Buffer size should be checked when parsing font name field of QuicktimeText block #469
Description
Some cameras (at least "Insta360 oneR") produce video files with malformed 'stsd' - 'text' block, for example, like this:
000019499A: 00 00 00 41 74 65 78 74 | 00 00 00 00 00 00 00 01 Atext ?
00001949AA: 00 00 60 00 00 00 00 01 | 00 00 00 00 00 00 00 00 ` ?
00001949BA: 00 00 00 00 00 00 00 00 | 00 00 00 00 00 00 00 00
00001949CA: 00 00 00 00 00 00 00 00 | 00 00 00 47 65 6E 65 76 Genev
00001949DA: 61 | a
The same block, splitted by fields:
00 00 00 41 atom size = 65 bytes
74 65 78 74 'text'
00 00 00 00 00 00 reserved
00 01 data reference index = 1
00 00 60 00 display flags (Anti-alias 0x2000 + key text 0x4000)
00 00 00 01 test justification (1 for centered text)
00 00 00 00 00 00 background color
00 00 00 00 00 00 00 00 default text box
00 00 00 00 00 00 00 00 reserved
00 00 font number
00 00 font face
00 reserved
00 00 reserved
00 00 00 00 00 00 foreground color
47 65 6E 65 76 61 font name ('Geneva')
Here, font name in format of "pascal string" expected, but it's in format of raw string instead. When parser tries to read a font name, it reads 0x47 byte, thinks that its a string length and then tries to read 0x47 bytes more from the buffer, but only 5 bytes remain and exception is thrown:
java.nio.BufferUnderflowException
at java.base/java.nio.HeapByteBuffer.get(HeapByteBuffer.java:182)
at java.base/java.nio.ByteBuffer.get(ByteBuffer.java:770)
at org.mp4parser.boxes.apple.QuicktimeTextSampleEntry.parse(QuicktimeTextSampleEntry.java:89)
Example file attached https://github.com/sannies/mp4parser/assets/33483335/7a59b377-2be0-4856-aded-d3cd46bec3b2