# HG changeset patch # User Valentin Bartenev # Date 1374690265 -14400 # Node ID bd91997a11178f95045653d5bce097f344ec6d53 # Parent f842bd852d1d4d7a958d096a08cd562f2aefb02c SPDY: fixed segfault with "client_body_in_file_only" enabled. It is possible to send FLAG_FIN in additional empty data frame, even if it is known from the content-length header that request body is empty. And Firefox actually behaves like this (see ticket #357). To simplify code we sacrificed our microoptimization that did not work right due to missing check in the ngx_http_spdy_state_data() function for rb->buf set to NULL. diff --git a/src/http/ngx_http_spdy.c b/src/http/ngx_http_spdy.c --- a/src/http/ngx_http_spdy.c +++ b/src/http/ngx_http_spdy.c @@ -2529,13 +2529,6 @@ ngx_http_spdy_init_request_body(ngx_http return NGX_ERROR; } - if (rb->rest == 0) { - buf->in_file = 1; - buf->file = &tf->file; - } else { - rb->buf = buf; - } - } else { if (rb->rest == 0) { @@ -2546,10 +2539,10 @@ ngx_http_spdy_init_request_body(ngx_http if (buf == NULL) { return NGX_ERROR; } - - rb->buf = buf; } + rb->buf = buf; + rb->bufs = ngx_alloc_chain_link(r->pool); if (rb->bufs == NULL) { return NGX_ERROR;