)]}'
{
  "commit": "e484a9ccfcf53b82785cc719494b086b9a8742af",
  "tree": "72edddf6dca00b7140af26d48d41668d9398bf8e",
  "parents": [
    "00325d87f9d4617390a9f87fc56412ca37647fcf"
  ],
  "author": {
    "name": "Roman Arutyunyan",
    "email": "arut@nginx.com",
    "time": "Wed Feb 26 15:10:46 2020 +0300"
  },
  "committer": {
    "name": "Roman Arutyunyan",
    "email": "arut@nginx.com",
    "time": "Wed Feb 26 15:10:46 2020 +0300"
  },
  "message": "Mp4: fixed possible chunk offset overflow.\n\nIn \"co64\" atom chunk start offset is a 64-bit unsigned integer.  When trimming\nthe \"mdat\" atom, chunk offsets are casted to off_t values which are typically\n64-bit signed integers.  A specially crafted mp4 file with huge chunk offsets\nmay lead to off_t overflow and result in negative trim boundaries.\n\nThe consequences of the overflow are:\n- Incorrect Content-Length header value in the response.\n- Negative left boundary of the response file buffer holding the trimmed \"mdat\".\n  This leads to pread()/sendfile() errors followed by closing the client\n  connection.\n\nOn rare systems where off_t is a 32-bit integer, this scenario is also feasible\nwith the \"stco\" atom.\n\nThe fix is to add checks which make sure data chunks referenced by each track\nare within the mp4 file boundaries.  Additionally a few more checks are added to\nensure mp4 file consistency and log errors.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "618bf787beeba3fbd8062d1299491bf5fe501b13",
      "old_mode": 33188,
      "old_path": "src/http/modules/ngx_http_mp4_module.c",
      "new_id": "c1006abbb52a11d92203c6779ac8025246ad2c91",
      "new_mode": 33188,
      "new_path": "src/http/modules/ngx_http_mp4_module.c"
    }
  ]
}