Mercurial > hg > nginx-quic
comparison src/http/ngx_http_spdy.c @ 5413:bd91997a1117 stable-1.4
SPDY: fixed segfault with "client_body_in_file_only" enabled.
It is possible to send FLAG_FIN in additional empty data frame, even if it is
known from the content-length header that request body is empty. And Firefox
actually behaves like this (see ticket #357).
To simplify code we sacrificed our microoptimization that did not work right
due to missing check in the ngx_http_spdy_state_data() function for rb->buf
set to NULL.
| author | Valentin Bartenev <vbart@nginx.com> |
|---|---|
| date | Wed, 24 Jul 2013 22:24:25 +0400 |
| parents | 7a015bbda96f |
| children | b8e6297358b5 |
comparison
equal
deleted
inserted
replaced
| 5412:f842bd852d1d | 5413:bd91997a1117 |
|---|---|
| 2527 buf = ngx_calloc_buf(r->pool); | 2527 buf = ngx_calloc_buf(r->pool); |
| 2528 if (buf == NULL) { | 2528 if (buf == NULL) { |
| 2529 return NGX_ERROR; | 2529 return NGX_ERROR; |
| 2530 } | 2530 } |
| 2531 | 2531 |
| 2532 if (rb->rest == 0) { | |
| 2533 buf->in_file = 1; | |
| 2534 buf->file = &tf->file; | |
| 2535 } else { | |
| 2536 rb->buf = buf; | |
| 2537 } | |
| 2538 | |
| 2539 } else { | 2532 } else { |
| 2540 | 2533 |
| 2541 if (rb->rest == 0) { | 2534 if (rb->rest == 0) { |
| 2542 return NGX_OK; | 2535 return NGX_OK; |
| 2543 } | 2536 } |
| 2544 | 2537 |
| 2545 buf = ngx_create_temp_buf(r->pool, (size_t) rb->rest); | 2538 buf = ngx_create_temp_buf(r->pool, (size_t) rb->rest); |
| 2546 if (buf == NULL) { | 2539 if (buf == NULL) { |
| 2547 return NGX_ERROR; | 2540 return NGX_ERROR; |
| 2548 } | 2541 } |
| 2549 | 2542 } |
| 2550 rb->buf = buf; | 2543 |
| 2551 } | 2544 rb->buf = buf; |
| 2552 | 2545 |
| 2553 rb->bufs = ngx_alloc_chain_link(r->pool); | 2546 rb->bufs = ngx_alloc_chain_link(r->pool); |
| 2554 if (rb->bufs == NULL) { | 2547 if (rb->bufs == NULL) { |
| 2555 return NGX_ERROR; | 2548 return NGX_ERROR; |
| 2556 } | 2549 } |