Mercurial > hg > nginx
comparison src/http/modules/ngx_http_mp4_module.c @ 8043:1afd19dc7161
Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().
Both "count" and "duration" variables are 32-bit, so their product might
potentially overflow. It is used to reduce 64-bit start_time variable,
and with very large start_time this can result in incorrect seeking.
Found by Coverity (CID 1499904).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 07 Jun 2022 21:58:52 +0300 |
parents | f17ba8ecaaf0 |
children | 4032c1bdfa14 |
comparison
equal
deleted
inserted
replaced
8042:c7e25324be11 | 8043:1afd19dc7161 |
---|---|
2329 rest = (uint32_t) (start_time / duration); | 2329 rest = (uint32_t) (start_time / duration); |
2330 goto found; | 2330 goto found; |
2331 } | 2331 } |
2332 | 2332 |
2333 start_sample += count; | 2333 start_sample += count; |
2334 start_time -= count * duration; | 2334 start_time -= (uint64_t) count * duration; |
2335 entries--; | 2335 entries--; |
2336 entry++; | 2336 entry++; |
2337 } | 2337 } |
2338 | 2338 |
2339 if (start) { | 2339 if (start) { |