mvc.Core/src/Resources.resx
Lines changed: 3 additions & 0 deletions b/‎src/Mvc/Mvc.Core/src/Resources.resx
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/Mvc/Mvc.Core/test/ControllerBaseTest.cs
Lines changed: 28 additions & 3 deletions b/‎src/Mvc/Mvc.Core/test/ControllerBaseTest.cs
Lines changed: 28 additions & 3 deletions
@@ -823,6 +823,11 @@ public partial class TooManyModelErrorsException : System.Exception
     {
         public TooManyModelErrorsException(string message) { }
     }
+    public sealed partial class ValueProviderException : System.Exception
+    {
+        public ValueProviderException(string message) { }
+        public ValueProviderException(string message, System.Exception innerException) { }
+    }
     public partial class ValueProviderFactoryContext
     {
         public ValueProviderFactoryContext(Microsoft.AspNetCore.Mvc.ActionContext context) { }
 
@@ -203,6 +203,13 @@ public bool TryAddModelException(string key, Exception exception)
                 throw new ArgumentNullException(nameof(exception));
             }
 
+            if ((exception is InputFormatterException || exception is ValueProviderException)
+               && !string.IsNullOrEmpty(exception.Message))
+            {
+                // InputFormatterException, ValueProviderException is a signal that the message is safe to expose to clients
+                return TryAddModelError(key, exception.Message);
+            }
+
             if (ErrorCount >= MaxAllowedErrors - 1)
             {
                 EnsureMaxErrorsReachedRecorded();
@@ -311,9 +318,10 @@ public bool TryAddModelError(string key, Exception exception, ModelMetadata meta
 
                 return TryAddModelError(key, errorMessage);
             }
-            else if (exception is InputFormatterException && !string.IsNullOrEmpty(exception.Message))
+            else if ((exception is InputFormatterException || exception is ValueProviderException)
+                && !string.IsNullOrEmpty(exception.Message))
             {
-                // InputFormatterException is a signal that the message is safe to expose to clients
+                // InputFormatterException, ValueProviderException is a signal that the message is safe to expose to clients
                 return TryAddModelError(key, exception.Message);
             }
 
 
@@ -0,0 +1,33 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.AspNetCore.Mvc.ModelBinding
+{
+    /// <summary>
+    /// Exception thrown by <see cref="IValueProviderFactory"/> when the input is unable to be read.
+    /// </summary>
+    public sealed class ValueProviderException : Exception
+    {
+        /// <summary>
+        /// Initializes a new instance of <see cref="ValueProviderException"/> with the specified <paramref name="message"/>.
+        /// </summary>
+        /// <param name="message">The exception message.</param>
+        public ValueProviderException(string message)
+            : base(message)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of <see cref="ValueProviderException"/> with the specified <paramref name="message"/> and
+        /// inner exception that is the cause of this exception.
+        /// </summary>
+        /// <param name="message">The exception message.</param>
+        /// <param name="innerException">The exception that is the cause of the current exception.</param>
+        public ValueProviderException(string message, Exception innerException)
+            : base(message, innerException)
+        {
+        }
+    }
+}
@@ -1207,8 +1207,9 @@ public void ModelStateDictionary_NoErrorMessage_ForUnrecognizedException()
         public void TryAddModelException_AddsErrorMessage_ForInputFormatterException()
         {
             // Arrange
+            var expectedMessage = "This is an InputFormatterException";
             var dictionary = new ModelStateDictionary();
-            var exception = new InputFormatterException("This is an InputFormatterException.");
+            var exception = new InputFormatterException(expectedMessage);
 
             // Act
             dictionary.TryAddModelException("key", exception);
@@ -1217,7 +1218,25 @@ public void TryAddModelException_AddsErrorMessage_ForInputFormatterException()
             var entry = Assert.Single(dictionary);
             Assert.Equal("key", entry.Key);
             var error = Assert.Single(entry.Value.Errors);
-            Assert.Same(exception, error.Exception);
+            Assert.Equal(expectedMessage, error.ErrorMessage);
+        }
+
+        [Fact]
+        public void TryAddModelException_AddsErrorMessage_ForValueProviderException()
+        {
+            // Arrange
+            var expectedMessage = "This is an ValueProviderException";
+            var dictionary = new ModelStateDictionary();
+            var exception = new ValueProviderException(expectedMessage);
+
+            // Act
+            dictionary.TryAddModelException("key", exception);
+
+            // Assert
+            var entry = Assert.Single(dictionary);
+            Assert.Equal("key", entry.Key);
+            var error = Assert.Single(entry.Value.Errors);
+            Assert.Equal(expectedMessage, error.ErrorMessage);
         }
 
         [Fact]
@@ -1227,9 +1246,7 @@ public void ModelStateDictionary_AddsErrorMessage_ForInputFormatterException()
             var expectedMessage = "This is an InputFormatterException";
             var dictionary = new ModelStateDictionary();
 
-            var bindingMetadataProvider = new DefaultBindingMetadataProvider();
-            var compositeProvider = new DefaultCompositeMetadataDetailsProvider(new[] { bindingMetadataProvider });
-            var provider = new DefaultModelMetadataProvider(compositeProvider, new OptionsAccessor());
+            var provider = new EmptyModelMetadataProvider();
             var metadata = provider.GetMetadataForType(typeof(int));
 
             // Act
@@ -1242,6 +1259,26 @@ public void ModelStateDictionary_AddsErrorMessage_ForInputFormatterException()
             Assert.Equal(expectedMessage, error.ErrorMessage);
         }
 
+        [Fact]
+        public void ModelStateDictionary_AddsErrorMessage_ForValueProviderException()
+        {
+            // Arrange
+            var expectedMessage = "This is an ValueProviderException";
+            var dictionary = new ModelStateDictionary();
+
+            var provider = new EmptyModelMetadataProvider();
+            var metadata = provider.GetMetadataForType(typeof(int));
+
+            // Act
+            dictionary.TryAddModelError("key", new ValueProviderException(expectedMessage), metadata);
+
+            // Assert
+            var entry = Assert.Single(dictionary);
+            Assert.Equal("key", entry.Key);
+            var error = Assert.Single(entry.Value.Errors);
+            Assert.Equal(expectedMessage, error.ErrorMessage);
+        }
+
         [Fact]
         public void ModelStateDictionary_ClearEntriesThatMatchWithKey_NonEmptyKey()
         {
 
@@ -2452,7 +2452,12 @@ public virtual async Task<bool> TryUpdateModelAsync<TModel>(
                 throw new ArgumentNullException(nameof(prefix));
             }
 
-            var valueProvider = await CompositeValueProvider.CreateAsync(ControllerContext);
+            var (success, valueProvider) = await CompositeValueProvider.TryCreateAsync(ControllerContext, ControllerContext.ValueProviderFactories);
+            if (!success)
+            {
+                return false;
+            }
+
             return await TryUpdateModelAsync(model, prefix, valueProvider);
         }
 
@@ -2526,7 +2531,12 @@ public async Task<bool> TryUpdateModelAsync<TModel>(
                 throw new ArgumentNullException(nameof(includeExpressions));
             }
 
-            var valueProvider = await CompositeValueProvider.CreateAsync(ControllerContext);
+            var (success, valueProvider) = await CompositeValueProvider.TryCreateAsync(ControllerContext, ControllerContext.ValueProviderFactories);
+            if (!success)
+            {
+                return false;
+            }
+
             return await ModelBindingHelper.TryUpdateModelAsync(
                 model,
                 prefix,
@@ -2565,7 +2575,12 @@ public async Task<bool> TryUpdateModelAsync<TModel>(
                 throw new ArgumentNullException(nameof(propertyFilter));
             }
 
-            var valueProvider = await CompositeValueProvider.CreateAsync(ControllerContext);
+            var (success, valueProvider) = await CompositeValueProvider.TryCreateAsync(ControllerContext, ControllerContext.ValueProviderFactories);
+            if (!success)
+            {
+                return false;
+            }
+
             return await ModelBindingHelper.TryUpdateModelAsync(
                 model,
                 prefix,
@@ -2693,7 +2708,12 @@ public virtual async Task<bool> TryUpdateModelAsync(
                 throw new ArgumentNullException(nameof(modelType));
             }
 
-            var valueProvider = await CompositeValueProvider.CreateAsync(ControllerContext);
+            var (success, valueProvider) = await CompositeValueProvider.TryCreateAsync(ControllerContext, ControllerContext.ValueProviderFactories);
+            if (!success)
+            {
+                return false;
+            }
+
             return await ModelBindingHelper.TryUpdateModelAsync(
                 model,
                 modelType,
 
@@ -59,7 +59,12 @@ public static ControllerBinderDelegate CreateBinderDelegate(
 
             async Task Bind(ControllerContext controllerContext, object controller, Dictionary<string, object> arguments)
             {
-                var valueProvider = await CompositeValueProvider.CreateAsync(controllerContext);
+                var (success, valueProvider) = await CompositeValueProvider.TryCreateAsync(controllerContext, controllerContext.ValueProviderFactories);
+                if (!success)
+                {
+                    return;
+                }
+
                 var parameters = actionDescriptor.Parameters;
 
                 for (var i = 0; i < parameters.Count; i++)
 
@@ -20,7 +20,7 @@ public override ProblemDetails Read(ref Utf8JsonReader reader, Type typeToConver
         {
             var problemDetails = new ProblemDetails();
 
-            if (!reader.Read())
+            if (reader.TokenType != JsonTokenType.StartObject)
             {
                 throw new JsonException(Resources.UnexpectedJsonEnd);
             }
 
@@ -18,7 +18,7 @@ public override ValidationProblemDetails Read(ref Utf8JsonReader reader, Type ty
         {
             var problemDetails = new ValidationProblemDetails();
 
-            if (!reader.Read())
+            if (reader.TokenType != JsonTokenType.StartObject)
             {
                 throw new JsonException(Resources.UnexpectedJsonEnd);
             }
 
@@ -80,6 +80,22 @@ public static async Task<CompositeValueProvider> CreateAsync(
             return new CompositeValueProvider(valueProviderFactoryContext.ValueProviders);
         }
 
+        internal static async ValueTask<(bool success, CompositeValueProvider valueProvider)> TryCreateAsync(
+            ActionContext actionContext,
+            IList<IValueProviderFactory> factories)
+        {
+            try
+            {
+                var valueProvider = await CreateAsync(actionContext, factories);
+                return (true, valueProvider);
+            }
+            catch (ValueProviderException exception)
+            {
+                actionContext.ModelState.TryAddModelException(key: string.Empty, exception);
+                return (false, null);
+            }
+        }
+
         /// <inheritdoc />
         public virtual bool ContainsPrefix(string prefix)
         {
 
@@ -2,8 +2,10 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.IO;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc.Core;
 
 namespace Microsoft.AspNetCore.Mvc.ModelBinding
 {
@@ -32,10 +34,20 @@ public Task CreateValueProviderAsync(ValueProviderFactoryContext context)
 
         private static async Task AddValueProviderAsync(ValueProviderFactoryContext context, HttpRequest request)
         {
-            var formCollection = await request.ReadFormAsync();
-            if (formCollection.Files.Count > 0)
+            IFormCollection form;
+
+            try
+            {
+                form = await request.ReadFormAsync();
+            }
+            catch (InvalidDataException ex)
+            {
+                throw new ValueProviderException(Resources.FormatFailedToReadRequestForm(ex.Message), ex);
+            }
+
+            if (form.Files.Count > 0)
             {
-                var valueProvider = new FormFileValueProvider(formCollection.Files);
+                var valueProvider = new FormFileValueProvider(form.Files);
                 context.ValueProviders.Add(valueProvider);
             }
         }
 
@@ -3,7 +3,10 @@
 
 using System;
 using System.Globalization;
+using System.IO;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc.Core;
 
 namespace Microsoft.AspNetCore.Mvc.ModelBinding
 {
@@ -33,9 +36,20 @@ public Task CreateValueProviderAsync(ValueProviderFactoryContext context)
         private static async Task AddValueProviderAsync(ValueProviderFactoryContext context)
         {
             var request = context.ActionContext.HttpContext.Request;
+            IFormCollection form;
+
+            try
+            {
+                form = await request.ReadFormAsync();
+            }
+            catch (InvalidDataException ex)
+            {
+                throw new ValueProviderException(Resources.FormatFailedToReadRequestForm(ex.Message), ex);
+            }
+
             var valueProvider = new FormValueProvider(
                 BindingSource.Form,
-                await request.ReadFormAsync(),
+                form,
                 CultureInfo.CurrentCulture);
 
             context.ValueProviders.Add(valueProvider);
 
@@ -513,4 +513,7 @@
   <data name="ApiConventions_Title_500" xml:space="preserve">
     <value>An error occured while processing your request.</value>
   </data>
+  <data name="FailedToReadRequestForm" xml:space="preserve">
+    <value>Failed to read the request form. {0}</value>
+  </data>
 </root>
@@ -2607,6 +2607,31 @@ public async Task TryUpdateModel_UsesModelValueProviderIfSpecified()
             Assert.NotEqual(0, binder.BindModelCount);
         }
 
+        [Fact]
+        public async Task TryUpdateModel_ReturnsFalse_IfValueProviderFactoryThrows()
+        {
+            // Arrange
+            var modelName = "mymodel";
+
+            var valueProviderFactory = new Mock<IValueProviderFactory>();
+            valueProviderFactory.Setup(f => f.CreateValueProviderAsync(It.IsAny<ValueProviderFactoryContext>()))
+                .Throws(new ValueProviderException("some error"));
+
+            var controller = GetController(new StubModelBinder());
+            controller.ControllerContext.ValueProviderFactories.Add(valueProviderFactory.Object);
+            var model = new MyModel();
+
+            // Act
+            var result = await controller.TryUpdateModelAsync(model, modelName);
+
+            // Assert
+            Assert.False(result);
+            var modelState = Assert.Single(controller.ModelState);
+            Assert.Empty(modelState.Key);
+            var error = Assert.Single(modelState.Value.Errors);
+            Assert.Equal("some error", error.ErrorMessage);
+        }
+
         [Fact]
         public async Task TryUpdateModel_PropertyFilterOverload_UsesPassedArguments()
         {
@@ -3037,7 +3062,7 @@ public void RedirectToPage_WithPageName_Handler_AndRouteValues()
                 });
         }
 
-        private static ControllerBase GetController(IModelBinder binder, IValueProvider valueProvider)
+        private static ControllerBase GetController(IModelBinder binder, IValueProvider valueProvider = null)
         {
             var metadataProvider = new EmptyModelMetadataProvider();
             var services = new ServiceCollection();
@@ -3056,11 +3081,11 @@ private static ControllerBase GetController(IModelBinder binder, IValueProvider
                     stringLocalizerFactory: null),
             };
 
-            valueProvider = valueProvider ?? new SimpleValueProvider();
+            valueProvider ??= new SimpleValueProvider();
             var controllerContext = new ControllerContext()
             {
                 HttpContext = httpContext,
-                ValueProviderFactories = new[] { new SimpleValueProviderFactory(valueProvider), },
+                ValueProviderFactories = new List<IValueProviderFactory> { new SimpleValueProviderFactory(valueProvider), },
             };
 
             var binderFactory = new Mock<IModelBinderFactory>();
Original file line number	Diff line number	Diff line change
`@@ -823,6 +823,11 @@ public partial class TooManyModelErrorsException : System.Exception`
`823`	`823`	`{`
`824`	`824`	`public TooManyModelErrorsException(string message) { }`
`825`	`825`	`}`
	`826`	`+ public sealed partial class ValueProviderException : System.Exception`
	`827`	`+ {`
	`828`	`+ public ValueProviderException(string message) { }`
	`829`	`+ public ValueProviderException(string message, System.Exception innerException) { }`
	`830`	`+ }`
`826`	`831`	`public partial class ValueProviderFactoryContext`
`827`	`832`	`{`
`828`	`833`	`public ValueProviderFactoryContext(Microsoft.AspNetCore.Mvc.ActionContext context) { }`
Original file line number	Diff line number	Diff line change
`@@ -203,6 +203,13 @@ public bool TryAddModelException(string key, Exception exception)`
`203`	`203`	`throw new ArgumentNullException(nameof(exception));`
`204`	`204`	`}`
`205`	`205`
	`206`	`+ if ((exception is InputFormatterException \|\| exception is ValueProviderException)`
	`207`	`+ && !string.IsNullOrEmpty(exception.Message))`
	`208`	`+ {`
	`209`	`+ // InputFormatterException, ValueProviderException is a signal that the message is safe to expose to clients`
	`210`	`+ return TryAddModelError(key, exception.Message);`
	`211`	`+ }`
	`212`	`+`
`206`	`213`	`if (ErrorCount >= MaxAllowedErrors - 1)`
`207`	`214`	`{`
`208`	`215`	`EnsureMaxErrorsReachedRecorded();`
`@@ -311,9 +318,10 @@ public bool TryAddModelError(string key, Exception exception, ModelMetadata meta`
`311`	`318`
`312`	`319`	`return TryAddModelError(key, errorMessage);`
`313`	`320`	`}`
`314`		`- else if (exception is InputFormatterException && !string.IsNullOrEmpty(exception.Message))`
	`321`	`+ else if ((exception is InputFormatterException \|\| exception is ValueProviderException)`
	`322`	`+ && !string.IsNullOrEmpty(exception.Message))`
`315`	`323`	`{`
`316`		`- // InputFormatterException is a signal that the message is safe to expose to clients`
	`324`	`+ // InputFormatterException, ValueProviderException is a signal that the message is safe to expose to clients`
`317`	`325`	`return TryAddModelError(key, exception.Message);`
`318`	`326`	`}`
`319`	`327`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ public override ProblemDetails Read(ref Utf8JsonReader reader, Type typeToConver`
`20`	`20`	`{`
`21`	`21`	`var problemDetails = new ProblemDetails();`
`22`	`22`
`23`		`- if (!reader.Read())`
	`23`	`+ if (reader.TokenType != JsonTokenType.StartObject)`
`24`	`24`	`{`
`25`	`25`	`throw new JsonException(Resources.UnexpectedJsonEnd);`
`26`	`26`	`}`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ public override ValidationProblemDetails Read(ref Utf8JsonReader reader, Type ty`
`18`	`18`	`{`
`19`	`19`	`var problemDetails = new ValidationProblemDetails();`
`20`	`20`
`21`		`- if (!reader.Read())`
	`21`	`+ if (reader.TokenType != JsonTokenType.StartObject)`
`22`	`22`	`{`
`23`	`23`	`throw new JsonException(Resources.UnexpectedJsonEnd);`
`24`	`24`	`}`