When receiving fragmented packets, the first packet declares the size,
and the later ones normally are small follow-on packets that don't repeat
the size and the other header fields. But technically, the later fragments
also can have a full header, declaring a different size than the previous
packet.

If the follow-on packet declares a larger size than the initial one, we
could end up writing outside of the allocation.

This fixes out of bounds writes.
Found-by: Paul Cher <paulcher@icloud.com>
Reviewed-by: Paul Cher <paulcher@icloud.com>

CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>