> Thanks for the patch, this is an interesting find. Can you say what > bucket type was hit here - e.g. print b->type->name in gdb from inside > apr_brigade_flatten()?
Sure thing. It's an EOS bucket. > It looks like metadata bucket types tend to give NULL on read() so I'm > guessing that's the case here. It would trip up other apr_brigade_* > functions in similar ways, e.g. split_line looks wrong too. You can make > a case that ignoring FLUSH is "safe" but it's probably undesirable, and > trying to flatten across an EOS is almost certainly wrong. > So I'm not sure, maybe a better/safer response is to catch metadata > buckets and treat them as end-of-brigade or an error rather than > zero-length data buckets. apr_brigade_split_boundary has an API > condition for that to explicitly return APR_INCOMPLETE. It might not be worth complicating the operation. I would think that when someone wants to flatten a bucket brigade, they want the empty buckets to be ignored, which is the current behavior with unoptimized clang and gcc. You would know better than me, though :) -Ben