diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2024-08-12 18:20:43 +0400 |
|---|---|---|
| committer | Roman Arutyunyan <arut@nginx.com> | 2024-08-12 18:20:43 +0400 |
| commit | 7362d01658b61184108c21278443910da68f93b4 (patch) | |
| tree | 3ddc4d1a73128b58699ba72484d935d0e414f340 /src/stream/ngx_stream_ssl_module.c | |
| parent | 0fa8434957dcecef934a70e9c92d40a0a08988bd (diff) | |
| download | nginx-7362d01658b61184108c21278443910da68f93b4.tar.gz nginx-7362d01658b61184108c21278443910da68f93b4.zip | |
Mp4: fixed buffer underread while updating stsz atom.
While cropping an stsc atom in ngx_http_mp4_crop_stsc_data(), a 32-bit integer
overflow could happen, which could result in incorrect seeking and a very large
value stored in "samples". This resulted in a large invalid value of
trak->end_chunk_samples. This value is further used to calculate the value of
trak->end_chunk_samples_size in ngx_http_mp4_update_stsz_atom(). While doing
this, a large invalid value of trak->end_chunk_samples could result in reading
memory before stsz atom start. This could potentially result in a segfault.
Diffstat (limited to 'src/stream/ngx_stream_ssl_module.c')
0 files changed, 0 insertions, 0 deletions