Welcome! Log In Create A New Profile

[nginx] Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().

Forum List Message List New Topic Print View

Sergey Kandaurov

June 07, 2022 03:30PM

details: https://hg.nginx.org/nginx/rev/1afd19dc7161
branches:
changeset: 8043:1afd19dc7161
user: Maxim Dounin <mdounin@mdounin.ru>
date: Tue Jun 07 21:58:52 2022 +0300
description:
Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().

Both "count" and "duration" variables are 32-bit, so their product might
potentially overflow. It is used to reduce 64-bit start_time variable,
and with very large start_time this can result in incorrect seeking.

Found by Coverity (CID 1499904).

diffstat:

src/http/modules/ngx_http_mp4_module.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diffs (12 lines):

diff -r c7e25324be11 -r 1afd19dc7161 src/http/modules/ngx_http_mp4_module.c
--- a/src/http/modules/ngx_http_mp4_module.c Tue Jun 07 20:08:57 2022 +0400
+++ b/src/http/modules/ngx_http_mp4_module.c Tue Jun 07 21:58:52 2022 +0300
@@ -2331,7 +2331,7 @@ ngx_http_mp4_crop_stts_data(ngx_http_mp4
}

start_sample += count;
- start_time -= count * duration;
+ start_time -= (uint64_t) count * duration;
entries--;
entry++;
}
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().	Sergey Kandaurov	354	June 07, 2022 03:30PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 186

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018