While reading the code of ap_http_chunk_filter I wondered myself if there is bug in the handling of flush buckets in ap_http_chunk_filter. Maybe I just do not understand correctly the way ap_http_chunk_filter works.
Lets assume the following brigade as input to ap_http_chunk_filter: Pos Type Length 0 Heap 10 1 Flush 0 2 Heap 10 To be honest, I am not quite sure if this assumption can occur. As far as I undestand we would leave the inner for loop with bytes set to 20 and flush set to the flush bucket at pos 1 of the brigade But the result of the "if (bytes > 0)" block would be the following brigade: Pos Type Length Contents 0 Immortal Length of chunk (20 bytes) including CRLF 1 Heap 10 2 Immortal CRLF (end of chunk) 3 Flush 0 4 Heap 10 But this would be wrong, as - the length of the chunk is wrong (it is only 10) - The 10 bytes from heap bucket 4 do not get correctly chunk encoded If I see things correctly the following patch should fix this: Index: chunk_filter.c =================================================================== --- chunk_filter.c (Revision 356370) +++ chunk_filter.c (Arbeitskopie) @@ -69,6 +69,8 @@ } if (APR_BUCKET_IS_FLUSH(e)) { flush = e; + more = apr_brigade_split(b, APR_BUCKET_NEXT(e)); + break; } else if (e->length == (apr_size_t)-1) { /* unknown amount of data (e.g. a pipe) */ Regards RĂ¼diger