On Sunday, June 19, 2016, Henri Verbeet <hverbeet@gmail.com> wrote:

On 19 June 2016 at 00:29, Aaryaman Vasishta <jem456.vasishta@gmail.com> wrote:
> +static HRESULT WINAPI d3drm_frame1_AddChild(IDirect3DRMFrame *iface, IDirect3DRMFrame *child)
> +{
> + struct d3drm_frame *frame = impl_from_IDirect3DRMFrame(iface);
> + struct d3drm_frame *child_frame = unsafe_impl_from_IDirect3DRMFrame(child);
> +
> + TRACE("iface %p, child %p.\n", iface, child);
> +
> + if (!child_frame)
> + return D3DRMERR_BADOBJECT;
That's redundant, d3drm_frame3_AddChild() already takes care of that.

But child_frame is dereferenced while calling d3drm_frame3_AddChild, so it crashes the test which passes child as NULL. The NULL check for child is made in unsafe_impl_from_...

Do correct me if I may have missed something though.

Cheers,

Aaryaman