File CVE-2019-9433.patch of Package libvpx.30875

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2019-9433.patch of Package libvpx.30875

commit 52add5896661d186dec284ed646a4b33b607d2c7
Author: Jerome Jiang <jianj@google.com>
Date:   Wed May 23 15:43:00 2018 -0700

VP8: Fix use-after-free in postproc.
    
    The pointer in vp8 postproc refers to show_frame_mi which is only
    updated on show frame. However, when there is a no-show frame which also
    changes the size (thus new frame buffers allocated), show_frame_mi is
    not updated with new frame buffer memory.
    
    Change the pointer in postproc to mi which is always updated.
    
    Bug: 842265
    Change-Id: I33874f2112b39f74562cba528432b5f239e6a7bd

Index: libvpx-1.3.0/vp8/common/postproc.c
===================================================================
--- libvpx-1.3.0.orig/vp8/common/postproc.c
+++ libvpx-1.3.0/vp8/common/postproc.c
@@ -334,7 +334,7 @@ void vp8_deblock(VP8_COMMON
     double level = 6.0e-05 * q * q * q - .0067 * q * q + .306 * q + .0065;
     int ppl = (int)(level + .5);
 
-    const MODE_INFO *mode_info_context = cm->show_frame_mi;
+    const MODE_INFO *mode_info_context = cm->mi;
     int mbr, mbc;
 
     /* The pixel thresholds are adjusted according to if or not the macroblock

Places

File CVE-2019-9433.patch of Package libvpx.30875

Places