You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@apr.apache.org by Simone <ba...@slacky.it> on 2007/12/03 10:08:10 UTC
apr_brigade_split_line() may leave zero length bucket in input brigade
I found that apr_brigade_split_line() may leave a zero length Heap
bucket in bbIn brigade, when such brigade contains exactly a line. I've
read the source (1.2.10) and I think it happens in apr_bucket_split(),
given the fact that the point where to split equals original bucket's
length.
I found it by mistake, because some lines after split_line() I was
assuming end of input == reading zero bytes from a bucket, which
I found to be a wrong assumption. Should this be documented? I think
it should because it can save time to someone that (like me) starts
using buckets.
Btw, I read on this ML that there is the chance that buckets and
brigades will be removed from APU 2.0: I'd like them stay in, because I
need them.
Regards,
-Simone
Re: apr_brigade_split_line() may leave zero length bucket in input
brigade
Posted by Simone <ba...@slacky.it>.
Joe Orton wrote:
> On Mon, Dec 03, 2007 at 10:08:10AM +0100, Simone wrote:
>> I found that apr_brigade_split_line() may leave a zero length Heap
>> bucket in bbIn brigade, when such brigade contains exactly a line. I've
>> read the source (1.2.10) and I think it happens in apr_bucket_split(),
>> given the fact that the point where to split equals original bucket's
>> length.
>
> As you say, this isn't a bug; but avoiding the split in that case is
> cheap so might as well be done.
I like this idea: I think it's better to avoid the split rather than to
document such special case. Just a question: isn't it better to patch
apr_bucket_simple_split()? I guess that the same problem could be
triggered by other functions calling simple_split(), isn't it?
--- apr_buckets_simple.c.orig 2007-12-04 08:26:51.000000000 +0100
+++ apr_buckets_simple.c 2007-12-04 08:27:51.000000000 +0100
@@ -33,6 +33,9 @@
if (point > a->length) {
return APR_EINVAL;
}
+ else if (point == a->length) {
+ return APR_SUCCESS;
+ }
apr_bucket_simple_copy(a, &b);
Re: apr_brigade_split_line() may leave zero length bucket in input
brigade
Posted by Joe Orton <jo...@redhat.com>.
On Mon, Dec 03, 2007 at 10:08:10AM +0100, Simone wrote:
> I found that apr_brigade_split_line() may leave a zero length Heap
> bucket in bbIn brigade, when such brigade contains exactly a line. I've
> read the source (1.2.10) and I think it happens in apr_bucket_split(),
> given the fact that the point where to split equals original bucket's
> length.
As you say, this isn't a bug; but avoiding the split in that case is
cheap so might as well be done.
Index: buckets/apr_brigade.c
===================================================================
--- buckets/apr_brigade.c (revision 597621)
+++ buckets/apr_brigade.c (working copy)
@@ -304,7 +304,10 @@
pos = memchr(str, APR_ASCII_LF, len);
/* We found a match. */
if (pos != NULL) {
- apr_bucket_split(e, pos - str + 1);
+ /* Split the bucket if the LF is not the last byte. */
+ if (len != pos - str + 1) {
+ apr_bucket_split(e, pos - str + 1);
+ }
APR_BUCKET_REMOVE(e);
APR_BRIGADE_INSERT_TAIL(bbOut, e);
return APR_SUCCESS;