On Wed, Feb 28, 2001 at 06:20:08PM -0500, Jeff Trawick wrote:
> Jeff Trawick <[EMAIL PROTECTED]> writes:
>...
> > Send an HTTP 1.1 request and the server hangs in the keepalive state.
> > The client has received the entire response but the server never
> > closes the socket. mod_status output (from non-HTTP 1.1 :) ) shows
> > the thread in keepalive. The client does shutdown() after sending
> > first and only request, so server shouldn't remain in keepalive
> > state.
>
> socket_read() returns an immortal bucket pointing to "" once we reach
> FIN from the other side of the socket.
>
> But ap_getline() does an apr_bucket_delete() on the immortal bucket
> which calls free() on e->data (BAD!!!!!!) which then can hang or
> SIGSEGV (I saw one of these accessing a bad mutex down in glibc).
>
> We've only gotten to this path when keepalive is on AFAICT.
Hmm...
Looks like the IMMORTAL and TRANSIENT buckets' destory function should be
switched over to apr_bucket_destroy_notimpl. They no longer have a separate
sub-allocation (needing to be freed) for bkt->data.
Cheers,
-g
--
Greg Stein, http://www.lyra.org/
