The official NGINX Open Source repository.

Roman Arutyunyan ba27037a49 Mp4: fixed possible chunk offset overflow. ... In "co64" atom chunk start offset is a 64-bit unsigned integer. When trimming the "mdat" atom, chunk offsets are casted to off_t values which are typically 64-bit signed integers. A specially crafted mp4 file with huge chunk offsets may lead to off_t overflow and result in negative trim boundaries. The consequences of the overflow are: - Incorrect Content-Length header value in the response. - Negative left boundary of the response file buffer holding the trimmed "mdat". This leads to pread()/sendfile() errors followed by closing the client connection. On rare systems where off_t is a 32-bit integer, this scenario is also feasible with the "stco" atom. The fix is to add checks which make sure data chunks referenced by each track are within the mp4 file boundaries. Additionally a few more checks are added to ensure mp4 file consistency and log errors.		2020-02-26 15:10:46 +03:00
auto	Events: available bytes calculation via ioctl(FIONREAD).	2019-10-17 16:02:19 +03:00
conf	MIME: added font/woff2 type (ticket #1243).	2018-06-15 17:29:55 +03:00
contrib	Contrib: vim syntax, update core and 3rd party module directives.	2019-06-30 10:39:01 +03:00
docs	nginx-1.17.8-RELEASE	2020-01-21 16:39:41 +03:00
misc	Updated OpenSSL used for win32 builds.	2019-09-24 16:30:03 +03:00
src	Mp4: fixed possible chunk offset overflow.	2020-02-26 15:10:46 +03:00
.hgtags	release-1.17.8 tag	2020-01-21 16:39:42 +03:00