Google Git
Sign in
nginx/nginx/1b902022e4e8344fa1bebe63e68fbf5a073482d8^!/.
commit
1b902022e4e8344fa1bebe63e68fbf5a073482d8
[log]
author
Maxim Dounin <mdounin@mdounin.ru>
Tue Jun 07 21:58:52 2022 +0300
committer
Maxim Dounin <mdounin@mdounin.ru>
Tue Jun 07 21:58:52 2022 +0300
tree
c7312f07d2d6fe3e055dfd815e1f61f68843dc7f
parent
65d275a46c7e8b83ba606ed18fd620f330a0b97a [diff]
Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().

Both "count" and "duration" variables are 32-bit, so their product might
potentially overflow.  It is used to reduce 64-bit start_time variable,
and with very large start_time this can result in incorrect seeking.

Found by Coverity (CID 1499904).

diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index 9c3f627..5721efb 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c

@@ -2331,7 +2331,7 @@
         }
 
         start_sample += count;
-        start_time -= count * duration;
+        start_time -= (uint64_t) count * duration;
         entries--;
         entry++;
     }