http://bugs.winehq.org/show_bug.cgi?id=32185
Bug #: 32185 Summary: Bug in BasePinImp_GetMediaType() Product: Wine Version: 1.5.17 Platform: x86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: amstream AssignedTo: wine-bugs@winehq.org ReportedBy: fgouget@codeweavers.com Classification: Unclassified
A bisect shows that the patch below causes a regression in the amstream conformance tests. See for instance the Winetest results for fg-deb64-t32.
http://test.winehq.org/data/3e264ced0f2502093940ddda21ecbd024b7dd815/linux_f...
commit 7e82db784a448c6802001345d6230f72a711d237 Author: Christian Costa titan.costa@gmail.com Date: Fri Oct 12 23:07:31 2012 +0200
amstream: Implement BasePinImp_GetMediaType in media stream filter.
:040000 040000 ca189e47205be4d08dd271ba14dc12f6d1c2fced 5fd0731b35d83671c7fb0ecfa622e7834344238b M dlls
However it's also possible that the bug is in the previous patch as both functions are used in the test and it's possible that implementing BasePinImp_GetMediaType() caused BasePinImpl_CheckMediaType() to be called, or that the bug is in fact in EnumMediaTypes_Construct() (from strmbase).
I tried to figure out the source for the bug but did not get anywhere. What I gathered is that: * It looks like a stack corruption issue. Adding traces in the test executable can make the crash go away and I seem to have more luck reproducing the issue using the PE test executable. * A backtrace shows the crash happening in CopyMediaType() (called by EnumMediaTypes_Construct() from strmbase) due to an insane size for pSrc->cbFormat.