diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2024-09-23 15:51:30 +0400 |
|---|---|---|
| committer | pluknet <pluknet@nginx.com> | 2025-02-05 20:40:47 +0400 |
| commit | 4712dee8820cf6af417b1932d9ef65774a1ee1b3 (patch) | |
| tree | 9924d80b6cdb1a4da264438649b8b5e5811c7561 /src/core/ngx_proxy_protocol.c | |
| parent | cfd68334d8ba39b5fa016fe323aa8cdbd540cbe6 (diff) | |
| download | nginx-4712dee8820cf6af417b1932d9ef65774a1ee1b3.tar.gz nginx-4712dee8820cf6af417b1932d9ef65774a1ee1b3.tar.bz2 | |
Mp4: fixed handling an empty run of chunks in stsc atom.
A specially crafted mp4 file with an empty run of chunks in the stsc atom
and a large value for samples per chunk for that run, combined with a
specially crafted request, allowed to store that large value in prev_samples
and later in trak->end_chunk_samples while in ngx_http_mp4_crop_stsc_data().
Later in ngx_http_mp4_update_stsz_atom() this could result in buffer
overread while calculating trak->end_chunk_samples_size.
Now the value of samples per chunk specified for an empty run is ignored.
Diffstat (limited to 'src/core/ngx_proxy_protocol.c')
0 files changed, 0 insertions, 0 deletions