demux: mp4: fix overflow in cprt language decoding

refs #12283 (cherry picked from commit fa6b1937bcbdd00726502c1f47a6826a08b5dade) Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>

demux: mp4: fix overflow in cprt language decoding
refs #12283 (cherry picked from commit fa6b1937bcbdd00726502c1f47a6826a08b5dade) Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
aff86847 · Francois Cartegnie · Jean-Baptiste Kempf · 0cbdd515 · aff86847 · aff86847
Commit aff86847 authored Sep 27, 2014 by Francois Cartegnie Committed by Jean-Baptiste Kempf Sep 28, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 14 deletions

modules/demux/mp4/libmp4.c modules/demux/mp4/libmp4.c +7 -12

modules/demux/mp4/libmp4.h modules/demux/mp4/libmp4.h +2 -2

No files found.
--- a/modules/demux/mp4/libmp4.c
+++ b/modules/demux/mp4/libmp4.c
@@ -2342,26 +2342,21 @@ static int MP4_ReadBox_elst( stream_t *p_stream, MP4_Box_t *p_box )

 static int MP4_ReadBox_cprt( stream_t *p_stream, MP4_Box_t *p_box )
 {
-    unsigned int i_language;
+    uint16_t i_language;
+    bool b_mac;

    MP4_READBOX_ENTER( MP4_Box_data_cprt_t );

    MP4_GETVERSIONFLAGS( p_box->data.p_cprt );

-    i_language = GetWBE( p_peek );
-    for( unsigned i = 0; i < 3; i++ )
-    {
-        p_box->data.p_cprt->i_language[i] =
-            ( ( i_language >> ( (2-i)*5 ) )&0x1f ) + 0x60;
-    }
-    p_peek += 2; i_read -= 2;
+    MP4_GET2BYTES( i_language );
+    decodeQtLanguageCode( i_language, p_box->data.p_cprt->rgs_language, &b_mac );
+
    MP4_GETSTRINGZ( p_box->data.p_cprt->psz_notice );

 #ifdef MP4_VERBOSE
-    msg_Dbg( p_stream, "read box: \"cprt\" language %c%c%c notice %s",
-                      p_box->data.p_cprt->i_language[0],
-                      p_box->data.p_cprt->i_language[1],
-                      p_box->data.p_cprt->i_language[2],
+    msg_Dbg( p_stream, "read box: \"cprt\" language %3.3s notice %s",
+                      p_box->data.p_cprt->rgs_language,
                      p_box->data.p_cprt->psz_notice );

 #endif

--- a/modules/demux/mp4/libmp4.h
+++ b/modules/demux/mp4/libmp4.h
@@ -748,8 +748,8 @@ typedef struct MP4_Box_data_cprt_s
 {
    uint8_t  i_version;
    uint32_t i_flags;
-    /* 1 pad bit */
-    unsigned char i_language[3];
+
+    char     rgs_language[3]; /* ISO-639-2/T */

    char *psz_notice;
 } MP4_Box_data_cprt_t;