[PATCH] quartz/filtergraph: Fix SEGFAULT when num pin > 0.

Mon Oct 8 02:06:22 CDT 2018

When IPin_QueryInternalConnections returns S_OK and nb > 0,
a SEGFAULT occurs at dlls/quartz/filtergraph.c:2144 as the
code is expecting ppPins to be an initialized array if
SUCCEEDED(hr) is TRUE and nb > 0.

This patch ensures ppPins is an initialized array if SUCCEEDED(hr)
is TRUE and nb > 0. Prior to this patch, ppPins was not being initialized
when hr was S_OK and nb > 0.

The Microsoft documentation for IPin_QueryInternalConnections states:
***
This method has another use that is now deprecated: The Filter Graph
Manager treats a filter as being a renderer filter if at least one input
pin implements this method but returns zero in nPin. If you are writing a
new renderer filter, however, you should implement the IAMFilterMiscFlags
interface instead of using this method to indicate that the filter is a
renderer.
***

The code I changed was written back in 2004/2005. My guess is back then the
deprecated behaviour would only return S_OK when nb == 0, but this
no longer appears to be the case. See line 99 of
https://chromium.googlesource.com/webm/webmdshow/+/master/webmsplit/webmsplitinpin.cc
for an example.

Signed-off-by: Brendan McGrath <brendan at redmandi.com>
---
 dlls/quartz/filtergraph.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/dlls/quartz/filtergraph.c b/dlls/quartz/filtergraph.c
index c8595646a03..536c48d346e 100644
--- a/dlls/quartz/filtergraph.c
+++ b/dlls/quartz/filtergraph.c
@@ -981,9 +981,7 @@ static HRESULT GetInternalConnections(IBaseFilter* pfilter, IPin* pinputpin, IPi
 
     TRACE("(%p, %p, %p, %p)\n", pfilter, pinputpin, pppins, pnb);
     hr = IPin_QueryInternalConnections(pinputpin, NULL, &nb);
-    if (hr == S_OK) {
-        /* Rendered input */
-    } else if (hr == S_FALSE) {
+    if (SUCCEEDED(hr) && nb > 0) {
         *pppins = CoTaskMemAlloc(sizeof(IPin*)*nb);
         hr = IPin_QueryInternalConnections(pinputpin, *pppins, &nb);
         if (hr != S_OK) {
-- 
2.17.1


