On Thu, May 30, 2002 at 07:26:02PM -0400, Cliff Woolley wrote: > On 30 May 2002 [EMAIL PROTECTED] wrote: > > > + > > + * 413 (invalid chunk size) followed by another request segfaults. > > + Message-ID: <[EMAIL PROTECTED]> > > + Status: Justin is completely confounded by this. It looks like a > > + bucket lifetime bug, but somehow an operation on one > > + brigade is altering another brigade and corrupting it. > > Ouch. I'll take a peek. Your lifetime guess is probably a good one. > I'd think that most likely what's happening is that a bucket (or a bucket > buffer) is getting freed but still being used afterward; the bucket > freelists would reassign that storage thereby making it easy for the first > to corrupt the second. Can you give me an exact sequence of requests to > duplicate this?
Take Jeff's sequence of: GET / HTTP/1.0 Transfer-Encoding: chunked AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA You'll get a 413 back (correctly). Then the connection is closed and reconnect and do: GET / HTTP/1.0 Segfault. As I hinted at in a message a few minutes ago, the b brigade in ap_http_header_filter is fine before calling basic_http_header. After that function returns, the b brigade is corrupted. You'll probably want to run with -X so that you are sure that there is only one process. Let me know if you can reproduce this. (Aaron says he can't.) -- justin
