Mercurial > hg > nginx
comparison src/http/modules/ngx_http_mp4_module.c @ 8043:1afd19dc7161
Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().
Both "count" and "duration" variables are 32-bit, so their product might
potentially overflow. It is used to reduce 64-bit start_time variable,
and with very large start_time this can result in incorrect seeking.
Found by Coverity (CID 1499904).
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Tue, 07 Jun 2022 21:58:52 +0300 |
| parents | f17ba8ecaaf0 |
| children | 4032c1bdfa14 |
comparison
equal
deleted
inserted
replaced
| 8042:c7e25324be11 | 8043:1afd19dc7161 |
|---|---|
| 2329 rest = (uint32_t) (start_time / duration); | 2329 rest = (uint32_t) (start_time / duration); |
| 2330 goto found; | 2330 goto found; |
| 2331 } | 2331 } |
| 2332 | 2332 |
| 2333 start_sample += count; | 2333 start_sample += count; |
| 2334 start_time -= count * duration; | 2334 start_time -= (uint64_t) count * duration; |
| 2335 entries--; | 2335 entries--; |
| 2336 entry++; | 2336 entry++; |
| 2337 } | 2337 } |
| 2338 | 2338 |
| 2339 if (start) { | 2339 if (start) { |