vp8: Fix potential use-after-free in mfqe.

Similar issue to 842265.

The pointer in vp8 postproc refers to show_frame_mi which is only
updated on show frame. However, when there is a no-show frame which also
changes the size (thus new frame buffers allocated), show_frame_mi is
not updated with new frame buffer memory.

Change the pointer in postproc to mi which is always updated.

BUG=913246

Change-Id: I5159ba7134a06db472c29a1d84b8d39bb60c7254

diff --git a/vp8/common/mfqe.c b/vp8/common/mfqe.c
index aad908572936d1237b83231e3c412191a4937597..1fe7363f177ec33838e88966e3869bb5173f0147 100644 (file)
--- a/vp8/common/mfqe.c
+++ b/vp8/common/mfqe.c
@@ -235,7 +235,7 @@ void vp8_multiframe_quality_enhance(VP8_COMMON *cm) {
 
   FRAME_TYPE frame_type = cm->frame_type;
   /* Point at base of Mb MODE_INFO list has motion vectors etc */
-  const MODE_INFO *mode_info_context = cm->show_frame_mi;
+  const MODE_INFO *mode_info_context = cm->mi;
   int mb_row;
   int mb_col;
   int totmap, map[4];