With mod_logio enabled on a 404 response, the final
output brigade sent down the filter stack consists of
a single EOS bucket. In this circumstance mod_logio's
logio_out_filter() calls APR_BUCKET_INSERT_BEFORE on
the sole eos bucket, which corrupts the brigade and
sometimes causes httpd to segfault. The correct thing
to do in this situation is use APR_BRIGADE_INSERT_HEAD.
Patch below; I also wonder if there might be
a similar issue with the chunk_filter() in http_core.c,
but I haven't seen a segfault for that yet.
Index: modules/loggers/mod_logio.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/modules/loggers/mod_logio.c,v
retrieving revision 1.8
diff -u -r1.8 mod_logio.c
--- modules/loggers/mod_logio.c 3 Apr 2004 20:50:00 -0000 1.8
+++ modules/loggers/mod_logio.c 19 Sep 2004 23:31:33 -0000
@@ -127,8 +127,12 @@
/* End of data, make sure we flush */
if (APR_BUCKET_IS_EOS(b)) {
- APR_BUCKET_INSERT_BEFORE(b,
- apr_bucket_flush_create(f->c->bucket_alloc));
+ apr_bucket *flush = apr_bucket_flush_create(f->c->bucket_alloc);
+
+ if (b != APR_BRIGADE_FIRST(bb))
+ APR_BUCKET_INSERT_BEFORE(b, flush);
+ else
+ APR_BRIGADE_INSERT_HEAD(bb, flush);
}
return ap_pass_brigade(f->next, bb);
--
Joe Schaefer
