From: Sergey Kandaurov <pluknet@nginx.com>
Date: Fri, 14 Nov 2025 12:06:56 +0000 (+0400)
Subject: Request body: restored buffered empty body special case
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=6eb7dcdd98dcba78d63b7e37a68fbe505e7ed725;p=nginx.git

Request body: restored buffered empty body special case

This restores a long-standing optimization when the entire request
body is empty and r->request_body_in_file_only is set, used to avoid
writing an empty file as initially introduced in 4c7f51136 (0.4.4).
The previous condition never worked with chunked body filter, where
rb->bufs holds at least the final chunk; in length body filter, it is
used to indicate the last received buffer since 2a7092138 (1.21.2).

The fix is to additionally check if it is the only empty buffer.

Found with UndefinedBehaviorSanitizer (pointer-overflow)
---

diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c
index 93c69220c..1d8e4081a 100644
--- a/src/http/ngx_http_request_body.c
+++ b/src/http/ngx_http_request_body.c
@@ -581,7 +581,9 @@ ngx_http_write_request_body(ngx_http_request_t *r)
 
         rb->temp_file = tf;
 
-        if (rb->bufs == NULL) {
+        if (rb->bufs == NULL
+            || (!ngx_buf_in_memory(rb->bufs->buf) && rb->bufs->buf->last_buf))
+        {
             /* empty body with r->request_body_in_file_only */
 
             if (ngx_create_temp_file(&tf->file, tf->path, tf->pool,