While reading the code of ap_http_chunk_filter I wondered myself if there is bug
in the handling of flush buckets in ap_http_chunk_filter. Maybe I just do not
understand correctly the way ap_http_chunk_filter works.
Lets assume the following brigade as input to ap_http_chunk_filter:
Pos Type Length
0 Heap 10
1 Flush 0
2 Heap 10
To be honest, I am not quite sure if this assumption can occur.
As far as I undestand we would leave the inner for loop with
bytes set to 20 and flush set to the flush bucket at pos 1 of the brigade
But the result of the "if (bytes > 0)" block would be the following brigade:
Pos Type Length Contents
0 Immortal Length of chunk (20 bytes) including CRLF
1 Heap 10
2 Immortal CRLF (end of chunk)
3 Flush 0
4 Heap 10
But this would be wrong, as
- the length of the chunk is wrong (it is only 10)
- The 10 bytes from heap bucket 4 do not get correctly chunk encoded
If I see things correctly the following patch should fix this:
Index: chunk_filter.c
===================================================================
--- chunk_filter.c (Revision 356370)
+++ chunk_filter.c (Arbeitskopie)
@@ -69,6 +69,8 @@
}
if (APR_BUCKET_IS_FLUSH(e)) {
flush = e;
+ more = apr_brigade_split(b, APR_BUCKET_NEXT(e));
+ break;
}
else if (e->length == (apr_size_t)-1) {
/* unknown amount of data (e.g. a pipe) */
Regards
RĂ¼diger
