diff options
| author | Jerome Jiang <jianj@google.com> | 2018-12-14 14:39:58 -0800 |
|---|---|---|
| committer | Jerome Jiang <jianj@google.com> | 2018-12-14 15:00:29 -0800 |
| commit | 0e408ea67cd142a3f27189d7e00cbabea96a28d6 (patch) | |
| tree | c45f48eedae668db9cb1f48d1eb67e4261c2cc78 | |
| parent | 890c8a15d11be3141dff16c2c577622b59abbb66 (diff) | |
| download | libvpx-0e408ea67cd142a3f27189d7e00cbabea96a28d6.tar libvpx-0e408ea67cd142a3f27189d7e00cbabea96a28d6.tar.gz libvpx-0e408ea67cd142a3f27189d7e00cbabea96a28d6.tar.bz2 libvpx-0e408ea67cd142a3f27189d7e00cbabea96a28d6.zip | |
vp8: Fix potential use-after-free in mfqe.
Similar issue to 842265.
The pointer in vp8 postproc refers to show_frame_mi which is only
updated on show frame. However, when there is a no-show frame which also
changes the size (thus new frame buffers allocated), show_frame_mi is
not updated with new frame buffer memory.
Change the pointer in postproc to mi which is always updated.
BUG=913246
Change-Id: I5159ba7134a06db472c29a1d84b8d39bb60c7254
| -rw-r--r-- | vp8/common/mfqe.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/vp8/common/mfqe.c b/vp8/common/mfqe.c index aad908572..1fe7363f1 100644 --- a/vp8/common/mfqe.c +++ b/vp8/common/mfqe.c @@ -235,7 +235,7 @@ void vp8_multiframe_quality_enhance(VP8_COMMON *cm) { FRAME_TYPE frame_type = cm->frame_type; /* Point at base of Mb MODE_INFO list has motion vectors etc */ - const MODE_INFO *mode_info_context = cm->show_frame_mi; + const MODE_INFO *mode_info_context = cm->mi; int mb_row; int mb_col; int totmap, map[4]; |