Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().
Both "count" and "duration" variables are 32-bit, so their product might potentially overflow. It is used to reduce 64-bit start_time variable, and with very large start_time this can result in incorrect seeking. Found by Coverity (CID 1499904).
This commit is contained in:
parent
82ff3c2d8c
commit
8d3f47c131
|
@ -2331,7 +2331,7 @@ ngx_http_mp4_crop_stts_data(ngx_http_mp4_file_t *mp4,
|
|||
}
|
||||
|
||||
start_sample += count;
|
||||
start_time -= count * duration;
|
||||
start_time -= (uint64_t) count * duration;
|
||||
entries--;
|
||||
entry++;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue