From e11dcc35bb4dbacd87378465b4cafa6a604e8b87 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 17 May 2017 02:17:13 +0200
Subject: [PATCH] avcodec/fmvc: Fix off by 1 error

Fixes: out of array access
Fixes: 1643/clusterfuzz-testcase-minimized-6117573403869184

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/fmvc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/fmvc.c b/libavcodec/fmvc.c
index ff5f291da6..2368e95f29 100644
--- a/libavcodec/fmvc.c
+++ b/libavcodec/fmvc.c
@@ -459,7 +459,7 @@ static int decode_frame(AVCodecContext *avctx,
             int size, offset, start = 0;
 
             offset = bytestream2_get_le16(gb);
-            if (offset > s->nb_blocks)
+            if (offset >= s->nb_blocks)
                 return AVERROR_INVALIDDATA;
 
             size = bytestream2_get_le16(gb);
-- 
2.11.0