httpd-apreq-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bojan Smojver <bo...@rexursive.com>
Subject Endless loop in split_on_bdry() of library/parser_multipart.c?
Date Tue, 30 May 2006 02:13:09 GMT
I'm seeing an endless loop in this part of the code:

------------------------------------------------
            do {
                apr_bucket *f = APR_BRIGADE_FIRST(in);
                APR_BUCKET_REMOVE(f);
                APR_BRIGADE_INSERT_TAIL(out, f);
            } while (e != APR_BRIGADE_FIRST(in));
------------------------------------------------

Basically, I'm submitting a multipart/form-data in lynx and eating the
whole thing up by calling ap_discard_request_body() in my handler. Stack
looks like this:

------------------------------------------------
(gdb) bt
#0  split_on_bdry (out=0x840dc50, in=0x840dc70, pattern=0x840d820,
    bdry=0x840d812 "\r\n--LYNX") at parser_multipart.c:166
#1  0x006f0b29 in apreq_parse_multipart (parser=0x840d5b0, t=0x840d630,
    bb=0x840d5d0) at parser_multipart.c:580
#2  0x00229dec in apreq_filter (f=0x841e768, bb=0x840d550,
    mode=AP_MODE_READBYTES, block=APR_BLOCK_READ, readbytes=8192)
    at ../../include/apreq_parser.h:126
#3  0x0808f6a5 in ap_discard_request_body (r=0x841cb50) at
http_filters.c:1123
#4  0x00c83593 in handler (r=0x841cb50) at mod_spin.c:767
#5  0x08075179 in ap_run_handler (r=0x841cb50) at config.c:157
#6  0x08078401 in ap_invoke_handler (r=0x841cb50) at config.c:371
#7  0x0808f158 in ap_process_request (r=0x841cb50) at http_request.c:258
#8  0x0808c45b in ap_process_http_connection (c=0x8406ea0) at
http_core.c:172
#9  0x0807c2a9 in ap_run_process_connection (c=0x8406ea0) at
connection.c:43
#10 0x080a26e0 in child_main (child_num_arg=Variable "child_num_arg" is
not available.
) at prefork.c:640
#11 0x080a2943 in make_child (s=0x835bcb0, slot=0) at prefork.c:680
#12 0x080a3726 in ap_mpm_run (_pconf=0x83570a8, plog=0x83951a0,
s=0x835bcb0)
    at prefork.c:956
#13 0x08062d35 in main (argc=137711912, argv=0x0) at main.c:717
------------------------------------------------

The files (two of them) I'm submitting through the form are 690 kB in
size.

The code never gets out of the above while loop. Anyone seen anything
similar?

-- 
Bojan


Mime
View raw message