When IPin_QueryInternalConnections returns S_OK and nb > 0, a SEGFAULT occurs at dlls/quartz/filtergraph.c:2144 as the code is expecting ppPins to be an initialized array if SUCCEEDED(hr) is TRUE and nb > 0.
This patch ensures ppPins is an initialized array if SUCCEEDED(hr) is TRUE and nb > 0. Prior to this patch, ppPins was not being initialized when hr was S_OK and nb > 0.
The Microsoft documentation for IPin_QueryInternalConnections states: *** This method has another use that is now deprecated: The Filter Graph Manager treats a filter as being a renderer filter if at least one input pin implements this method but returns zero in nPin. If you are writing a new renderer filter, however, you should implement the IAMFilterMiscFlags interface instead of using this method to indicate that the filter is a renderer. ***
The code I changed was written back in 2004/2005. My guess is back then the deprecated behaviour would only return S_OK when nb == 0, but this no longer appears to be the case. See line 99 of https://chromium.googlesource.com/webm/webmdshow/+/master/webmsplit/webmspli... for an example.
Signed-off-by: Brendan McGrath brendan@redmandi.com --- dlls/quartz/filtergraph.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/dlls/quartz/filtergraph.c b/dlls/quartz/filtergraph.c index c8595646a03..536c48d346e 100644 --- a/dlls/quartz/filtergraph.c +++ b/dlls/quartz/filtergraph.c @@ -981,9 +981,7 @@ static HRESULT GetInternalConnections(IBaseFilter* pfilter, IPin* pinputpin, IPi
TRACE("(%p, %p, %p, %p)\n", pfilter, pinputpin, pppins, pnb); hr = IPin_QueryInternalConnections(pinputpin, NULL, &nb); - if (hr == S_OK) { - /* Rendered input */ - } else if (hr == S_FALSE) { + if (SUCCEEDED(hr) && nb > 0) { *pppins = CoTaskMemAlloc(sizeof(IPin*)*nb); hr = IPin_QueryInternalConnections(pinputpin, *pppins, &nb); if (hr != S_OK) {