Fix the bug for feature_score computation

The visited is not set to 1 after an item is pushed into the heap.
This may cause one item being pushed into the heap multiple
times, which may incur buffer overflow and memory corruption.

Change-Id: I443f1e5693856bb4066542403f98492d4daec69d

diff --git a/vp9/encoder/vp9_encoder.c b/vp9/encoder/vp9_encoder.c
index 2087adc85bb0182ee680810d915ae13cd2d4d55e..a5da54283e07205c6172b83d909926c508021fdc 100644 (file)
--- a/vp9/encoder/vp9_encoder.c
+++ b/vp9/encoder/vp9_encoder.c
@@ -6477,6 +6477,7 @@ static void max_heap_push(FEATURE_SCORE_LOC **heap, int *size,
                           FEATURE_SCORE_LOC *input) {
   int c, p;
   FEATURE_SCORE_LOC *tmp;
+  input->visited = 1;
   heap[*size] = input;
   ++*size;
   c = *size - 1;
@@ -6581,8 +6582,6 @@ static void build_motion_field(VP9_COMP *cpi, MACROBLOCKD *xd, int frame_idx,
     FEATURE_SCORE_LOC *fs_loc;
     max_heap_pop(cpi->feature_score_loc_heap, &fs_loc_heap_size, &fs_loc);
 
-    fs_loc->visited = 1;
-
     do_motion_search(cpi, td, frame_idx, ref_frame, bsize, fs_loc->mi_row,
                      fs_loc->mi_col);