From 89c3dd4d68be581ce1d0567f4cc1797879971c18 Mon Sep 17 00:00:00 2001
From: Markus Koschany <apo@debian.org>
Date: Sun, 30 Dec 2018 20:53:42 +0100
Subject: [PATCH] CVE-2017-14170

Origin: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2

Gbp-Pq: Name CVE-2017-14170.patch
---
 libavformat/mxfdec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 9aedd47..5392ed9 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -743,6 +743,8 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg
         return AVERROR(ENOMEM);
 
     length = avio_rb32(pb);
+    if(segment->nb_index_entries && length < 11)
+        return AVERROR_INVALIDDATA;
 
     segment->temporal_offset_entries = av_mallocz(segment->nb_index_entries *
                                  sizeof(*segment->temporal_offset_entries));
@@ -760,6 +762,8 @@ static int mxf_read_index_entry_array(AVIOContext *pb, MXFIndexTableSegment *seg
     }
 
     for (i = 0; i < segment->nb_index_entries; i++) {
+        if(avio_feof(pb))
+            return AVERROR_INVALIDDATA;
         segment->temporal_offset_entries[i] = avio_r8(pb);
         avio_r8(pb);                                        /* KeyFrameOffset */
         segment->flag_entries[i] = avio_r8(pb);
-- 
2.30.2