[PATCH] MP4 32-bit chunk size buffer overrun fix per the corporatists (CVE-2024-7347 2024-08-14)
Maxim Dounin
mdounin at mdounin.ru
Sun Aug 25 03:46:21 UTC 2024
Hello!
On Sat, Aug 24, 2024 at 03:42:16AM -0500, Barry Allard wrote:
> LGTM. Sanity testing untrusted input seems a deeper improvement than
> just increasing the width of `n`.
>
> It probably could use refactoring of absolute vs. relative position
> variable names to increase semantic clarity, but naming things is
> hard.
>
> Thanks for your diligent maintenance.
Thanks for looking, committed.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list