multimedia/ffmpeg: backport DoS fix for AVI (direct commit)

FFmpeg 3.4 (via r452570) already contains the fix but 3.3.5 hasn't
been released yet.

Obtained from: upstream (FFmpeg 3.3 relbranch)
Security: CVE-2017-15186
Approved by: ports-secteam blanket