Welcome! Log In Create A New Profile

Advanced

[nginx] Mp4: prevent chunk index underflow.

Anonymous User
November 21, 2024 07:10AM
details: https://github.com/nginx/nginx/commit/569948aa12409773f27572fca3d2c8e18c9c657f
branches: master
commit: 569948aa12409773f27572fca3d2c8e18c9c657f
user: Roman Arutyunyan <arut@nginx.com>
date: Tue, 22 Oct 2024 18:34:13 +0400
description:
Mp4: prevent chunk index underflow.

When cropping stsc atom, it's assumed that chunk index is never 0.
Based on this assumption, start_chunk and end_chunk are calculated
by subtracting 1 from it. If chunk index is zero, start_chunk or
end_chunk may underflow, which will later trigger
"start/end time is out mp4 stco chunks" error. The change adds an
explicit check for zero chunk index to avoid underflow and report
a proper error.

Zero chunk index is explicitly banned in ISO/IEC 14496-12, 8.7.4
Sample To Chunk Box. It's also implicitly banned in QuickTime File
Format specification. Description of chunk offset table references
"Chunk 1" as the first table element.

---
src/http/modules/ngx_http_mp4_module.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index 49b0999cf..b7bd192df 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -3221,6 +3221,12 @@ found:
return NGX_ERROR;
}

+ if (chunk == 0) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "zero chunk in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
target_chunk = chunk - 1;
target_chunk += start_sample / samples;
chunk_samples = start_sample % samples;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] Mp4: prevent chunk index underflow.

Anonymous User 136 November 21, 2024 07:10AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 226
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready