You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2018/01/30 17:20:21 UTC
svn commit: r1822666 - /httpd/httpd/trunk/server/request.c
Author: ylavic
Date: Tue Jan 30 17:20:21 2018
New Revision: 1822666
URL: http://svn.apache.org/viewvc?rev=1822666&view=rev
Log:
core: follow up to r1822596.
We can't dereference 'f' after EOR is destroyed either.
Modified:
httpd/httpd/trunk/server/request.c
Modified: httpd/httpd/trunk/server/request.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/request.c?rev=1822666&r1=1822665&r2=1822666&view=diff
==============================================================================
--- httpd/httpd/trunk/server/request.c (original)
+++ httpd/httpd/trunk/server/request.c Tue Jan 30 17:20:21 2018
@@ -2069,6 +2069,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
apr_bucket *flush_upto = NULL;
apr_status_t status = APR_SUCCESS;
apr_bucket_brigade *tmp_bb = f->ctx;
+ int seen_eor = 0;
/*
* Handle the AsyncFilter directive. We limit the filters that are
@@ -2101,6 +2102,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
*/
APR_BRIGADE_CONCAT(tmp_bb, bb);
ap_remove_output_filter(f);
+ seen_eor = 1;
f->r = NULL;
}
else {
@@ -2119,7 +2121,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
* needing to be set aside.
*/
if (!APR_BUCKET_IS_METADATA(bucket)
- && bucket->length == (apr_size_t) - 1) {
+ && bucket->length == (apr_size_t)-1) {
const char *data;
apr_size_t size;
if (APR_SUCCESS
@@ -2135,7 +2137,8 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
}
status = ap_pass_brigade(f->next, tmp_bb);
- if (!f->r || (status != APR_SUCCESS && !APR_STATUS_IS_EOF(status))) {
+ if (seen_eor || (status != APR_SUCCESS &&
+ !APR_STATUS_IS_EOF(status))) {
apr_brigade_cleanup(tmp_bb);
return status;
}