From: Markus Koschany <apo@debian.org>
Date: Sun, 30 Dec 2018 13:27:49 +0000 (+0100)
Subject: CVE-2017-14055
X-Git-Tag: archive/raspbian/6%11.12-1_deb8u5+rpi1^2~12
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=5813c2be64e28e0d4d978fb1057fe96eafb52330;p=libav.git

CVE-2017-14055

Origin: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e

Gbp-Pq: Name CVE-2017-14055.patch
---

diff --git a/libavformat/mvdec.c b/libavformat/mvdec.c
index e21ec06..4c62993 100644
--- a/libavformat/mvdec.c
+++ b/libavformat/mvdec.c
@@ -327,6 +327,8 @@ static int mv_read_header(AVFormatContext *avctx)
             uint32_t pos   = avio_rb32(pb);
             uint32_t asize = avio_rb32(pb);
             uint32_t vsize = avio_rb32(pb);
+            if (avio_feof(pb))
+                return AVERROR_INVALIDDATA;
             avio_skip(pb, 8);
             av_add_index_entry(ast, pos, timestamp, asize, 0, AVINDEX_KEYFRAME);
             av_add_index_entry(vst, pos + asize, i, vsize, 0, AVINDEX_KEYFRAME);