[nginx] SPDY: fixed segfault with "client_body_in_file_only" ena...
Valentin Bartenev
vbart at nginx.com
Wed Jul 24 18:26:20 UTC 2013
details: http://hg.nginx.org/nginx/rev/7542b72fe4b1
branches:
changeset: 5281:7542b72fe4b1
user: Valentin Bartenev <vbart at nginx.com>
date: Wed Jul 24 22:24:25 2013 +0400
description:
SPDY: fixed segfault with "client_body_in_file_only" enabled.
It is possible to send FLAG_FIN in additional empty data frame, even if it is
known from the content-length header that request body is empty. And Firefox
actually behaves like this (see ticket #357).
To simplify code we sacrificed our microoptimization that did not work right
due to missing check in the ngx_http_spdy_state_data() function for rb->buf
set to NULL.
diffstat:
src/http/ngx_http_spdy.c | 11 ++---------
1 files changed, 2 insertions(+), 9 deletions(-)
diffs (30 lines):
diff -r e939f6e8548c -r 7542b72fe4b1 src/http/ngx_http_spdy.c
--- a/src/http/ngx_http_spdy.c Fri Jul 19 15:59:50 2013 +0400
+++ b/src/http/ngx_http_spdy.c Wed Jul 24 22:24:25 2013 +0400
@@ -2529,13 +2529,6 @@ ngx_http_spdy_init_request_body(ngx_http
return NGX_ERROR;
}
- if (rb->rest == 0) {
- buf->in_file = 1;
- buf->file = &tf->file;
- } else {
- rb->buf = buf;
- }
-
} else {
if (rb->rest == 0) {
@@ -2546,10 +2539,10 @@ ngx_http_spdy_init_request_body(ngx_http
if (buf == NULL) {
return NGX_ERROR;
}
-
- rb->buf = buf;
}
+ rb->buf = buf;
+
rb->bufs = ngx_alloc_chain_link(r->pool);
if (rb->bufs == NULL) {
return NGX_ERROR;
More information about the nginx-devel
mailing list