Welcome! Log In Create A New Profile

Re: [PATCH] Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data()

Forum List Message List New Topic Print View

Roman Arutyunyan

June 07, 2022 09:18AM

On Tue, May 31, 2022 at 12:05:13AM +0300, Maxim Dounin wrote:
> # HG changeset patch
> # User Maxim Dounin <mdounin@mdounin.ru>
> # Date 1653942033 -10800
> # Mon May 30 23:20:33 2022 +0300
> # Node ID d5363be9fa61e0327574b8aa1342c874efd027b0
> # Parent cd40709c91e245036e7f71a6c3e5190d9533be75
> Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().
>
> Both "count" and "duration" variables are 32-bit, so their product might
> potentially overflow. It is used to reduce 64-bit start_time variable,
> and with very large start_time this can result in incorrect seeking.
>
> Found by Coverity (CID 1499904).
>
> diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
> --- a/src/http/modules/ngx_http_mp4_module.c
> +++ b/src/http/modules/ngx_http_mp4_module.c
> @@ -2331,7 +2331,7 @@ ngx_http_mp4_crop_stts_data(ngx_http_mp4
> }
>
> start_sample += count;
> - start_time -= count * duration;
> + start_time -= (uint64_t) count * duration;
> entries--;
> entry++;
> }

Looks fine
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data()	Maxim Dounin	441	May 30, 2022 05:06PM
Re: [PATCH] Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data()	Roman Arutyunyan	108	June 07, 2022 09:18AM
Re: [PATCH] Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data()	Maxim Dounin	102	June 07, 2022 03:02PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 136

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018