]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a172c88) | patch
Mp4: fixed possible integer overflow on 32-bit platforms.
authorRoman Arutyunyan <arut@nginx.com>
Mon, 2 Mar 2026 17:12:34 +0000 (21:12 +0400)
committerRoman Arutyunyan <arutyunyan.roman@gmail.com>
Tue, 24 Mar 2026 18:33:23 +0000 (22:33 +0400)
commitb23ac73b00313d159a99636c21ef71b828781018
tree4d3c223fe4400c7eb65e1363a51bf420c7463e51tree | snapshot
parenta172c880cb51f882a5dc999437e8b3a4f87630cccommit | diff
Mp4: fixed possible integer overflow on 32-bit platforms.

Previously, a 32-bit overflow could happen while validating atom entries
count.  This allowed processing of an invalid atom with entrires beyond
its boundaries with reads and writes outside of the allocated mp4 buffer.

Reported by Prabhav Srinath (sprabhav7).
src/http/modules/ngx_http_mp4_module.c diff | blob | history
nginx upstream