Project

General

Profile

Bug #1295

lighttpd runs in endless loop on FreeBSD if a file was shrinked.

Added by wolfram about 12 years ago. Updated about 12 years ago.

Status:
Fixed
Priority:
High
Assignee:
-
Category:
core
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

There are serveral programming errors in http://trac.lighttpd.net/trac/browser/branches/lighttpd-1.4.x/src/network_freebsd_sendfile.c

First, in line 152 is an off-by-one:

if (offset > sce->st.st_size) {
log_error_write(srv, FILE_, LINE_, "sb", "file was shrinked:", c->file.name);
return -1;
}

it should be

offset >= sce->st.st_size

because it does not make sense to open a file and read data past end of file.

This is harmless, sendfile(2) can handle this case:

The offset argument specifies where to begin in the file.  Should offset
fall beyond the end of file, the system will return success and report 0
bytes sent as described below.

but lighttpd does not check for 0 bytes sent (line 181-187). Now lighttpd runs open/sendfile/close in an endless loop, read & send 0 bytes.

For a fix, see the linux sendfile implementation at src/network_linux_sendfile.c line 177.

History

#1

Updated by darix about 12 years ago

  • Status changed from New to Fixed
  • Resolution set to duplicate

duplicate of #1289

Also available in: Atom