httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: IE4 HTTP/1.1 Chunking bug reincarnation?
Date Tue, 27 Jan 1998 05:30:34 GMT
Naw it was a lot simpler than that... it's just that I only protected
bputc() from itself, but didn't protect it from other buff functions like
bputs().  0x1c happens to be the length of the string which mod_php3 sends
to bputs() when it's expanding hard tabs... it sends "&nbsp; &nbsp; &nbsp;
&nbsp;".  Then right after that bputs() it does a bputc() ... but the
bputs() doesn't do a start_chunk() and all hell ensues. 

You're seeing the 1c in its own chunk because of large_write() ... hence
the performance tweak in that patch.

Dean

On Mon, 26 Jan 1998, Roy T. Fielding wrote:

> >There are several cases of a chunk size of 1c which seems to have more
> >data than 19 characters, resulting in an overwrite of the next chunk-size.
> 
> I should have also noted that the only bad chunks are those after a
> chunk size of 1c -- all the other chunks are normal.  Smells of a
> boundary condition.
> 
> ....Roy
> 


Mime
View raw message