From 2f2db811f8533782dfbef57fdb14f4737e2be55a Mon Sep 17 00:00:00 2001
From: Roman Arutyunyan <arutyunyan.roman@gmail.com>
Date: Mon, 24 May 2021 13:08:45 +0300
Subject: [PATCH] Fixed buffer overrun after changing chunk size.

Thanks to Zengxian Ding.
---
 ngx_rtmp_handler.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ngx_rtmp_handler.c b/ngx_rtmp_handler.c
index 17eadee..f42a3bb 100644
--- a/ngx_rtmp_handler.c
+++ b/ngx_rtmp_handler.c
@@ -241,7 +241,9 @@ ngx_rtmp_recv(ngx_event_t *rev)
                     "reusing formerly read data: %d", old_size);
 
             b->pos = b->start;
-            b->last = ngx_movemem(b->pos, old_pos, old_size);
+
+            size = ngx_min((size_t) (b->end - b->start), old_size);
+            b->last = ngx_movemem(b->pos, old_pos, size);
 
             if (s->in_chunk_size_changing) {
                 ngx_rtmp_finalize_set_chunk_size(s);