diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2024-10-22 18:34:13 +0400 |
|---|---|---|
| committer | Roman Arutyunyan <arutyunyan.roman@gmail.com> | 2024-11-21 16:08:48 +0400 |
| commit | 569948aa12409773f27572fca3d2c8e18c9c657f (patch) | |
| tree | 49aced3b31d85a80a7670ffae0445d49f3c1cc2e | |
| parent | d1a02451c3c5767b5d0f23e138db98a9f7801335 (diff) | |
| download | nginx-569948aa12409773f27572fca3d2c8e18c9c657f.tar.gz nginx-569948aa12409773f27572fca3d2c8e18c9c657f.zip | |
Mp4: prevent chunk index underflow.
When cropping stsc atom, it's assumed that chunk index is never 0.
Based on this assumption, start_chunk and end_chunk are calculated
by subtracting 1 from it. If chunk index is zero, start_chunk or
end_chunk may underflow, which will later trigger
"start/end time is out mp4 stco chunks" error. The change adds an
explicit check for zero chunk index to avoid underflow and report
a proper error.
Zero chunk index is explicitly banned in ISO/IEC 14496-12, 8.7.4
Sample To Chunk Box. It's also implicitly banned in QuickTime File
Format specification. Description of chunk offset table references
"Chunk 1" as the first table element.
| -rw-r--r-- | src/http/modules/ngx_http_mp4_module.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c index 49b0999cf..b7bd192df 100644 --- a/src/http/modules/ngx_http_mp4_module.c +++ b/src/http/modules/ngx_http_mp4_module.c @@ -3221,6 +3221,12 @@ found: return NGX_ERROR; } + if (chunk == 0) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "zero chunk in \"%s\"", mp4->file.name.data); + return NGX_ERROR; + } + target_chunk = chunk - 1; target_chunk += start_sample / samples; chunk_samples = start_sample % samples; |