Welcome! Log In Create A New Profile

Advanced

[PATCH] Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data()

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
May 30, 2022 05:06PM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1653942033 -10800
# Mon May 30 23:20:33 2022 +0300
# Node ID d5363be9fa61e0327574b8aa1342c874efd027b0
# Parent cd40709c91e245036e7f71a6c3e5190d9533be75
Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().

Both "count" and "duration" variables are 32-bit, so their product might
potentially overflow. It is used to reduce 64-bit start_time variable,
and with very large start_time this can result in incorrect seeking.

Found by Coverity (CID 1499904).

diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -2331,7 +2331,7 @@ ngx_http_mp4_crop_stts_data(ngx_http_mp4
}

start_sample += count;
- start_time -= count * duration;
+ start_time -= (uint64_t) count * duration;
entries--;
entry++;
}

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Reply Quote
RSS
Subject Author Views Posted

[PATCH] Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data()

Maxim Dounin 426 May 30, 2022 05:06PM

Re: [PATCH] Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data()

Roman Arutyunyan 102 June 07, 2022 09:18AM

Re: [PATCH] Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data()

Maxim Dounin 96 June 07, 2022 03:02PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 311
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready