diff options
| author | Adrian Grange <agrange@google.com> | 2011-12-09 12:47:57 -0800 |
|---|---|---|
| committer | Adrian Grange <agrange@google.com> | 2011-12-09 12:47:57 -0800 |
| commit | 95b4cf059cc2cb71ff49b818df4d285ced299cfc (patch) | |
| tree | e2e051cb7502d88a3c150e6534adb16cd57ec970 /vp8 | |
| parent | 7748d833e8dc61c6169529dc105aacea006ee455 (diff) | |
| download | libvpx-95b4cf059cc2cb71ff49b818df4d285ced299cfc.tar libvpx-95b4cf059cc2cb71ff49b818df4d285ced299cfc.tar.gz libvpx-95b4cf059cc2cb71ff49b818df4d285ced299cfc.tar.bz2 libvpx-95b4cf059cc2cb71ff49b818df4d285ced299cfc.zip | |
Fix out of bounds read in update_mbgraph_frame_stats
update_mbgraph_frame_stats used xd->mode_info_context
before it had been setup, resulting in potentially
random accesses of uninitialized memory.
This fix allocates a local MODE_INFO structure to hold
the data generated in the function.
Change-Id: Ic9e75610008ce0e2d690e8e583c21582fee6fc45
Diffstat (limited to 'vp8')
| -rw-r--r-- | vp8/encoder/mbgraph.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/vp8/encoder/mbgraph.c b/vp8/encoder/mbgraph.c index 3403f1724..100a036fd 100644 --- a/vp8/encoder/mbgraph.c +++ b/vp8/encoder/mbgraph.c @@ -331,6 +331,7 @@ static void update_mbgraph_frame_stats int mb_col, mb_row, offset = 0; int mb_y_offset = 0, arf_y_offset = 0, gld_y_offset = 0; int_mv arf_top_mv, gld_top_mv; + MODE_INFO mi_local; // Set up limit values for motion vectors to prevent them extending outside the UMV borders arf_top_mv.as_int = 0; @@ -341,6 +342,7 @@ static void update_mbgraph_frame_stats xd->dst.y_stride = buf->y_stride; xd->pre.y_stride = buf->y_stride; xd->dst.uv_stride = buf->uv_stride; + xd->mode_info_context = &mi_local; for (mb_row = 0; mb_row < cm->mb_rows; mb_row++) { |