git.kaiwu.me - nginx.git/commit

]> git.kaiwu.me - nginx.git/commit

projects / nginx.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 3986410) | patch

author	Roman Arutyunyan <arut@nginx.com>
	Sat, 21 Feb 2026 08:04:36 +0000 (12:04 +0400)
committer	Roman Arutyunyan <arutyunyan.roman@gmail.com>
	Tue, 24 Mar 2026 18:33:23 +0000 (22:33 +0400)
commit	a172c880cb51f882a5dc999437e8b3a4f87630cc
tree	9434fd96b9f5715bba8578cd8a77c90b9f8a48b4	tree \| snapshot
parent	3986410e12e2b1abc81965dd96598d4c2dd02b00	commit \| diff

Mp4: avoid zero size buffers in output.

Previously, data validation checks did not cover the cases when the output
contained empty buffers. Such buffers are considered illegal and produce
"zero size buf in output" alerts. The change rejects the mp4 files which
produce such alerts.

Also, the change fixes possible buffer overread and overwrite that could
happen while processing empty stco and co64 atoms, as reported by
Pavel Kohout (Aisle Research) and Tim Becker.

src/http/modules/ngx_http_mp4_module.c

diff | blob | history

nginx upstream