From 2ec4a84dca603a24a8131297036dfe30eed33dd7 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 26 Sep 2014 18:11:16 +0200
Subject: [PATCH] ffplay: Separate AVFrame from AVSubtitle

This is more robust and should avoid false positives in coverity
That is if the type is ever mixed up, after this patch that would
just be a null pointer dereference instead of a random possibly
out of array access

Reviewed-by: Marton Balint <cus@passwd.hu>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 ffplay.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/ffplay.c b/ffplay.c
index 77284527361..8fa5ca36772 100644
--- a/ffplay.c
+++ b/ffplay.c
@@ -546,9 +546,8 @@ static void decoder_init(Decoder *d, AVCodecContext *avctx, PacketQueue *queue,
     d->start_pts = AV_NOPTS_VALUE;
 }
 
-static int decoder_decode_frame(Decoder *d, void *fframe) {
+static int decoder_decode_frame(Decoder *d, AVFrame *frame, AVSubtitle *sub) {
     int got_frame = 0;
-    AVFrame *frame = fframe;
 
     d->flushed = 0;
 
@@ -608,7 +607,7 @@ static int decoder_decode_frame(Decoder *d, void *fframe) {
                 }
                 break;
             case AVMEDIA_TYPE_SUBTITLE:
-                ret = avcodec_decode_subtitle2(d->avctx, fframe, &got_frame, &d->pkt_temp);
+                ret = avcodec_decode_subtitle2(d->avctx, sub, &got_frame, &d->pkt_temp);
                 break;
         }
 
@@ -1863,7 +1862,7 @@ static int get_video_frame(VideoState *is, AVFrame *frame)
 {
     int got_picture;
 
-    if ((got_picture = decoder_decode_frame(&is->viddec, frame)) < 0)
+    if ((got_picture = decoder_decode_frame(&is->viddec, frame, NULL)) < 0)
         return -1;
 
     if (got_picture) {
@@ -2219,7 +2218,7 @@ static int subtitle_thread(void *arg)
         if (!(sp = frame_queue_peek_writable(&is->subpq)))
             return 0;
 
-        if ((got_subtitle = decoder_decode_frame(&is->subdec, &sp->sub)) < 0)
+        if ((got_subtitle = decoder_decode_frame(&is->subdec, NULL, &sp->sub)) < 0)
             break;
 
         pts = 0;
@@ -2483,7 +2482,7 @@ static int audio_decode_frame(VideoState *is)
             return resampled_data_size;
         }
 
-        if ((got_frame = decoder_decode_frame(&is->auddec, is->frame)) < 0)
+        if ((got_frame = decoder_decode_frame(&is->auddec, is->frame, NULL)) < 0)
             return -1;
 
         if (is->auddec.flushed)
-- 
GitLab