I am getting a seg fault attempting to write bogus buffers to the network.
apr_brigade_write() appears to be the culprit. I send an MMAP bucket into the
apr_brigade_write and it creates a transient bucket to point at the contents of the
MMAP
bucket and hangs this transient on the ctx->b brigade. apr_brigade_destroy() whacks the
MMAP pointed to by the transient bucket in ctx->b, resulting in a segfault when we try
to
write the bogus buffer to the network.
The comment is, um, not reassuring. Any ideas?
Bill
APR_BRIGADE_FOREACH(bucket, b) {
const char *str;
apr_size_t n;
rv = apr_bucket_read(bucket, &str, &n, APR_BLOCK_READ);
/* This apr_brigade_write does not use a flush function
because we assume that we will not write enough data
into it to cause a flush. However, if we *do* write
"too much", then we could end up with transient
buckets which would suck. This works for now, but is
a bit shaky if changes are made to some of the
buffering sizes. Let's do an assert to prevent
potential future problems... */
AP_DEBUG_ASSERT(AP_MIN_BYTES_TO_WRITE <=
APR_BUCKET_BUFF_SIZE);
if (rv != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, c->base_server,
"core_output_filter: Error reading from bucket.");
return rv;
}
apr_brigade_write(ctx->b, NULL, NULL, str, n);
}
apr_brigade_destroy(b
