From 916da13d6dac8b0d3e8f7b1cb87fa37801cee3f8 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Wed, 3 Feb 2016 00:55:18 +0100
Subject: [PATCH] cfhd: fix off-by-one error in level check

This fixes out-of-bounds writes causing segmentation faults.

Found-by: Piotr Bandurski <ami_stuff@o2.pl>
Reviewed-by: Kieran Kunhya <kierank@obe.tv>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavcodec/cfhd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/cfhd.c b/libavcodec/cfhd.c
index 410bb7b8f7..2436aae249 100644
--- a/libavcodec/cfhd.c
+++ b/libavcodec/cfhd.c
@@ -280,7 +280,7 @@ static int cfhd_decode(AVCodecContext *avctx, void *data, int *got_frame,
                 s->level++;
             av_log(avctx, AV_LOG_DEBUG, "Subband number %"PRIu16"\n", data);
             s->subband_num = data;
-            if (s->level > DWT_LEVELS) {
+            if (s->level >= DWT_LEVELS) {
                 av_log(avctx, AV_LOG_ERROR, "Invalid level\n");
                 ret = AVERROR(EINVAL);
                 break;