Blame SOURCES/nginx-1.8.1-CVE-2018-16845.patch

795e49
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
795e49
index 980bf57..b165d79 100644
795e49
--- a/src/http/modules/ngx_http_mp4_module.c
795e49
+++ b/src/http/modules/ngx_http_mp4_module.c
795e49
@@ -896,6 +896,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file_t *mp4,
795e49
                 atom_size = ngx_mp4_get_64value(atom_header + 8);
795e49
                 atom_header_size = sizeof(ngx_mp4_atom_header64_t);
795e49
 
795e49
+                if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
795e49
+                    ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
795e49
+                                  "\"%s\" mp4 atom is too small:%uL",
795e49
+                                  mp4->file.name.data, atom_size);
795e49
+                    return NGX_ERROR;
795e49
+                }
795e49
+
795e49
             } else {
795e49
                 ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
795e49
                               "\"%s\" mp4 atom is too small:%uL",