svq1dec: update w/h only if the header is successfully parsed.

Prevents inconsistency and out of array accesses.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

libavcodec/svq1dec.c

@@ -505,6 +505,8 @@ static void svq1_parse_string(GetBitContext *bitbuf, uint8_t *out)
 static int svq1_decode_frame_header(GetBitContext *bitbuf, MpegEncContext *s)
 {
     int frame_size_code;
+    int width  = s->width;
+    int height = s->height;
 
     skip_bits(bitbuf, 8); /* temporal_reference */
 
@@ -544,15 +546,15 @@ static int svq1_decode_frame_header(GetBitContext *bitbuf, MpegEncContext *s)
 
         if (frame_size_code == 7) {
             /* load width, height (12 bits each) */
-            s->width  = get_bits(bitbuf, 12);
+            width  = get_bits(bitbuf, 12);
-            s->height = get_bits(bitbuf, 12);
+            height = get_bits(bitbuf, 12);
 
-            if (!s->width || !s->height)
+            if (!width || !height)
                 return AVERROR_INVALIDDATA;
         } else {
             /* get width, height from table */
-            s->width  = ff_svq1_frame_size_table[frame_size_code].width;
+            width  = ff_svq1_frame_size_table[frame_size_code].width;
-            s->height = ff_svq1_frame_size_table[frame_size_code].height;
+            height = ff_svq1_frame_size_table[frame_size_code].height;
         }
     }
 
@@ -575,6 +577,8 @@ static int svq1_decode_frame_header(GetBitContext *bitbuf, MpegEncContext *s)
             skip_bits(bitbuf, 8);
     }
 
+    s->width  = width;
+    s->height = height;
     return 0;
 }