decoder_get_frame() should use output frame index.

decoder_get_frame() should use pbi->output_frame_index[*index], not
cm->new_fb_idx. After decoding an output frame, if the remaining input
data are valid OBUs but don't contain a frame, cm->new_fb_idx will be
released and not copied to the pbi->output_frame_index[] array.

Tested:
  ./test_libaom --gtest_filter=*InvalidFileTest*
  ./test_libaom --gtest_filter=*ExternalFrameBuffer*
  ./test_libaom --gtest_filter=*TestVectorTest*

BUG=chromium:906381

Change-Id: Id20f8d25fe8809445d917c6822a0edd9a132483a

av1/av1_dx_iface.c

diff --git a/av1/av1_dx_iface.c b/av1/av1_dx_iface.c
index 534e780..2b8ed7b 100644
--- a/av1/av1_dx_iface.c
+++ b/av1/av1_dx_iface.c
@@ -708,7 +708,8 @@
           AV1Decoder *const pbi = frame_worker_data->pbi;
           AV1_COMMON *const cm = &pbi->common;
           RefCntBuffer *const frame_bufs = cm->buffer_pool->frame_bufs;
-          ctx->last_show_frame = cm->new_fb_idx;
+          const int buf_idx = pbi->output_frame_index[*index];
+          ctx->last_show_frame = buf_idx;
           if (ctx->need_resync) return NULL;
           yuvconfig2image(&ctx->img, sd, frame_worker_data->user_priv);
 
@@ -757,7 +758,7 @@
                 AOMMIN(cm->tile_width, cm->mi_cols - mi_col) * MI_SIZE;
           }
 
-          ctx->img.fb_priv = frame_bufs[cm->new_fb_idx].raw_frame_buffer.priv;
+          ctx->img.fb_priv = frame_bufs[buf_idx].raw_frame_buffer.priv;
           img = &ctx->img;
           img->temporal_id = cm->temporal_layer_id;
           img->spatial_id = cm->spatial_layer_id;

test/invalid_file_test.cc

diff --git a/test/invalid_file_test.cc b/test/invalid_file_test.cc
index 75dd832..6b7ecc7 100644
--- a/test/invalid_file_test.cc
+++ b/test/invalid_file_test.cc
@@ -44,6 +44,11 @@
         << "Result file open failed. Filename: " << res_file_name;
   }
 
+  virtual void DecompressedFrameHook(const aom_image_t &img,
+                                     const unsigned int /*frame_number*/) {
+    EXPECT_NE(img.fb_priv, nullptr);
+  }
+
   virtual bool HandleDecodeResult(
       const aom_codec_err_t res_dec,
       const libaom_test::CompressedVideoSource &video,
@@ -108,6 +113,7 @@
 
 const DecodeParam kAV1InvalidFileTests[] = {
   { 1, "invalid-bug-1814.ivf" },
+  { 1, "invalid-chromium-906381.ivf" },
   { 1, "invalid-oss-fuzz-9288.ivf" },
   { 4, "invalid-oss-fuzz-9463.ivf" },
   { 1, "invalid-oss-fuzz-9482.ivf" },

test/test-data.sha1

diff --git a/test/test-data.sha1 b/test/test-data.sha1
index 9247858..5b3e2b4 100644
--- a/test/test-data.sha1
+++ b/test/test-data.sha1
@@ -2,6 +2,8 @@
 b87815bf86020c592ccc7a846ba2e28ec8043902 *hantro_odd.yuv
 26b7f64399b84db4b4c9c915d743ec5c2619d4b9 *invalid-bug-1814.ivf
 d3964f9dad9f60363c81b688324d95b4ec7c8038 *invalid-bug-1814.ivf.res
+09aa07e5325b3bb5462182eb30b8ecc914630740 *invalid-chromium-906381.ivf
+09d2af8dd22201dd8d48e5dcfcaed281ff9422c7 *invalid-chromium-906381.ivf.res
 fa06784f23751d8c37be94160fb821e855199af4 *invalid-oss-fuzz-10061.ivf
 b055f06b9a95aaa5697fa26497b592a47843a7c8 *invalid-oss-fuzz-10061.ivf.res
 c9e06c4c7fb7d69fd635a1f606a5e478d60e99cf *invalid-oss-fuzz-10117-mc-buf-use-highbd.ivf

test/test_data_util.cmake

diff --git a/test/test_data_util.cmake b/test/test_data_util.cmake
index 629b7bf..c029fad 100644
--- a/test/test_data_util.cmake
+++ b/test/test_data_util.cmake
@@ -508,6 +508,8 @@
               "av1-1-b8-22-svc-L2T2.ivf.md5"
               "invalid-bug-1814.ivf"
               "invalid-bug-1814.ivf.res"
+              "invalid-chromium-906381.ivf"
+              "invalid-chromium-906381.ivf.res"
               "invalid-oss-fuzz-10061.ivf"
               "invalid-oss-fuzz-10061.ivf.res"
               "invalid-oss-fuzz-10117-mc-buf-use-highbd.ivf"