upload file crashes when using apr_pool_cleanup_register

[Franky Braem]

The following code crashes when I remove the comment before the 
apr_pool_cleanup_register (and put apr_file_close into comment 
ofcourse). When I use apr_file_close it works.

----------------- start code
apreq_param_t *param = apreq_body_get(p, elementName.c_str());
if (    param != NULL
         && param->upload != NULL )
{
        apr_bucket_brigade *bb;
        apr_bucket *e;
        apr_file_t *file = NULL;
        apr_int32_t flags = APR_WRITE | APR_CREATE;
        if ( overrideFile )
                flags |= APR_TRUNCATE;

        apr_status_t fileStat;
	if ( (fileStat = apr_file_open(&file, fileName.c_str(), flags, 
APR_OS_DEFAULT, p->pool)) != APR_SUCCESS )
        {
                char fileError[1024];
                apr_strerror(fileStat, fileError, sizeof(fileError));
                JS_ReportError(cx, fileError);
                *rval = JSVAL_FALSE;
                return JS_TRUE;
        }
	//apr_pool_cleanup_register(p->pool, file, (apr_status_t (__cdecl 
*)(void *)) apr_file_close, apr_pool_cleanup_null);
        long totalLength = 0;

        bb = apr_brigade_create(p->pool, r->connection->bucket_alloc);
        apreq_brigade_copy(bb, param->upload);
        while( (e = APR_BRIGADE_FIRST(bb)) != APR_BRIGADE_SENTINEL(bb) )
        {
                apr_size_t dlen;
                const char *data;
                apr_status_t s;

                s = apr_bucket_read(e, &data, &dlen, APR_BLOCK_READ);
                if ( s != APR_SUCCESS )
                {
                        JS_ReportError(cx, "Error occurred while reading uploaded 
file content");
                        return JS_FALSE;
                }

                totalLength += dlen;
                if (    maxLength != -1
                         && maxLength < totalLength )
                {
                        apr_bucket_delete(e);

                        *rval = JSVAL_FALSE;
                        return JS_TRUE;
                }
                apr_file_write(file, data, &dlen);

                apr_bucket_delete(e);
        }
        apr_file_flush(file);
        apr_file_close(file);
}

----------------- end code

The crash is:

Unhandled exception at 0x0096b338 in Apache.exe: 0xC0000005: Access 
violation writing location 0x26470016.

The stack trace:

        0096b338()      
>	libhttpd.dll!ap_process_http_connection(conn_rec * c=0x0096b338) 
Line 262	C
 	libhttpd.dll!ap_run_process_connection(conn_rec * c=0x0096b338)  Line 
43 + 0x25 bytes	C
 	libhttpd.dll!ap_process_connection(conn_rec * c=0x0096b338, void * 
csd=0x0096b268)  Line 176 + 0x6 bytes	C
        libhttpd.dll!worker_main(void * thread_num_val=0x0096b330)  Line 733    
C
        msvcr80.dll!_endthreadex()  + 0x3b bytes        
 	[Frames below may be incorrect and/or missing, no symbols loaded 
for msvcr80.dll]	
        msvcr80.dll!_endthreadex()  + 0xc7 bytes