INTEGER_DIVIDE_BY_ZERO c0000094 OpenConsole.exe!Microsoft::Console::VirtualTerminal::AdaptDispatch::_DoLineFeed #16199
Comments
microsoft-github-policy-service
bot
added
Needs-Triage
|
Blame points at L96 specifically: terminal/src/buffer/out/textBuffer.cpp Lines 93 to 98 in 32b6220 Presumably, the buffer is empty? dump wasn't clear. (that's the 1.18 branch. 1.19 re-wrote a lot of this.) |
|
Amazingly enough, this definitely is the same failure stack as #15245. Same bucket entirely. I mean, that makes sense I guess - I fixed something else and assumed that would make this crash impossible, but here we are, in this crash again. |
|
An empty buffer would be somewhat surprising: terminal/src/buffer/out/textBuffer.cpp Lines 42 to 44 in 32b6220 |
|
Oh I see, if it's like the thing that #15298 intended to address, then we're looking at an already deallocated text buffer, due to which the size is 0. |
carlos-zamora
added
Product-Conhost
microsoft-github-policy-service
bot
added
the
Needs-Tag-Fix
|
From the dump in #16204:
is there some way that we changed the text buffer between the top of oh weird cause |
|
@zadjii-msft I'm not sure if you were there, but in a previous meeting I speculated that it happens when we swap the alt with the main buffer, since that's code I recently touched with the text-reflow PR. Specifically: 7474839#diff-f629ab416d62d00e938348c017c456e3e7b180348a417b875e1a7b37329787f9 |
|
Is there anyway to workaround this crash? My users are complaining that my program constantly crash on their machines (due to this bug). |
|
@lone-wolf-akela I suspect if your users start the Terminal first, then run your app from an already running Terminal, this shouldn't affect them. However, we haven't ever really gotten a repro for this incarnation of this bug. Could you share your app with us? If you've got a solid repro, it'll make confirming that we've fixed this all that much easier |
In our case running it inside Terminal at all caused this. We ended up telling our users to change the default terminal in Windows. Far as reproduction our game already has a program that grants full code access. I could talk to my boss about getting someone on the team access or I could email a built copy of the server which is what currently crashes Terminal. |
https://drive.google.com/file/d/17yniBAh4kM5oxVTOTwM-LAUy0RaUpCuL/view?usp=drive_link |
|
Hi Mike, I e-mailed you an example that I hope will make repro easy. Thanks for looking at it! |
|
I can repro this at will with start Terminal with a Powershell tab and run get-childitem. Crash. |
|
Looks like this is the same thing reported over in #16212 and #16319, which is also seemingly fixed in 1.19. Weird. There definitely aren't any crash hits for this in 1.19, so that's good at least. @lhecker The sample repro in 16212 doesn't have any alt buffer hijinks either. I'm not sure what minimal commit we could use to fix this, however. (I'd bet this is also secretly #5094 but that's a can of worms to solve) |
|
notes:
|
|
literally a day of bisecting later: 612b00c is the first new commit As I suspected, that doesn't really look like something we can atomically service |
|
Well, I guess "it was fixed by rewriting the text buffer" isn't particularly comforting 😆 Maybe there's a quick patch we can throw at it? |
const ROW& TextBuffer::GetRowByOffset(const til::CoordType index) const noexcept
{
// Rows are stored circularly, so the index you ask for is offset by the start position and mod the total of rows.
const auto offsetIndex = gsl::narrow_cast<size_t>(_firstRow + index) % _storage.size();
return til::at(_storage, offsetIndex);
}vs. ROW& TextBuffer::GetRowByOffset(const til::CoordType index)
{
// Rows are stored circularly, so the index you ask for is offset by the start position and mod the total of rows.
auto offset = (_firstRow + index) % _height;
// Support negative wrap around. This way an index of -1 will
// wrap to _rowCount-1 and make implementing scrolling easier.
if (offset < 0)
{
offset += _height;
}
// We add 1 to the row offset, because row "0" is the one returned by GetScratchpadRow().
return _getRowByOffsetDirect(gsl::narrow_cast<size_t>(offset) + 1);
}Could it be that the |
|
You know, you might not be wrong about the idea there's a quick patch we could do here. My theory was always that we were operating on an old buffer, that's already been discarded (hence the weird height=0). But the above commit wouldn't really fix that necessarily, but it does change the way the math gets done. Maybe the discarded buffer thing isn't actually all that breaking, and the new math is resilient to that case. |
|
For folks following this thread: Sorry we weren't able to figure out a patch for the 1.18 stable releases. At this point, 1.19 moved to the stable release, with the re-written text buffer code that should avoid this crash entirely. If you're still hitting this, I'd recommend updating to 1.19 |
MSFT:44310564
PILES of hits in v1.18.2822.0. That's not great.
My notes internally say that I thought #15298 would fix this, but that's clearly wrong. ~12% of our hits in the last week, and a huge number more (more that 20%) now that 1.18 is rolling out more broadly
vast majority of stacks:
OpenConsole.exe!Microsoft::Console::VirtualTerminal::AdaptDispatch::_DoLineFeedOpenConsole.exe!Microsoft::Console::VirtualTerminal::AdaptDispatch::LineFeedOpenConsole.exe!Microsoft::Console::VirtualTerminal::OutputStateMachineEngine::ActionExecuteOpenConsole.exe!Microsoft::Console::VirtualTerminal::StateMachine::_SafeExecute_`Microsoft::Console::VirtualTerminal::StateMachine::_ActionExecute'::`2'::_lambda_1_ _OpenConsole.exe!Microsoft::Console::VirtualTerminal::StateMachine::ProcessStringOpenConsole.exe!DoWriteConsoleOpenConsole.exe!WriteConsoleWImplHelperThe text was updated successfully, but these errors were encountered: