One so far in /usr/local/apache/corefiles/httpd.core.1, but I'm not
sure how this even happened:
#0 0x28158990 in kill () from /usr/lib/libc.so.4
#1 0x28194b02 in abort () from /usr/lib/libc.so.4
#2 0x8066a46 in ap_log_assert (
szExp=0x8083d80 "total_bytes_left > 0 && tmplen > 0",
szFile=0x80833ea "core.c", nLine=2437) at log.c:590
#3 0x8071fab in sendfile_it_all (c=0x81253a8, fd=0x8132408, hdtr=0xbfbff4c8,
file_offset=811008, file_bytes_left=998899, total_bytes_left=187891,
flags=1) at core.c:2437
Relevant code snippet:
rv = apr_sendfile(c->client_socket, fd, hdtr, &file_offset, &tmplen,
flags);
total_bytes_left -= tmplen;
if (!total_bytes_left || rv != APR_SUCCESS) {
return rv; /* normal case & error exit */
}
AP_DEBUG_ASSERT(total_bytes_left > 0 && tmplen > 0);
(gdb) print rv
$9 = 20132
(gdb) print total_bytes_left
$10 = 187891
(gdb) print tmplen
$11 = 0
How did we bypass that rv != APR_SUCCESS check? We should have bailed
out since rv == 20132.
And, I think that this tmplen > 0 should be tmplen >= 0 regardless.
Isn't it possible to send 0 bytes? -- justin
