[PATCH v2 1/2] mfreadwrite/reader: Make the stream sample allocator callback own a reference to the source reader.
The stream sample allocator callback NotifyRelease() method assumes that the source reader is valid. Therefore it must own a reference to it, otherwise it might get called while the source reader is being destroyed, causing a crash.
Signed-off-by: Giovanni Mascellani gmascellani@codeweavers.com --- dlls/mfreadwrite/reader.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/dlls/mfreadwrite/reader.c b/dlls/mfreadwrite/reader.c index bdf2e7f5a6f..2d3da19db10 100644 --- a/dlls/mfreadwrite/reader.c +++ b/dlls/mfreadwrite/reader.c @@ -2282,12 +2282,14 @@ static HRESULT WINAPI stream_sample_allocator_cb_QueryInterface(IMFVideoSampleAl
static ULONG WINAPI stream_sample_allocator_cb_AddRef(IMFVideoSampleAllocatorNotify *iface) { - return 2; + struct media_stream *stream = impl_stream_from_IMFVideoSampleAllocatorNotify(iface); + return source_reader_addref(stream->reader); }
static ULONG WINAPI stream_sample_allocator_cb_Release(IMFVideoSampleAllocatorNotify *iface) { - return 1; + struct media_stream *stream = impl_stream_from_IMFVideoSampleAllocatorNotify(iface); + return source_reader_release(stream->reader); }
static HRESULT WINAPI stream_sample_allocator_cb_NotifyRelease(IMFVideoSampleAllocatorNotify *iface)
The sample allocator callbacks own a reference to the source reader, which creates a reference loop and prevents the source reader from being properly destroyed.
Signed-off-by: Giovanni Mascellani gmascellani@codeweavers.com --- v2: * Declare variable i * Fix printf formatter for HRESULT --- dlls/mfreadwrite/reader.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+)
diff --git a/dlls/mfreadwrite/reader.c b/dlls/mfreadwrite/reader.c index 2d3da19db10..61d413f8fd3 100644 --- a/dlls/mfreadwrite/reader.c +++ b/dlls/mfreadwrite/reader.c @@ -1412,6 +1412,7 @@ static ULONG WINAPI src_reader_Release(IMFSourceReader *iface) { struct source_reader *reader = impl_from_IMFSourceReader(iface); ULONG refcount = InterlockedDecrement(&reader->public_refcount); + unsigned int i;
TRACE("%p, refcount %lu.\n", iface, refcount);
@@ -1430,6 +1431,25 @@ static ULONG WINAPI src_reader_Release(IMFSourceReader *iface)
LeaveCriticalSection(&reader->cs); } + + for (i = 0; i < reader->stream_count; ++i) + { + struct media_stream *stream = &reader->streams[i]; + IMFVideoSampleAllocatorCallback *callback; + + if (!stream->allocator) + continue; + + if (SUCCEEDED(IMFVideoSampleAllocatorEx_QueryInterface(stream->allocator, &IID_IMFVideoSampleAllocatorCallback, (void **)&callback))) + { + HRESULT hr; + + if (FAILED(hr = IMFVideoSampleAllocatorCallback_SetCallback(callback, NULL))) + WARN("Cannot unset allocator callback, hr %#lx.\n", hr); + IMFVideoSampleAllocatorCallback_Release(callback); + } + } + source_reader_release(reader); }
-
Giovanni Mascellani