Mercurial > hg > nginx

view src/core/ngx_bpf.h @ 9322:d6f75dd66761 default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mp4: added and updated sanity checks for "end" handling. When handling incorrect data in ngx_http_mp4_crop_stsc_data(), trak->end_chunk_samples might end up being arbitrary large, leading to reading before the buffer in ngx_http_mp4_update_stsz_atom(). Fix is to check that trak->end_chunk_samples corresponds to a memory within the stsz atom data. For consistency, trak->start_chunk_samples is checked similarly. Similarly, trak->end_chunk might end up being smaller than trak->start_chunk, leading to reading memory after the buffer in ngx_http_mp4_update_stco_atom() and ngx_http_mp4_update_co64_atom(). Corresponding checks are updated to explicitly test (trak->end_chunk - trak->start_chunk) instead of just checking trak->end_chunk and assuming it is larger than trak->start_chunk. This is generally in line with existing checks of (trak->end_sample - trak->start_sample) in ngx_http_mp4_update_stsz_atom(), where trak->end_sample might also become smaller than trak->start_sample when handling incorrect data in ngx_http_mp4_crop_stts_data().
author Maxim Dounin <mdounin@mdounin.ru>
date Sun, 25 Aug 2024 06:35:40 +0300
parents d3747ba486e7
children
line wrap: on
line source


/*
 * Copyright (C) Nginx, Inc.
 */


#ifndef _NGX_BPF_H_INCLUDED_
#define _NGX_BPF_H_INCLUDED_


#include <ngx_config.h>
#include <ngx_core.h>

#include <linux/bpf.h>


typedef struct {
    char                *name;
    int                  offset;
} ngx_bpf_reloc_t;

typedef struct {
    char                *license;
    enum bpf_prog_type   type;
    struct bpf_insn     *ins;
    size_t               nins;
    ngx_bpf_reloc_t     *relocs;
    size_t               nrelocs;
} ngx_bpf_program_t;


void ngx_bpf_program_link(ngx_bpf_program_t *program, const char *symbol,
    int fd);
int ngx_bpf_load_program(ngx_log_t *log, ngx_bpf_program_t *program);

int ngx_bpf_map_create(ngx_log_t *log, enum bpf_map_type type, int key_size,
    int value_size, int max_entries, uint32_t map_flags);
int ngx_bpf_map_update(int fd, const void *key, const void *value,
    uint64_t flags);
int ngx_bpf_map_delete(int fd, const void *key);
int ngx_bpf_map_lookup(int fd, const void *key, void *value);

#endif /* _NGX_BPF_H_INCLUDED_ */