# HG changeset patch
# User Roman Arutyunyan <arut@nginx.com>
# Date 1519918719 -10800
# Node ID 43585e0e12a3158fae1dbdd9938692ec3f657e0f
# Parent  20f139e9ffa84f1a1db6039bbbb547cd35fc4534
Postpone filter: prevented uninitialized r->out.

The r->out chain link could be left uninitialized in case of error.
A segfault could happen if the subrequest handler accessed it.
The issue was introduced in commit 20f139e9ffa8.

diff --git a/src/http/ngx_http_postpone_filter_module.c b/src/http/ngx_http_postpone_filter_module.c
--- a/src/http/ngx_http_postpone_filter_module.c
+++ b/src/http/ngx_http_postpone_filter_module.c
@@ -191,11 +191,6 @@ ngx_http_postpone_filter_in_memory(ngx_h
                    "http postpone filter in memory");
 
     if (r->out == NULL) {
-        r->out = ngx_alloc_chain_link(r->pool);
-        if (r->out == NULL) {
-            return NGX_ERROR;
-        }
-
         clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
         if (r->headers_out.content_length_n != -1) {
@@ -218,6 +213,11 @@ ngx_http_postpone_filter_in_memory(ngx_h
 
         b->last_buf = 1;
 
+        r->out = ngx_alloc_chain_link(r->pool);
+        if (r->out == NULL) {
+            return NGX_ERROR;
+        }
+
         r->out->buf = b;
         r->out->next = NULL;
     }