Blame SOURCES/0002-CVE-2019-9433-VP8-Fix-use-after-free-in-postproc.patch
|
 |
9ced7b |
From 93681819b22d3f42cf5fdfa85701f38e5bab10dd Mon Sep 17 00:00:00 2001
|
|
|
9ced7b |
From: Wim Taymans <wtaymans@redhat.com>
|
|
|
9ced7b |
Date: Wed, 25 Mar 2020 13:42:07 +0100
|
|
|
9ced7b |
Subject: [PATCH 2/2] CVE-2019-9433: VP8: Fix use-after-free in postproc.
|
|
|
9ced7b |
|
|
|
9ced7b |
The pointer in vp8 postproc refers to show_frame_mi which is only
|
|
|
9ced7b |
updated on show frame. However, when there is a no-show frame which also
|
|
|
9ced7b |
changes the size (thus new frame buffers allocated), show_frame_mi is
|
|
|
9ced7b |
not updated with new frame buffer memory.
|
|
|
9ced7b |
|
|
|
9ced7b |
Change the pointer in postproc to mi which is always updated.
|
|
|
9ced7b |
|
|
|
9ced7b |
Bug: 842265
|
|
|
9ced7b |
---
|
|
|
9ced7b |
vp8/common/postproc.c | 2 +-
|
|
|
9ced7b |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
9ced7b |
|
|
|
9ced7b |
diff --git a/vp8/common/postproc.c b/vp8/common/postproc.c
|
|
|
9ced7b |
index d67ee8a57..8c292d616 100644
|
|
|
9ced7b |
--- a/vp8/common/postproc.c
|
|
|
9ced7b |
+++ b/vp8/common/postproc.c
|
|
|
9ced7b |
@@ -65,7 +65,7 @@ void vp8_deblock(VP8_COMMON *cm, YV12_BUFFER_CONFIG *source,
|
|
|
9ced7b |
double level = 6.0e-05 * q * q * q - .0067 * q * q + .306 * q + .0065;
|
|
|
9ced7b |
int ppl = (int)(level + .5);
|
|
|
9ced7b |
|
|
|
9ced7b |
- const MODE_INFO *mode_info_context = cm->show_frame_mi;
|
|
|
9ced7b |
+ const MODE_INFO *mode_info_context = cm->mi;
|
|
|
9ced7b |
int mbr, mbc;
|
|
|
9ced7b |
|
|
|
9ced7b |
/* The pixel thresholds are adjusted according to if or not the macroblock
|
|
|
9ced7b |
--
|
|
|
9ced7b |
2.25.1
|
|
|
9ced7b |
|