details:
https://github.com/nginx/nginx/commit/e9e83dbb697c17b7ad51d1dd8536ad1c601fdd0e
branches: stable-1.26
commit: e9e83dbb697c17b7ad51d1dd8536ad1c601fdd0e
user: Roman Arutyunyan <a...@nginx.com>
date: Tue, 22 Oct 2024 18:34:13 +0400
description:
Mp4: prevent chunk index underflow.
When cropping stsc atom, it's assumed that chunk index is never 0.
Based on this assumption, start_chunk and end_chunk are calculated
by subtracting 1 from it. If chunk index is zero, start_chunk or
end_chunk may underflow, which will later trigger
"start/end time is out mp4 stco chunks" error. The change adds an
explicit check for zero chunk index to avoid underflow and report
a proper error.
Zero chunk index is explicitly banned in ISO/IEC 14496-12, 8.7.4
Sample To Chunk Box. It's also implicitly banned in QuickTime File
Format specification. Description of chunk offset table references
"Chunk 1" as the first table element.
---
src/http/modules/ngx_http_mp4_module.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/http/modules/ngx_http_mp4_module.c
b/src/http/modules/ngx_http_mp4_module.c
index 49b0999cf..b7bd192df 100644
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -3221,6 +3221,12 @@ found:
return NGX_ERROR;
}
+ if (chunk == 0) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "zero chunk in \"%s\"", mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
target_chunk = chunk - 1;
target_chunk += start_sample / samples;
chunk_samples = start_sample % samples;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
