Hi all,
I am developing a AVStream video render/capture minidriver based on
pin-centric sample avshws. The capture filter can work normally, but the
render filter will crash in the input pin’s process dispatch when the last
frame comes(there is a frame counter in my driver). The statement causing
the crash is KsPinGetLeadingEdgeStreamPointer, windbg displays info as
follows:
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 00000018, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: f810f7d5, address which referenced memory
…
…
Stack text:
a9e1bb08 f810fd51 82883768 8241552c 82911e20
ks!CKsQueue::CreateMappingsTable+0x2d
a9e1bb28 f810eee7 82911e20 82b58200 8241528c
ks!CKsQueue::LockStreamPointer+0xcb
a9e1bb3c f810f039 82911e20 00000001 a9e1bb7c
ks!CKsQueue::GetLeadingStreamPointer+0x1b
a9e1bb4c f867bfbf 82415318 00000001 00000000
ks!KsPinGetLeadingEdgeStreamPointer+0x24
…
…
It seems that the leading stream pointer had an invalid MDL, so when
avstream locked the pointer and intended to create mapping table, the system
crashed. (the KSPIN_FLAG_GENERATE_MAPPINGS is set)
In my view, if KsPinGetLeadingEdgeStreamPointer successfully locked the
pointer, then the frame is valid, so creating mapping table should success,
if not so, the function would return NULL. I don’t know why the pointer was
locked but the creating mapping table failed, why is it possible?
I added a ASSERT to check if the process crashed when a invalid fame comes
when the stream is end, I check flag KSSTREAM_HEADER_OPTIONSF_ENDOFSTREAM
after getting the leading edge pointer, but the flag is never set. when
would the flag be set? The process dispath would be called when the last
fame have been processed?
I have work a few days on this issue, could anybody give me some clues?
Haiyang