Core: protection from subrequest loops.

Without the protection, subrequest loop results in r->count overflow and
SIGSEGV.  Protection was broken in 0.7.25.

Note that this also limits number of parallel subrequests.  This
wasn't exactly the case before 0.7.25 as local subrequests were
completed directly.

See here for details:
http://nginx.org/pipermail/nginx-ru/2010-February/032184.html

src/http/ngx_http_core_module.c

@@ -2453,7 +2453,6 @@ ngx_http_subrequest(ngx_http_request_t *r,
     sr->start_sec = tp->sec;
     sr->start_msec = tp->msec;
 
-    r->main->subrequests++;
     r->main->count++;
 
     *psr = sr;

src/http/ngx_http_request.c

@@ -2010,6 +2010,7 @@ ngx_http_finalize_request(ngx_http_request_t *r, ngx_int_t rc)
         if (r == c->data) {
 
             r->main->count--;
+            r->main->subrequests++;
 
             if (!r->logged) {