[PATCH] quartz/filtergraph: Fix SEGFAULT when num pin > 0.

Mon Oct 8 10:32:08 CDT 2018

On 08/10/18 02:06, Brendan McGrath wrote:
> When IPin_QueryInternalConnections returns S_OK and nb > 0,
> a SEGFAULT occurs at dlls/quartz/filtergraph.c:2144 as the
> code is expecting ppPins to be an initialized array if
> SUCCEEDED(hr) is TRUE and nb > 0.
> 
> This patch ensures ppPins is an initialized array if SUCCEEDED(hr)
> is TRUE and nb > 0. Prior to this patch, ppPins was not being initialized
> when hr was S_OK and nb > 0.
> 
> The Microsoft documentation for IPin_QueryInternalConnections states:
> ***
> This method has another use that is now deprecated: The Filter Graph
> Manager treats a filter as being a renderer filter if at least one input
> pin implements this method but returns zero in nPin. If you are writing a
> new renderer filter, however, you should implement the IAMFilterMiscFlags
> interface instead of using this method to indicate that the filter is a
> renderer.
> ***
> 
> The code I changed was written back in 2004/2005. My guess is back then the
> deprecated behaviour would only return S_OK when nb == 0, but this
> no longer appears to be the case. See line 99 of
> https://chromium.googlesource.com/webm/webmdshow/+/master/webmsplit/webmsplitinpin.cc
> for an example.
> 
> Signed-off-by: Brendan McGrath <brendan at redmandi.com>
> ---
>  dlls/quartz/filtergraph.c | 4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
> 
> diff --git a/dlls/quartz/filtergraph.c b/dlls/quartz/filtergraph.c
> index c8595646a03..536c48d346e 100644
> --- a/dlls/quartz/filtergraph.c
> +++ b/dlls/quartz/filtergraph.c
> @@ -981,9 +981,7 @@ static HRESULT GetInternalConnections(IBaseFilter* pfilter, IPin* pinputpin, IPi
>  
>      TRACE("(%p, %p, %p, %p)\n", pfilter, pinputpin, pppins, pnb);
>      hr = IPin_QueryInternalConnections(pinputpin, NULL, &nb);
> -    if (hr == S_OK) {
> -        /* Rendered input */
> -    } else if (hr == S_FALSE) {
> +    if (SUCCEEDED(hr) && nb > 0) {
>          *pppins = CoTaskMemAlloc(sizeof(IPin*)*nb);
>          hr = IPin_QueryInternalConnections(pinputpin, *pppins, &nb);
>          if (hr != S_OK) {
> 

Currently the only use of this function is in ExploreGraph(). Native
does this completely differently (i.e. it actually delivers state change
requests to all filters regardless of whether they're connected, and
ensures that they are received in order by topologically sorting them on
connection). I suspect we should probably get rid of it and just use
IBaseFilter_EnumPins() there directly.