Mp4: fixed reading 64-bit atoms.
Previously there was no validation for the size of a 64-bit atom in an mp4 file. This could lead to a CPU hog when the size is 0, or various other problems due to integer underflow when calculating atom data size, including segmentation fault or worker process memory disclosure.
This commit is contained in:
parent
b4b96440a6
commit
07b5f8e603
|
@ -942,6 +942,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file_t *mp4,
|
|||
atom_size = ngx_mp4_get_64value(atom_header + 8);
|
||||
atom_header_size = sizeof(ngx_mp4_atom_header64_t);
|
||||
|
||||
if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
|
||||
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
|
||||
"\"%s\" mp4 atom is too small:%uL",
|
||||
mp4->file.name.data, atom_size);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
} else {
|
||||
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
|
||||
"\"%s\" mp4 atom is too small:%uL",
|
||||
|
|
Loading…
Reference in New Issue