nginx: src/os/unix/ngx_shmem.h annotate

annotate src/os/unix/ngx_shmem.h @ 9322:d6f75dd66761 default tip

Mp4: added and updated sanity checks for "end" handling. When handling incorrect data in ngx_http_mp4_crop_stsc_data(), trak->end_chunk_samples might end up being arbitrary large, leading to reading before the buffer in ngx_http_mp4_update_stsz_atom(). Fix is to check that trak->end_chunk_samples corresponds to a memory within the stsz atom data. For consistency, trak->start_chunk_samples is checked similarly. Similarly, trak->end_chunk might end up being smaller than trak->start_chunk, leading to reading memory after the buffer in ngx_http_mp4_update_stco_atom() and ngx_http_mp4_update_co64_atom(). Corresponding checks are updated to explicitly test (trak->end_chunk - trak->start_chunk) instead of just checking trak->end_chunk and assuming it is larger than trak->start_chunk. This is generally in line with existing checks of (trak->end_sample - trak->start_sample) in ngx_http_mp4_update_stsz_atom(), where trak->end_sample might also become smaller than trak->start_sample when handling incorrect data in ngx_http_mp4_crop_stts_data().

author	Maxim Dounin <mdounin@mdounin.ru>
date	Sun, 25 Aug 2024 06:35:40 +0300
parents	d620f497c50f
children

rev	line source
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 358 diff changeset	1
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 358 diff changeset	2 /*
444 42d11f017717 nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright Igor Sysoev <igor@sysoev.ru> parents: 441 diff changeset	3 * Copyright (C) Igor Sysoev
4412 d620f497c50f Copyright updated. Maxim Konovalov <maxim@nginx.com> parents: 2720 diff changeset	4 * Copyright (C) Nginx, Inc.
441 da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 358 diff changeset	5 */
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 358 diff changeset	6
da8c5707af39 nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files Igor Sysoev <igor@sysoev.ru> parents: 358 diff changeset	7
696 703978149e70 fix header name change Igor Sysoev <igor@sysoev.ru> parents: 605 diff changeset	8 #ifndef _NGX_SHMEM_H_INCLUDED_
703978149e70 fix header name change Igor Sysoev <igor@sysoev.ru> parents: 605 diff changeset	9 #define _NGX_SHMEM_H_INCLUDED_
358 0a03c921c81d nginx-0.0.7-2004-06-17-21:18:53 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	10
0a03c921c81d nginx-0.0.7-2004-06-17-21:18:53 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	11
0a03c921c81d nginx-0.0.7-2004-06-17-21:18:53 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	12 #include <ngx_config.h>
0a03c921c81d nginx-0.0.7-2004-06-17-21:18:53 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	13 #include <ngx_core.h>
0a03c921c81d nginx-0.0.7-2004-06-17-21:18:53 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	14
0a03c921c81d nginx-0.0.7-2004-06-17-21:18:53 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	15
605 5dac8c7fb71b nginx-0.3.24-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	16 typedef struct {
2720 b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	17 u_char *addr;
b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	18 size_t size;
b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	19 ngx_str_t name;
b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	20 ngx_log_t *log;
b3b8c66bd520 support attaching to an existent Win32 shared memory Igor Sysoev <igor@sysoev.ru> parents: 2716 diff changeset	21 ngx_uint_t exists; /* unsigned exists:1; */
605 5dac8c7fb71b nginx-0.3.24-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	22 } ngx_shm_t;
5dac8c7fb71b nginx-0.3.24-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	23
5dac8c7fb71b nginx-0.3.24-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	24
5dac8c7fb71b nginx-0.3.24-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	25 ngx_int_t ngx_shm_alloc(ngx_shm_t *shm);
5dac8c7fb71b nginx-0.3.24-RELEASE import Igor Sysoev <igor@sysoev.ru> parents: 444 diff changeset	26 void ngx_shm_free(ngx_shm_t *shm);
358 0a03c921c81d nginx-0.0.7-2004-06-17-21:18:53 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	27
0a03c921c81d nginx-0.0.7-2004-06-17-21:18:53 import Igor Sysoev <igor@sysoev.ru> parents: diff changeset	28
696 703978149e70 fix header name change Igor Sysoev <igor@sysoev.ru> parents: 605 diff changeset	29 #endif /* _NGX_SHMEM_H_INCLUDED_ */

Mercurial > hg > nginx

annotate src/os/unix/ngx_shmem.h @ 9322:d6f75dd66761 default tip