diff options
| author |   robert <robert@openbsd.org> | 2013-05-15 18:52:00 +0000 |
|---|---|---|
| committer | robert <robert@openbsd.org> | 2013-05-15 18:52:00 +0000 |
| commit | 49441a589f6db81e98f5e4d768fa450ad95e475e (patch) | |
| tree | 81419fcc72e53dc86e81dea971d84ca916e1c4b8 /usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c | |
| parent | Don't let cursor position overflow when reflowing, from Christopher (diff) | |
| download | wireguard-openbsd-49441a589f6db81e98f5e4d768fa450ad95e475e.tar.xz wireguard-openbsd-49441a589f6db81e98f5e4d768fa450ad95e475e.zip | |
update to 1.2.9; several bugfixes and security fix for CVE-2013-2070
Diffstat (limited to 'usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c')
| -rw-r--r-- | usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c b/usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c index d3be23420e6..e793f77b7fd 100644 --- a/usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c +++ b/usr.sbin/nginx/src/http/modules/ngx_http_mp4_module.c @@ -750,6 +750,13 @@ ngx_http_mp4_process(ngx_http_mp4_file_t *mp4) *prev = &mp4->mdat_atom; + if (start_offset > mp4->mdat_data.buf->file_last) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "start time is out mp4 mdat atom in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + adjustment = mp4->ftyp_size + mp4->moov_size + ngx_http_mp4_update_mdat_atom(mp4, start_offset) - start_offset; |