From 0c10317cb854e234c483e1bb50703c843a17979b Mon Sep 17 00:00:00 2001
From: Markus Koschany <apo@debian.org>
Date: Sun, 30 Dec 2018 14:25:04 +0100
Subject: [PATCH] CVE-2017-14056

Origin: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de

Gbp-Pq: Name CVE-2017-14056.patch
---
 libavformat/rl2.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/libavformat/rl2.c b/libavformat/rl2.c
index 5d30bf8..48c1ea6 100644
--- a/libavformat/rl2.c
+++ b/libavformat/rl2.c
@@ -175,12 +175,21 @@ static av_cold int rl2_read_header(AVFormatContext *s)
     }
 
     /** read offset and size tables */
-    for(i=0; i < frame_count;i++)
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         chunk_size[i] = avio_rl32(pb);
-    for(i=0; i < frame_count;i++)
+    }
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         chunk_offset[i] = avio_rl32(pb);
-    for(i=0; i < frame_count;i++)
+    }
+    for(i=0; i < frame_count;i++) {
+        if (avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         audio_size[i] = avio_rl32(pb) & 0xFFFF;
+    }
 
     /** build the sample index */
     for(i=0;i<frame_count;i++){
-- 
2.30.2