Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in conhost!til::manage_vector<Microsoft::Console::Render::Cluster> when resizing quickly from left to right #7744

Closed
Treit opened this issue Sep 26, 2020 · 0 comments · Fixed by #7768
Closed

Crash in conhost!til::manage_vector<Microsoft::Console::Render::Cluster> when resizing quickly from left to right #7744

Treit opened this issue Sep 26, 2020 · 0 comments · Fixed by #7768
Labels
Area-Output Related to output processing (inserting text into buffer, retrieving buffer text, etc.) Help Wanted We encourage anyone to jump in on these. Issue-Bug It either shouldn't be doing this or needs an investigation. Needs-Tag-Fix Doesn't match tag requirements Priority-0 Bugs that we consider release-blocking/recall-class (P0) Product-Conhost For issues in the Console codebase Resolution-Fix-Committed Fix is checked in, but it might be 3-4 weeks until a release. Severity-Crash Crashes are real bad news.
Milestone
Windows vNext

Comments

@Treit
Copy link

Treit commented Sep 26, 2020
edited
Loading

Environment

Windows build 10.0.20221.0

Steps to reproduce

  1. Open cmd.exe from Start | Run
  2. Click the left-hand edge so that you can resize the window.
  3. Resize from left-to-right as quickly as possible.

Expected behavior

No crash.

Actual behavior

(410c.aabc): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0x7 FAST_FAIL_FATAL_APP_EXIT 
ucrtbase!abort+0x4e:
0:004> kL
 # Child-SP          RetAddr               Call Site
00 000000b8`c97fc520 00007ffe`d866c2b9     ucrtbase!abort+0x4e
01 000000b8`c97fc550 00007ffe`d8657dff     ucrtbase!terminate+0x29
02 000000b8`c97fc580 00007ff6`ac66159a     ucrtbase!__crt_state_management::wrapped_invoke<void (__cdecl*)(void) noexcept,void>+0xf
03 000000b8`c97fc5b0 00007ffe`d887492d     conhost!__scrt_unhandled_exception_filter+0x5a
04 000000b8`c97fc5e0 00007ffe`dadc2052     KERNELBASE!UnhandledExceptionFilter+0x1bd
05 (Inline Function) --------`--------     ntdll!RtlpThreadExceptionFilter+0x80
06 000000b8`c97fc700 00007ffe`dad93130     ntdll!LdrpLogFatalUserCallbackException+0xa2
07 000000b8`c97fc840 00007ffe`dad9471f     ntdll!KiUserCallbackDispatcherHandler+0x20
08 000000b8`c97fc880 00007ffe`dad4d35b     ntdll!RtlpExecuteHandlerForException+0xf
09 000000b8`c97fc8b0 00007ffe`dad4d0ae     ntdll!RtlDispatchException+0x25b
0a 000000b8`c97fcff0 00007ffe`d8803c8c     ntdll!RtlRaiseException+0x15e
0b 000000b8`c97fde90 00007ffe`d863200a     KERNELBASE!RaiseException+0x6c
0c 000000b8`c97fdf70 00007ffe`d8373d3d     ucrtbase!_CxxThrowException+0x9a
0d 000000b8`c97fdfd0 00007ff6`ac670a5c     msvcp_win!std::_Xlength_error+0x4d
0e (Inline Function) --------`--------     conhost!std::vector<Microsoft::Console::Render::Cluster,std::allocator<Microsoft::Console::Render::Cluster> >::_Xlength+0xe
0f (Inline Function) --------`--------     conhost!std::vector<Microsoft::Console::Render::Cluster,std::allocator<Microsoft::Console::Render::Cluster> >::reserve+0x27543
10 000000b8`c97fe030 00007ff6`ac64941e     conhost!til::manage_vector<Microsoft::Console::Render::Cluster>+0x27580
11 000000b8`c97fe080 00007ff6`ac64ac2e     conhost!Microsoft::Console::Render::Renderer::_CheckViewportAndScroll+0x13e
12 000000b8`c97fe0e0 00007ff6`ac64492d     conhost!Microsoft::Console::Render::Renderer::TriggerScroll+0xe
13 000000b8`c97fe110 00007ff6`ac66cba0     conhost!Microsoft::Console::Interactivity::Win32::Window::ChangeViewport+0x16d
14 000000b8`c97fe160 00007ff6`ac697d6f     conhost!SCREEN_INFORMATION::SetViewportOrigin+0x29220
15 000000b8`c97fe190 00007ff6`ac697b0d     conhost!SCREEN_INFORMATION::ResizeWithReflow+0x133
16 000000b8`c97fe210 00007ff6`ac698d04     conhost!SCREEN_INFORMATION::ResizeScreenBuffer+0xbd
17 000000b8`c97fe270 00007ff6`ac697447     conhost!SCREEN_INFORMATION::_AdjustScreenBuffer+0x188
18 000000b8`c97fe2c0 00007ff6`ac67320e     conhost!SCREEN_INFORMATION::ProcessResizeWindow+0x5b
19 000000b8`c97fe300 00007ff6`ac64d586     conhost!Microsoft::Console::Interactivity::Win32::Window::_HandleWindowPosChanged+0x237de
1a 000000b8`c97fe360 00007ff6`ac64d0b3     conhost!Microsoft::Console::Interactivity::Win32::Window::ConsoleWindowProc+0x486
1b 000000b8`c97fe4c0 00007ffe`d90d0099     conhost!Microsoft::Console::Interactivity::Win32::Window::s_ConsoleWindowProc+0x53
1c 000000b8`c97fe500 00007ffe`d90cfc0c     user32!UserCallWinProcCheckWow+0x319
1d 000000b8`c97fe690 00007ffe`d90e7c7a     user32!DispatchClientMessage+0x9c
1e 000000b8`c97fe6f0 00007ffe`dad931c4     user32!__fnINLPWINDOWPOS+0x3a
1f 000000b8`c97fe750 00007ffe`d83e1124     ntdll!KiUserCallbackDispatcherContinue
20 000000b8`c97fe7f8 00007ffe`d90cd24b     win32u!ZwUserMessageCall+0x14
21 000000b8`c97fe800 00007ffe`d90ccdef     user32!RealDefWindowProcWorker+0xeb
22 000000b8`c97fe8e0 00007ffe`d5d574bc     user32!RealDefWindowProcW+0x4f
23 000000b8`c97fe920 00007ffe`d5d78482     uxtheme!DoMsgDefault+0x38
24 000000b8`c97fe960 00007ffe`d5d5bb09     uxtheme!OnDwpSysCommand+0x32
25 000000b8`c97fe990 00007ffe`d5d5b561     uxtheme!_ThemeDefWindowProc+0x599
26 000000b8`c97feb00 00007ffe`d90cd006     uxtheme!ThemeDefWindowProcW+0x11
27 000000b8`c97feb40 00007ff6`ac64d251     user32!DefWindowProcW+0x1d6
28 000000b8`c97febb0 00007ff6`ac64d0b3     conhost!Microsoft::Console::Interactivity::Win32::Window::ConsoleWindowProc+0x151
29 000000b8`c97fed10 00007ffe`d90d0099     conhost!Microsoft::Console::Interactivity::Win32::Window::s_ConsoleWindowProc+0x53
2a 000000b8`c97fed50 00007ffe`d90cfc0c     user32!UserCallWinProcCheckWow+0x319
2b 000000b8`c97feee0 00007ffe`d90e5f9d     user32!DispatchClientMessage+0x9c
2c 000000b8`c97fef40 00007ffe`dad931c4     user32!__fnDWORD+0x3d
2d 000000b8`c97fefa0 00007ffe`d83e1124     ntdll!KiUserCallbackDispatcherContinue
2e 000000b8`c97ff028 00007ffe`d90cd24b     win32u!ZwUserMessageCall+0x14
2f 000000b8`c97ff030 00007ffe`d90ccdef     user32!RealDefWindowProcWorker+0xeb
30 000000b8`c97ff110 00007ffe`d5d574bc     user32!RealDefWindowProcW+0x4f
31 000000b8`c97ff150 00007ffe`d5d783d7     uxtheme!DoMsgDefault+0x38
32 000000b8`c97ff190 00007ffe`d5d5bb09     uxtheme!OnDwpNcLButtonDown+0xa7
33 000000b8`c97ff1d0 00007ffe`d5d5b561     uxtheme!_ThemeDefWindowProc+0x599
34 000000b8`c97ff340 00007ffe`d90cd006     uxtheme!ThemeDefWindowProcW+0x11
35 000000b8`c97ff380 00007ff6`ac64d251     user32!DefWindowProcW+0x1d6
36 000000b8`c97ff3f0 00007ff6`ac64d0b3     conhost!Microsoft::Console::Interactivity::Win32::Window::ConsoleWindowProc+0x151
37 000000b8`c97ff550 00007ffe`d90d0099     conhost!Microsoft::Console::Interactivity::Win32::Window::s_ConsoleWindowProc+0x53
38 000000b8`c97ff590 00007ffe`d90cfa12     user32!UserCallWinProcCheckWow+0x319
39 000000b8`c97ff720 00007ff6`ac657857     user32!DispatchMessageWorker+0x1d2
3a 000000b8`c97ff7a0 00007ffe`d97d4c5e     conhost!ConsoleInputThreadProcWin32+0xe7
3b 000000b8`c97ff800 00007ffe`dad4f3eb     KERNEL32!BaseThreadInitThunk+0x1e
3c 000000b8`c97ff830 00000000`00000000     ntdll!RtlUserThreadStart+0x2b
@ghost ghost added Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting Needs-Tag-Fix Doesn't match tag requirements labels Sep 26, 2020
@Treit Treit changed the title Crash in conhost!til::manage_vector<Microsoft::Console::Render::Cluster> when resizing quickly from right to left Crash in conhost!til::manage_vector<Microsoft::Console::Render::Cluster> when resizing quickly from left to right Sep 26, 2020
@DHowett DHowett added Area-Output Related to output processing (inserting text into buffer, retrieving buffer text, etc.) Help Wanted We encourage anyone to jump in on these. Issue-Bug It either shouldn't be doing this or needs an investigation. Priority-0 Bugs that we consider release-blocking/recall-class (P0) Product-Conhost For issues in the Console codebase Severity-Crash Crashes are real bad news. and removed Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting labels Sep 28, 2020
@ghost ghost removed the Needs-Tag-Fix Doesn't match tag requirements label Sep 28, 2020
@DHowett DHowett added this to the Windows vNext milestone Sep 28, 2020
DHowett added a commit that referenced this issue Sep 28, 2020
@DHowett
When reisizing the viewport, make sure that right > left
1fe03b2 
Sometimes when we were sliding the viewport to fit inside the buffer, we
would end up with left > right.

That would cause us to crash down the line when rendering.

Fixes #7744.

(cherry picked from commit 3687fa1cac78d88d32accd53f25f05466dcea1f9)
@DHowett DHowett mentioned this issue Sep 28, 2020
Merged
@ghost ghost added the In-PR This issue has a related PR label Sep 28, 2020
DHowett added a commit that referenced this issue Sep 28, 2020
@DHowett
When win32 is resizing the viewport, make sure Right > Left (#7768)
c3b3f5f 
Sometimes when we were sliding the viewport to fit inside the buffer, we
would end up with left > right.

That would cause us to crash down the line when rendering.

Fixes MSFT:28387423
Fixes #7744
@ghost ghost added Needs-Tag-Fix Doesn't match tag requirements Resolution-Fix-Committed Fix is checked in, but it might be 3-4 weeks until a release. and removed In-PR This issue has a related PR labels Sep 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area-Output Related to output processing (inserting text into buffer, retrieving buffer text, etc.) Help Wanted We encourage anyone to jump in on these. Issue-Bug It either shouldn't be doing this or needs an investigation. Needs-Tag-Fix Doesn't match tag requirements Priority-0 Bugs that we consider release-blocking/recall-class (P0) Product-Conhost For issues in the Console codebase Resolution-Fix-Committed Fix is checked in, but it might be 3-4 weeks until a release. Severity-Crash Crashes are real bad news.
Projects
None yet
Milestone
Windows vNext
Development

Successfully merging a pull request may close this issue.

When win32 is resizing the viewport, make sure Right > Left microsoft/terminal
2 participants
@DHowett @Treit