hls.js icon indicating copy to clipboard operation
hls.js copied to clipboard
verified publisher icon video-dev

HLS clients SHOULD range-check responses

Open robwalch opened this issue 9 months ago • 0 comments

Is your feature request related to a problem? Please describe.

Clients SHOULD range-check responses to prevent buffer overflows.

We've encountered at least one issue (#7001) where a server did not respond to a range request correctly (or a browser did not send the request correctly) and the response contained the wrong number of bytes.

Describe the solution you'd like

This was investigated and draft changes were made (https://github.com/video-dev/hls.js/compare/master...task/log-byte-ranges), but we still need a complete PR that addresses the issue for all loaders (xhr and fetch).

Additional context

No response

robwalch avatar May 16 '25 23:05 robwalch