aviobuf: Write new data at s->buf_end in fill_buffer

aviobuf: Write new data at s->buf_end in fill_buffer

In most cases, s->buf_ptr will be equal to s->buf_end when
fill_buffer is called, but this may not always be the case, if
we're seeking forward by reading (permitted by the short seek
threshold).

If fill_buffer is writing to s->buf_ptr instead of s->buf_end (when
they aren't equal and s->buf_ptr is ahead of s->buffer), the data
between s->buf_ptr and s->buf_end is overwritten, leading to
inconsistent buffer content. This could return incorrect data if
later seeking back into the area before the current s->buf_ptr.

Signed-off-by: Luca Barbato <lu_zero@gentoo.org>