Ruediger Pluem wrote: >> far as I understand it, the reason is that mod_php uses ap_rwrite >> which creates transient buckets. When the connection is closed by the >> client, these buckets sometimes stay in the bucket brigade when >> ap_pass_brigade returns an error for the compressed data of an >> earlier bucket. If deflate_out_filter gets called again with the same >> brigade, the memory of the transient buckets is no longer valid, >> causing a segfault. > > IMHO the mod_deflate filter shouldn't be called with the same brigade > again or at least the brigade should have been set aside in this case. > So that should never happen.
I was not really able to figure out, how or why this happens. What I actually see is that the brigade in mod_deflate contains one heap bucket and one transient bucket where the latter points to invalid memory. Therefore I assumed the bucket was around from the last call to buffer_output. But php does strange things (which I don't understand) involving longjmp to handle errors, maybe that's got something to do with it. > I don't know. Maybe at setaside is now done somewhere were it didn't > happen before. I guess the best approach is to add the above patch to > your backport and dig further. > > Nevertheless a backtrace of the segfault would help in any case to > understand > better what is going on and why it might not happen on more recent > versions. A backtrace is available in the bug report, but it does not reveal much: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=537665#30
