Openssh sshd causing incoming scp to write 0 length file

I'm trying to trace through Openssh to figure out where in the code
the sshd server
(or whatever it forks/execs) writes the file when a client runs scp to
copy a file to
the server. I have a situation where the destination file is created,
but with 0 length,
even thought the transferred file is non-0 in length. I see that sshd
(SSH2) uses
the efd (extended file descriptor?) to input the data and have know
that its type,
SSH2_MSG_CHANNEL_DATA = 94, is handled by the channel_input_data
handler. Channel_input_data puts the data on c->output using
buffer_append,
but have no idea which component picks up this data and delivers it to
the
code that (is supposed to) writes the file.

I'm running the SSH2 protocol (compat20). I see some code in
process_output
in serverloop.c that does writes for SSH1 (!compat20), but can't find
anything
similar for SSH2.

I'm working on an embedded target system, so debugging resources are
limited.
I've even tried to run sshd under gdb on my development system just to
get a
better grip on how the data is supposed to flow and what the intended
code
path should be. However, because of the forks/execs that sshd does
and the
timing limitations in the protocol, I can't figure out the code. If
someone can
give me hints on how to use gdb to "trace" through the code, then that
may
help a lot as well. Right now, I just have the debug[123]() printing
to try to
figure things out.

Thanks for all help.