On Thu Feb 23 08:19:32 2023 +0000, Nikolay Sivov wrote:
There should be no need to check for null 'rt_formats', counter should be 0 if this pointer is null.
Sorry that I have not found any code to reset `mixer->output.rt_formats` or `mixer->output.rt_formats_count` in current source tree.
It might cause another crash if application want to clear media type of mixer twice, like this:
```c hr = IMFTransform_SetInputType(transform, 0, NULL, 0); hr = IMFTransform_SetInputType(transform, 0, NULL, 0); ```
in this case, it `mixer->output.rt_formats` has been free, but it try to release a invalid pointer in second call.
Another way to cause a crash will looks like this:
```c hr = IMFTransform_SetInputType(transform, 0, NULL, 0); hr = IMFTransform_SetOutputType(transform, 0, media_type, 0); ```
`output.rt_formats[i].media_type` might be released and IMFTransform_SetOutputType() try to access it.
In v3 of this patch, those crash can be reproduce in the test if reverse changes in `video_mixer_clear_types()`.