From debbcfae6010f027a0334d70d0dbb7ddd912ad5a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 2 Jun 2012 04:06:16 +0200
Subject: [PATCH] bmv: fix apparent sign error in the frame_off check

Fixes part of Ticket1373

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/bmv.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/bmv.c b/libavcodec/bmv.c
index 9740b11f15..35923a28d6 100644
--- a/libavcodec/bmv.c
+++ b/libavcodec/bmv.c
@@ -143,7 +143,7 @@ static int decode_bmv_frame(const uint8_t *source, int src_len, uint8_t *frame,
         switch (mode) {
         case 1:
             if (forward) {
-                if (dst - frame + SCREEN_WIDE < frame_off ||
+                if (dst - frame + SCREEN_WIDE < -frame_off ||
                         frame_end - dst < frame_off + len)
                     return -1;
                 for (i = 0; i < len; i++)
@@ -151,7 +151,7 @@ static int decode_bmv_frame(const uint8_t *source, int src_len, uint8_t *frame,
                 dst += len;
             } else {
                 dst -= len;
-                if (dst - frame + SCREEN_WIDE < frame_off ||
+                if (dst - frame + SCREEN_WIDE < -frame_off ||
                         frame_end - dst < frame_off + len)
                     return -1;
                 for (i = len - 1; i >= 0; i--)