This general patch has been on new-httpd, but it really belongs here. This is my general concept for how brigades should be buffered.
FYI: this has the potential to fail miserably:
char buffer[APR_BUCKET_BUFF_SIZE + 1];
int i; for(i = 0; i < APR_BUCKET_BUFF_SIZE + 1; ++i) {
buffer[i] = 'a' + (i % 26);
} apr_brigade_write(b, buffer, 1);
apr_brigade_write(b, buffer + 1, APR_BUCKET_BUFF_SIZE);In the second call, check_brigade_flush returns 0, with nbyte set to 1, so 1 byte is copied from str, except that it's the wrong byte, since str is the same as it was upon entering. (hence the
buffer[i] = 'a' + (i % 26);
initialization, you wouldn't see this with a buffer of all a's.)
A similar failure occurs at APR_BUCKET_BUFF_SIZE * 2 + 1, where a transient bucket will be created containing the first APR_BUCKET_BUFF_SIZE + 1 bytes of str. These both can be fixed by changing str to const char ** in check_brigade_flush, and moving the pointer as you go.
A third failure is that check_brigade_flush creates a transient bucket and sticks it in the brigade. Here's where this can fail:
char buf[APR_BUCKET_BUFF_SIZE * 2 + 1];
apr_vsnprintf(buf, APR_BUCKET_BUFF_SIZE * 2 + 1, fmt, va);
return apr_brigade_puts(b, buf);
b now can contain a transient bucket pointing to stack space that has been reclaimed.
or also here:
char buffer[APR_BUCKET_BUFF_SIZE * 2 + 1];
int i; for(i = 0; i < APR_BUCKET_BUFF_SIZE * 2 + 1; ++i) {
buffer[i] = 'a' + (i % 26);
} apr_brigade_write(b, buffer, 1);
apr_brigade_write(b, buffer + 1, APR_BUCKET_BUFF_SIZE * 2); for(i = 0; i < APR_BUCKET_BUFF_SIZE * 2 + 1; ++i) {
buffer[i] = '0' + (i % 10);
}apr_brigade_write(b, buffer, APR_BUCKET_BUFF_SIZE * 2 + 1);
-- Greg Marr [EMAIL PROTECTED] "We thought you were dead." "I was, but I'm better now." - Sheridan, "The Summoning"
