VP8: Fix use-after-free in postproc.

The pointer in vp8 postproc refers to show_frame_mi which is only
updated on show frame. However, when there is a no-show frame which also
changes the size (thus new frame buffers allocated), show_frame_mi is
not updated with new frame buffer memory.

Change the pointer in postproc to mi which is always updated.

Bug: 842265
Change-Id: I33874f2112b39f74562cba528432b5f239e6a7bd

diff --git a/vp8/common/postproc.c b/vp8/common/postproc.c
index d67ee8a57d822334a3893f61b4ce2d0a97fb5f2e..8c292d6161dd30e591082ac4e86b6b9d038a3a48 100644 (file)
--- a/vp8/common/postproc.c
+++ b/vp8/common/postproc.c
@@ -65,7 +65,7 @@ void vp8_deblock(VP8_COMMON *cm, YV12_BUFFER_CONFIG *source,
   double level = 6.0e-05 * q * q * q - .0067 * q * q + .306 * q + .0065;
   int ppl = (int)(level + .5);
 
-  const MODE_INFO *mode_info_context = cm->show_frame_mi;
+  const MODE_INFO *mode_info_context = cm->mi;
   int mbr, mbc;
 
   /* The pixel thresholds are adjusted according to if or not the macroblock