On Tuesday 23 August 2011, William A. Rowe Jr. wrote: > On 8/23/2011 6:08 AM, Stefan Fritsch wrote: > > http://seclists.org/fulldisclosure/2011/Aug/175 > > > > I haven't looked into it so far. And I am not sure I will have > > time today. > > Until range can be completely addressed, avoiding excessive numbers > of ranges (tricky) or overlapping ranges (pretty > straightforward)... what about simply disabling deflate on range > requests?
There is this PR: https://issues.apache.org/bugzilla/show_bug.cgi?id=49772 "mod_deflate kicks itself out on Content-Range responses but not on multipart/byteranges" This may be one of the issues. But as Rüdiger pointed out, there is also an issue without mod_deflate. From looking at the code, I think the problem is the bucket structs. With N the number of requested ranges, the initial brigade is partitioned into 2*N buckets at the maximum. Then those buckets are copied into the output brigade N times, which means that O(N^2) buckets are created. The data is not copied, and only N "A-B" strings are allocated from the pool. But the sum of those is limited by LimitRequestFieldSize, so it shouldn't be a problem. Maybe the byte-range filter should call ap_pass_brigade every 10 ranges or so? Then the buckets should be freed earlier (at least if all filters down the chain behave correctly).
