1eaa30
# ./pullrev.sh 1892413 1895552
1eaa30
1eaa30
https://bugzilla.redhat.com/show_bug.cgi?id=1938740
1eaa30
1eaa30
http://svn.apache.org/viewvc?view=revision&revision=1892413
1eaa30
http://svn.apache.org/viewvc?view=revision&revision=1895552
1eaa30
1eaa30
- also mod_cgi/mod_cgid log_flags fix from r1881559
1eaa30
1eaa30
--- httpd-2.4.51/modules/filters/mod_deflate.c.r1892413+
1eaa30
+++ httpd-2.4.51/modules/filters/mod_deflate.c
1eaa30
@@ -1275,44 +1275,46 @@
1eaa30
             if (APR_BUCKET_IS_FLUSH(bkt)) {
1eaa30
                 apr_bucket *tmp_b;
1eaa30
 
1eaa30
-                ctx->inflate_total += ctx->stream.avail_out;
1eaa30
-                zRC = inflate(&(ctx->stream), Z_SYNC_FLUSH);
1eaa30
-                ctx->inflate_total -= ctx->stream.avail_out;
1eaa30
-                if (zRC != Z_OK) {
1eaa30
-                    inflateEnd(&ctx->stream);
1eaa30
-                    ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01391)
1eaa30
-                                  "Zlib error %d inflating data (%s)", zRC,
1eaa30
-                                  ctx->stream.msg);
1eaa30
-                    return APR_EGENERAL;
1eaa30
-                }
1eaa30
+                if (!ctx->done) {
1eaa30
+                    ctx->inflate_total += ctx->stream.avail_out;
1eaa30
+                    zRC = inflate(&(ctx->stream), Z_SYNC_FLUSH);
1eaa30
+                    ctx->inflate_total -= ctx->stream.avail_out;
1eaa30
+                    if (zRC != Z_OK) {
1eaa30
+                        inflateEnd(&ctx->stream);
1eaa30
+                        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01391)
1eaa30
+                                      "Zlib error %d inflating data (%s)", zRC,
1eaa30
+                                      ctx->stream.msg);
1eaa30
+                        return APR_EGENERAL;
1eaa30
+                    }
1eaa30
  
1eaa30
-                if (inflate_limit && ctx->inflate_total > inflate_limit) { 
1eaa30
-                    inflateEnd(&ctx->stream);
1eaa30
-                    ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02647)
1eaa30
-                            "Inflated content length of %" APR_OFF_T_FMT
1eaa30
-                            " is larger than the configured limit"
1eaa30
-                            " of %" APR_OFF_T_FMT, 
1eaa30
-                            ctx->inflate_total, inflate_limit);
1eaa30
-                    return APR_ENOSPC;
1eaa30
-                }
1eaa30
+                    if (inflate_limit && ctx->inflate_total > inflate_limit) { 
1eaa30
+                        inflateEnd(&ctx->stream);
1eaa30
+                        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02647)
1eaa30
+                                      "Inflated content length of %" APR_OFF_T_FMT
1eaa30
+                                      " is larger than the configured limit"
1eaa30
+                                      " of %" APR_OFF_T_FMT, 
1eaa30
+                                      ctx->inflate_total, inflate_limit);
1eaa30
+                        return APR_ENOSPC;
1eaa30
+                    }
1eaa30
 
1eaa30
-                if (!check_ratio(r, ctx, dc)) {
1eaa30
-                    inflateEnd(&ctx->stream);
1eaa30
-                    ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02805)
1eaa30
-                            "Inflated content ratio is larger than the "
1eaa30
-                            "configured limit %i by %i time(s)",
1eaa30
-                            dc->ratio_limit, dc->ratio_burst);
1eaa30
-                    return APR_EINVAL;
1eaa30
-                }
1eaa30
+                    if (!check_ratio(r, ctx, dc)) {
1eaa30
+                        inflateEnd(&ctx->stream);
1eaa30
+                        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02805)
1eaa30
+                                      "Inflated content ratio is larger than the "
1eaa30
+                                      "configured limit %i by %i time(s)",
1eaa30
+                                      dc->ratio_limit, dc->ratio_burst);
1eaa30
+                        return APR_EINVAL;
1eaa30
+                    }
1eaa30
 
1eaa30
-                len = c->bufferSize - ctx->stream.avail_out;
1eaa30
-                ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len);
1eaa30
-                tmp_b = apr_bucket_heap_create((char *)ctx->buffer, len,
1eaa30
-                                                NULL, f->c->bucket_alloc);
1eaa30
-                APR_BRIGADE_INSERT_TAIL(ctx->proc_bb, tmp_b);
1eaa30
+                    len = c->bufferSize - ctx->stream.avail_out;
1eaa30
+                    ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len);
1eaa30
+                    tmp_b = apr_bucket_heap_create((char *)ctx->buffer, len,
1eaa30
+                                                   NULL, f->c->bucket_alloc);
1eaa30
+                    APR_BRIGADE_INSERT_TAIL(ctx->proc_bb, tmp_b);
1eaa30
 
1eaa30
-                ctx->stream.next_out = ctx->buffer;
1eaa30
-                ctx->stream.avail_out = c->bufferSize;
1eaa30
+                    ctx->stream.next_out = ctx->buffer;
1eaa30
+                    ctx->stream.avail_out = c->bufferSize;
1eaa30
+                }
1eaa30
 
1eaa30
                 /* Flush everything so far in the returning brigade, but continue
1eaa30
                  * reading should EOS/more follow (don't lose them).
1eaa30
--- httpd-2.4.51/modules/generators/mod_cgi.c.r1892413+
1eaa30
+++ httpd-2.4.51/modules/generators/mod_cgi.c
1eaa30
@@ -191,11 +191,10 @@
1eaa30
     apr_file_t *f = NULL;
1eaa30
     apr_finfo_t finfo;
1eaa30
     char time_str[APR_CTIME_LEN];
1eaa30
-    int log_flags = rv ? APLOG_ERR : APLOG_ERR;
1eaa30
 
1eaa30
     /* Intentional no APLOGNO */
1eaa30
     /* Callee provides APLOGNO in error text */
1eaa30
-    ap_log_rerror(APLOG_MARK, log_flags, rv, r,
1eaa30
+    ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
1eaa30
                   "%s%s: %s", logno ? logno : "", error, r->filename);
1eaa30
 
1eaa30
     /* XXX Very expensive mainline case! Open, then getfileinfo! */
1eaa30
--- httpd-2.4.51/modules/generators/mod_cgid.c.r1892413+
1eaa30
+++ httpd-2.4.51/modules/generators/mod_cgid.c
1eaa30
@@ -1190,11 +1190,10 @@
1eaa30
     apr_file_t *f = NULL;
1eaa30
     struct stat finfo;
1eaa30
     char time_str[APR_CTIME_LEN];
1eaa30
-    int log_flags = rv ? APLOG_ERR : APLOG_ERR;
1eaa30
 
1eaa30
     /* Intentional no APLOGNO */
1eaa30
     /* Callee provides APLOGNO in error text */
1eaa30
-    ap_log_rerror(APLOG_MARK, log_flags, rv, r,
1eaa30
+    ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
1eaa30
                 "%s: %s", error, r->filename);
1eaa30
 
1eaa30
     /* XXX Very expensive mainline case! Open, then getfileinfo! */
1eaa30
--- httpd-2.4.51/server/mpm_unix.c.r1892413+
1eaa30
+++ httpd-2.4.51/server/mpm_unix.c
1eaa30
@@ -259,10 +259,12 @@
1eaa30
         while (cur_extra) {
1eaa30
             ap_generation_t old_gen;
1eaa30
             extra_process_t *next = cur_extra->next;
1eaa30
+            pid_t pid = cur_extra->pid;
1eaa30
 
1eaa30
-            if (reclaim_one_pid(cur_extra->pid, action_table[cur_action].action)) {
1eaa30
-                if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) {
1eaa30
-                    mpm_callback(-1, cur_extra->pid, old_gen);
1eaa30
+            if (reclaim_one_pid(pid, action_table[cur_action].action)) {
1eaa30
+                if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) {
1eaa30
+                    /* cur_extra dangling pointer from here. */
1eaa30
+                    mpm_callback(-1, pid, old_gen);
1eaa30
                 }
1eaa30
                 else {
1eaa30
                     AP_DEBUG_ASSERT(1 == 0);
1eaa30
@@ -307,10 +309,12 @@
1eaa30
     while (cur_extra) {
1eaa30
         ap_generation_t old_gen;
1eaa30
         extra_process_t *next = cur_extra->next;
1eaa30
+        pid_t pid = cur_extra->pid;
1eaa30
 
1eaa30
-        if (reclaim_one_pid(cur_extra->pid, DO_NOTHING)) {
1eaa30
-            if (ap_unregister_extra_mpm_process(cur_extra->pid, &old_gen) == 1) {
1eaa30
-                mpm_callback(-1, cur_extra->pid, old_gen);
1eaa30
+        if (reclaim_one_pid(pid, DO_NOTHING)) {
1eaa30
+            if (ap_unregister_extra_mpm_process(pid, &old_gen) == 1) {
1eaa30
+                /* cur_extra dangling pointer from here. */
1eaa30
+                mpm_callback(-1, pid, old_gen);
1eaa30
             }
1eaa30
             else {
1eaa30
                 AP_DEBUG_ASSERT(1 == 0);