Google Git
Sign in
nginx/nginx/32e167e211d17a92ab7beed3cc26a6fa785749f4^!/.
commit
32e167e211d17a92ab7beed3cc26a6fa785749f4
[log]
author
Valentin Bartenev <vbart@nginx.com>
Wed Jul 24 22:24:25 2013 +0400
committer
Valentin Bartenev <vbart@nginx.com>
Wed Jul 24 22:24:25 2013 +0400
tree
4cf18ff9a5247e2e048575e71c0549c84335ab1b
parent
809d05769bfa02bb138b4476174cf7ba7b5287cc [diff]
SPDY: fixed segfault with "client_body_in_file_only" enabled.

It is possible to send FLAG_FIN in additional empty data frame, even if it is
known from the content-length header that request body is empty.  And Firefox
actually behaves like this (see ticket #357).

To simplify code we sacrificed our microoptimization that did not work right
due to missing check in the ngx_http_spdy_state_data() function for rb->buf
set to NULL.

diff --git a/src/http/ngx_http_spdy.c b/src/http/ngx_http_spdy.c
index acadaf2..f813621 100644
--- a/src/http/ngx_http_spdy.c
+++ b/src/http/ngx_http_spdy.c

@@ -2529,13 +2529,6 @@
             return NGX_ERROR;
         }
 
-        if (rb->rest == 0) {
-            buf->in_file = 1;
-            buf->file = &tf->file;
-        } else {
-            rb->buf = buf;
-        }
-
     } else {
 
         if (rb->rest == 0) {
@@ -2546,10 +2539,10 @@
         if (buf == NULL) {
             return NGX_ERROR;
         }
-
-        rb->buf = buf;
     }
 
+    rb->buf = buf;
+
     rb->bufs = ngx_alloc_chain_link(r->pool);
     if (rb->bufs == NULL) {
         return NGX_ERROR;