Justin Erenkrantz <[EMAIL PROTECTED]> writes:
> On Fri, Jan 11, 2002 at 09:03:36AM -0500, Jeff Trawick wrote:
> > With current CVS code, prefork, APR_POOL_DEBUG, Linux, and
> > ElectricFence I readily hit a segfault on the APR_BRIGADE_NORMALIZE()
> > call in core input filter. It segfaulted because the brigade was
> > empty. With the following patch I can't seem to hit a segfault
> > anymore.
> >
> > Perhaps the brigade shouldn't be empty for some reason...
>
> If the brigade in core_input_filter is empty, it means that the
> socket (and its bucket) has disappeared on us. Most likely,
> someone isn't paying attention to APR_EOF return values.
>
> We should return an error or at the very least APR_EOF if we
> see an empty brigade there. But, it would be more useful to
> find out which input filter isn't paying attention. -- justin
I'm following what happens when we get EOF on socket...
socket_read() returns APR_SUCCESS and immortal bucket with ""
core-input doesn't error out since it got APR_SUCCESS
core-input walks over the "" and deletes the immortal bucket
core-input sees empty brigade and returns APR_EOF
it gets returned up through net_time_filter to check_pipeline_flush
check_pipeline_flush knows ap_get_brigade() failed but it lost the
retcode and has no way to return the error anyway
return to caller (ap_process_request)
do ap_run_log_transaction
back to ap_process_http_connection
ap_process_http_connection calls ap_read_request again and we segfault
since core-input's brigade was empty
--/--
if check_pipeline_flush cleared c->keepalive we wouldn't have tried to
read another request
any other ideas?
--
Jeff Trawick | [EMAIL PROTECTED] | PGP public key at web site:
http://www.geocities.com/SiliconValley/Park/9289/
Born in Roswell... married an alien...
