mirror of
https://github.com/nginx/nginx.git
synced 2026-07-11 11:24:48 +00:00
Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().
Both "count" and "duration" variables are 32-bit, so their product might potentially overflow. It is used to reduce 64-bit start_time variable, and with very large start_time this can result in incorrect seeking. Found by Coverity (CID 1499904).
This commit is contained in:
parent
f08dbefadf
commit
80fc2ddf57
1 changed files with 1 additions and 1 deletions
|
|
@ -2331,7 +2331,7 @@ ngx_http_mp4_crop_stts_data(ngx_http_mp4_file_t *mp4,
|
|||
}
|
||||
|
||||
start_sample += count;
|
||||
start_time -= count * duration;
|
||||
start_time -= (uint64_t) count * duration;
|
||||
entries--;
|
||||
entry++;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue