avcodec/flicvideo: Check for chunk overread

Fixes integer overflow
Fixes: 1292/clusterfuzz-testcase-minimized-5795512143839232
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

libavcodec/flicvideo.c

@@ -444,8 +444,12 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
             break;
         }
 
-        if (stream_ptr_after_chunk - bytestream2_tell(&g2) > 0)
+        if (stream_ptr_after_chunk - bytestream2_tell(&g2) >= 0) {
             bytestream2_skip(&g2, stream_ptr_after_chunk - bytestream2_tell(&g2));
+        } else {
+            av_log(avctx, AV_LOG_ERROR, "Chunk overread\n");
+            break;
+        }
 
         frame_size -= chunk_size;
         num_chunks--;
@@ -742,6 +746,13 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
             break;
         }
 
+        if (stream_ptr_after_chunk - bytestream2_tell(&g2) >= 0) {
+            bytestream2_skip(&g2, stream_ptr_after_chunk - bytestream2_tell(&g2));
+        } else {
+            av_log(avctx, AV_LOG_ERROR, "Chunk overread\n");
+            break;
+        }
+
         frame_size -= chunk_size;
         num_chunks--;
     }
@@ -1016,6 +1027,13 @@ static int flic_decode_frame_24BPP(AVCodecContext *avctx,
             break;
         }
 
+        if (stream_ptr_after_chunk - bytestream2_tell(&g2) >= 0) {
+            bytestream2_skip(&g2, stream_ptr_after_chunk - bytestream2_tell(&g2));
+        } else {
+            av_log(avctx, AV_LOG_ERROR, "Chunk overread\n");
+            break;
+        }
+
         frame_size -= chunk_size;
         num_chunks--;
     }