Return-Path: 
 <dev-return-42585-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: (qmail 99178 invoked from network); 9 Jun 2004 21:28:59 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur-2.apache.org with SMTP; 9 Jun 2004 21:28:59 -0000
Received: (qmail 25593 invoked by uid 500); 9 Jun 2004 21:29:10 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 25563 invoked by uid 500); 9 Jun 2004 21:29:10 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
list-post: <mailto:dev@httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 25549 invoked by uid 99); 9 Jun 2004 21:29:09 -0000
Received: from [128.143.137.19] (HELO ares.cs.Virginia.EDU) (128.143.137.19)
  by apache.org (qpsmtpd/0.27.1) with ESMTP; Wed, 09 Jun 2004 14:29:09 -0700
Received: from cobra.cs.Virginia.EDU (cobra.cs.Virginia.EDU [128.143.137.16])
	by ares.cs.Virginia.EDU (8.12.10/8.12.10/UVACS-2003031900) with ESMTP id
 i59LSfNU004635
	for <dev@httpd.apache.org>; Wed, 9 Jun 2004 17:28:41 -0400 (EDT)
Date: Wed, 9 Jun 2004 17:28:41 -0400 (EDT)
From: Cliff Woolley <jwoolley@virginia.edu>
X-X-Sender: jcw5q@cobra.cs.Virginia.EDU
To: dev@httpd.apache.org
Subject: Re: [PATCH] mod_deflate + mod_proxy bug
In-Reply-To: <40C77FDA.8020101@us.ibm.com>
Message-ID: <Pine.GSO.4.58.0406091726150.7009@cobra.cs.Virginia.EDU>
References: <40C77FDA.8020101@us.ibm.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Checked: Checked
X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N

On Wed, 9 Jun 2004, Allan Edwards wrote:

> +            }
> +            else {
> +                /* this was a zero length response, remove gzip header bucket then pass down the EOS */
> +                APR_BUCKET_REMOVE(APR_BRIGADE_FIRST(ctx->bb));
> +                APR_BUCKET_REMOVE(e);
> +                APR_BRIGADE_INSERT_TAIL(ctx->bb, e);
> +                return ap_pass_brigade(f->next, ctx->bb);
> +            }

I haven't looked at the entire context of this, but if you remove a bucket
(brigade_first(ctx->bb) from a brigade without deleting it and without
having any extra pointers to it, you'll leak memory.

Also, what happens if e *is* the first bucket in the brigade?  Can that
occur?  I think that by coincidence given the implementation of
APR_BUCKET_REMOVE, nothing bad would happen by double-removing a given
bucket twice in a row, but in general that seems like a bad idea and
should be avoided.

--Cliff