# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1654628332 -10800
# Node ID 1afd19dc71615356b8d02dca98b1f11fd9fadd54
# Parent  c7e25324be11872c8ff6d7b9de1ff0f5d0af0f1b
Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().

Both "count" and "duration" variables are 32-bit, so their product might
potentially overflow.  It is used to reduce 64-bit start_time variable,
and with very large start_time this can result in incorrect seeking.

Found by Coverity (CID 1499904).

diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -2331,7 +2331,7 @@ ngx_http_mp4_crop_stts_data(ngx_http_mp4
         }
 
         start_sample += count;
-        start_time -= count * duration;
+        start_time -= (uint64_t) count * duration;
         entries--;
         entry++;
     }