Mercurial > hg > nginx

changeset 8043:1afd19dc7161

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data(). Both "count" and "duration" variables are 32-bit, so their product might potentially overflow. It is used to reduce 64-bit start_time variable, and with very large start_time this can result in incorrect seeking. Found by Coverity (CID 1499904).
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 07 Jun 2022 21:58:52 +0300
parents c7e25324be11
children 457afc332c67
files src/http/modules/ngx_http_mp4_module.c
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -2331,7 +2331,7 @@ ngx_http_mp4_crop_stts_data(ngx_http_mp4
         }
 
         start_sample += count;
-        start_time -= count * duration;
+        start_time -= (uint64_t) count * duration;
         entries--;
         entry++;
     }