SPDY: fixed segfault with "client_body_in_file_only" enabled.

It is possible to send FLAG_FIN in additional empty data frame, even if it is
known from the content-length header that request body is empty.  And Firefox
actually behaves like this (see ticket #357).

To simplify code we sacrificed our microoptimization that did not work right
due to missing check in the ngx_http_spdy_state_data() function for rb->buf
set to NULL.

diff --git a/src/http/ngx_http_spdy.c b/src/http/ngx_http_spdy.c
index acadaf23202e4f6d1c85ea2c6f1b7ab40dd69d70..f8136213a765940fb234a70b831a28e0ef3cd216 100644 (file)
--- a/src/http/ngx_http_spdy.c
+++ b/src/http/ngx_http_spdy.c
@@ -2529,13 +2529,6 @@ ngx_http_spdy_init_request_body(ngx_http_request_t *r)
             return NGX_ERROR;
         }
 
-        if (rb->rest == 0) {
-            buf->in_file = 1;
-            buf->file = &tf->file;
-        } else {
-            rb->buf = buf;
-        }
-
     } else {
 
         if (rb->rest == 0) {
@@ -2546,10 +2539,10 @@ ngx_http_spdy_init_request_body(ngx_http_request_t *r)
         if (buf == NULL) {
             return NGX_ERROR;
         }
-
-        rb->buf = buf;
     }
 
+    rb->buf = buf;
+
     rb->bufs = ngx_alloc_chain_link(r->pool);
     if (rb->bufs == NULL) {
         return NGX_ERROR;