]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7725c37) | patch
Mp4: fixed possible integer overflow on 32-bit platforms.
authorRoman Arutyunyan <arut@nginx.com>
Mon, 2 Mar 2026 17:12:34 +0000 (21:12 +0400)
committerRoman Arutyunyan <arutyunyan.roman@gmail.com>
Tue, 24 Mar 2026 14:44:57 +0000 (18:44 +0400)
commit3568812cf98dfd7661cd7516ecf9b398c134ab3c
treec52f95cf17742607039fef6d3291940e7cb6e1d2tree | snapshot
parent7725c372c2fe11ff908b1d6138be219ad694c42fcommit | diff
Mp4: fixed possible integer overflow on 32-bit platforms.

Previously, a 32-bit overflow could happen while validating atom entries
count.  This allowed processing of an invalid atom with entrires beyond
its boundaries with reads and writes outside of the allocated mp4 buffer.

Reported by Prabhav Srinath (sprabhav7).
src/http/modules/ngx_http_mp4_module.c diff | blob | history
nginx upstream