# HG changeset patch
# User Valentin Bartenev <vbart@nginx.com>
# Date 1374690265 -14400
# Node ID 7542b72fe4b18b056cd041584d16f4bcc7994bc2
# Parent  e939f6e8548c73076eb5930ebe1b4ebfae1dd237
SPDY: fixed segfault with "client_body_in_file_only" enabled.

It is possible to send FLAG_FIN in additional empty data frame, even if it is
known from the content-length header that request body is empty.  And Firefox
actually behaves like this (see ticket #357).

To simplify code we sacrificed our microoptimization that did not work right
due to missing check in the ngx_http_spdy_state_data() function for rb->buf
set to NULL.

diff -r e939f6e8548c -r 7542b72fe4b1 src/http/ngx_http_spdy.c
--- a/src/http/ngx_http_spdy.c	Fri Jul 19 15:59:50 2013 +0400
+++ b/src/http/ngx_http_spdy.c	Wed Jul 24 22:24:25 2013 +0400
@@ -2529,13 +2529,6 @@
             return NGX_ERROR;
         }
 
-        if (rb->rest == 0) {
-            buf->in_file = 1;
-            buf->file = &tf->file;
-        } else {
-            rb->buf = buf;
-        }
-
     } else {
 
         if (rb->rest == 0) {
@@ -2546,10 +2539,10 @@
         if (buf == NULL) {
             return NGX_ERROR;
         }
-
-        rb->buf = buf;
     }
 
+    rb->buf = buf;
+
     rb->bufs = ngx_alloc_chain_link(r->pool);
     if (rb->bufs == NULL) {
         return NGX_ERROR;