Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reproducible crash (null pointer deref in pane.cpp) when using ctrl+mouse_wheel to change text size #3713

Closed
Treit opened this issue Nov 26, 2019 · 3 comments
Closed

Reproducible crash (null pointer deref in pane.cpp) when using ctrl+mouse_wheel to change text size #3713

Treit opened this issue Nov 26, 2019 · 3 comments
Labels
Area-TerminalConnection Issues pertaining to the terminal<->backend connection interface Issue-Bug It either shouldn't be doing this or needs an investigation. Priority-2 A description (P2) Product-Conhost For issues in the Console codebase Resolution-Fix-Available It's available in an Insiders build or a release Severity-Crash Crashes are real bad news.
Milestone
Terminal v1.0

Comments

@Treit
Copy link

Treit commented Nov 26, 2019

Windows Terminal Version:

0.7.3261.0

Steps to repro:

  1. Open Windows Terminal
  2. Open cmd.exe in a second tab
  3. Type 'dir ' or some other command that will cause the buffer to fill and scroll some text off screen
  4. Type 'notepad ' (the string notepad followed by a space) but don't press .
  5. Scroll the mouse wheel up so the string notepad is no longer visible
  6. Hold the ctrl key and start scrolling the mouse wheel up and down to make the text bigger and smaller.

Expected Result:

No crash

Actual Result:

WindowsTerminal.exe crashes with an Access Violation due to a null pointer dereference at: TerminalApp!Pane::_ControlClosedHandler+0x47 [E:\BA\149\s\src\cascadia\TerminalApp\Pane.cpp @ 320]

Call stack:

(4f68.30d8): Access violation - code c0000005 (!!! second chance !!!)
TerminalApp!winrt::impl::consume_Microsoft_Terminal_TerminalControl_ITermControl<winrt::Microsoft::Terminal::TerminalControl::ITermControl>::ShouldCloseOnExit+0x4 [inlined in TerminalApp!Pane::_ControlClosedHandler+0x47]:
00007ffe`87304c87 488b01          mov     rax,qword ptr [rcx] ds:00000000`00000000=????????????????

0:006> k
# Child-SP          RetAddr           Call Site
00 (Inline Function) --------`-------- TerminalApp!winrt::impl::consume_Microsoft_Terminal_TerminalControl_ITermControl<winrt::Microsoft::Terminal::TerminalControl::ITermControl>::ShouldCloseOnExit+0x4 [E:\BA\149\s\src\cascadia\TerminalApp\lib\Generated Files\winrt\Microsoft.Terminal.TerminalControl.h @ 203] 
01 000000e7`2ccff7d0 00007ffe`8730889e TerminalApp!Pane::_ControlClosedHandler+0x47 [E:\BA\149\s\src\cascadia\TerminalApp\Pane.cpp @ 320] 
02 (Inline Function) --------`-------- TerminalApp!winrt::Microsoft::Terminal::TerminalControl::ConnectionClosedEventArgs::<lambda_46ba80dcc51cf3954bfd8f3fc42443ae>::operator()+0x7 [E:\BA\149\s\src\cascadia\TerminalApp\lib\Generated Files\winrt\Microsoft.Terminal.TerminalControl.h @ 712] 
03 000000e7`2ccff820 00007ffe`83989cfd TerminalApp!winrt::impl::delegate<winrt::Microsoft::Terminal::TerminalControl::ConnectionClosedEventArgs,<lambda_46ba80dcc51cf3954bfd8f3fc42443ae> >::Invoke+0xe [E:\BA\149\s\src\cascadia\TerminalApp\lib\Generated Files\winrt\Microsoft.Terminal.TerminalControl.h @ 285] 
04 (Inline Function) --------`-------- TerminalControl!winrt::Microsoft::Terminal::TerminalControl::ConnectionClosedEventArgs::operator()+0x9 [E:\BA\149\s\src\cascadia\TerminalControl\Generated Files\winrt\Microsoft.Terminal.TerminalControl.h @ 709] 
05 000000e7`2ccff850 00007ffe`8398a952 TerminalControl!winrt::impl::invoke<winrt::Microsoft::Terminal::TerminalControl::ConnectionClosedEventArgs>+0xd [E:\BA\149\s\src\cascadia\TerminalControl\Generated Files\winrt\base.h @ 5004] 
06 (Inline Function) --------`-------- TerminalControl!winrt::event<winrt::Microsoft::Terminal::TerminalControl::ConnectionClosedEventArgs>::operator()+0x61 [E:\BA\149\s\src\cascadia\TerminalControl\Generated Files\winrt\base.h @ 5136] 
07 (Inline Function) --------`-------- TerminalControl!winrt::Microsoft::Terminal::TerminalControl::implementation::TermControl::_Create::__l2::<lambda_670e02ff715627521ddcc762b52d01d6>::operator()+0x65 [E:\BA\149\s\src\cascadia\TerminalControl\TermControl.cpp @ 160] 
08 000000e7`2ccff890 00007ffe`8510bccd TerminalControl!winrt::impl::delegate<winrt::Microsoft::Terminal::TerminalConnection::TerminalDisconnectedEventArgs,<lambda_670e02ff715627521ddcc762b52d01d6> >::Invoke+0x72 [E:\BA\149\s\src\cascadia\TerminalControl\Generated Files\winrt\Microsoft.Terminal.TerminalConnection.h @ 85] 
09 (Inline Function) --------`-------- TerminalConnection!winrt::Microsoft::Terminal::TerminalConnection::TerminalDisconnectedEventArgs::operator()+0x9 [E:\BA\149\s\src\cascadia\TerminalConnection\Generated Files\winrt\Microsoft.Terminal.TerminalConnection.h @ 240] 
0a 000000e7`2ccff8d0 00007ffe`851066fd TerminalConnection!winrt::impl::invoke<winrt::Microsoft::Terminal::TerminalConnection::TerminalDisconnectedEventArgs>+0xd [E:\BA\149\s\src\cascadia\TerminalConnection\Generated Files\winrt\base.h @ 5004] 
0b 000000e7`2ccff910 00007ffe`8511e608 TerminalConnection!winrt::event<winrt::Microsoft::Terminal::TerminalConnection::TerminalDisconnectedEventArgs>::operator()<>+0x7d [E:\BA\149\s\src\cascadia\TerminalConnection\Generated Files\winrt\base.h @ 5136] 
0c (Inline Function) --------`-------- TerminalConnection!winrt::Microsoft::Terminal::TerminalConnection::implementation::ConptyConnection::_ClientTerminated+0x14 [E:\BA\149\s\src\cascadia\TerminalConnection\ConptyConnection.cpp @ 228] 
0d (Inline Function) --------`-------- TerminalConnection!winrt::Microsoft::Terminal::TerminalConnection::implementation::ConptyConnection::Start::__l3::<lambda_9178174d629c2f32e2d37826281f74ab>::operator()+0x14 [E:\BA\149\s\src\cascadia\TerminalConnection\ConptyConnection.cpp @ 201] 
0e 000000e7`2ccff950 00007ffe`b66aebac TerminalConnection!<lambda_9178174d629c2f32e2d37826281f74ab>::<lambda_invoker_cdecl>+0x18 [E:\BA\149\s\src\cascadia\TerminalConnection\ConptyConnection.cpp @ 202] 
0f 000000e7`2ccff980 00007ffe`b6682536 ntdll!TppExecuteWaitCallback+0xa4 [minkernel\threadpool\ntdll\wait.c @ 1611] 
10 000000e7`2ccff9d0 00007ffe`b5886fd4 ntdll!TppWorkerThread+0x456 [minkernel\threadpool\ntdll\worker.c @ 1048] 
11 000000e7`2ccffcd0 00007ffe`b66bcf31 KERNEL32!BaseThreadInitThunk+0x14 [clientcore\base\win32\client\thread.c @ 64] 
12 000000e7`2ccffd00 00000000`00000000 ntdll!RtlUserThreadStart+0x21 [minkernel\ntdll\rtlstrt.c @ 1153]
@ghost ghost added Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting Needs-Tag-Fix Doesn't match tag requirements labels Nov 26, 2019
@zadjii-msft zadjii-msft added Area-TerminalConnection Issues pertaining to the terminal<->backend connection interface Issue-Bug It either shouldn't be doing this or needs an investigation. Product-Terminal The new Windows Terminal. Severity-Crash Crashes are real bad news. labels Nov 26, 2019
@ghost ghost removed the Needs-Tag-Fix Doesn't match tag requirements label Nov 26, 2019
@zadjii-msft zadjii-msft added this to the Terminal-1912 milestone Nov 26, 2019
@mkitzan
Copy link
Contributor

mkitzan commented Nov 30, 2019

This issue sounds like it's related to #3245.

@DHowett-MSFT DHowett-MSFT removed the Needs-Triage It's a new issue that the core contributor team needs to triage at the next triage meeting label Dec 2, 2019
@zadjii-msft
Copy link
Member

@mkitzan They're definitely similar bugs, but they're the opposite sides of the same coin. #3245/#1856 are both "conhost crashes when I resize with a cooked read", while this bug is more specific to "Terminal crashes when conhost crashes". Both should get fixed independently of one another ☺️

@zadjii-msft zadjii-msft added the Priority-1 A description (P1) label Jan 22, 2020
@cinnamon-msft cinnamon-msft added Priority-2 A description (P2) Product-Conhost For issues in the Console codebase v1-Scrubbed and removed Priority-1 A description (P1) Product-Terminal The new Windows Terminal. labels Feb 28, 2020
@zadjii-msft
Copy link
Member

Good news everyone! This half of the bug is resolved. I'd say that #3623 was the one that probably fixed this. Now, instead of the Terminal not washing its hands after going outside, the terminal will survive, displaying the non-graceful exit message:
image

I'm betting this was fixed in v0.8.

Sure, #1856 is still broken, but at least the Terminal has decided to stay inside on this one.

@ghost ghost added the Needs-Tag-Fix Doesn't match tag requirements label Mar 16, 2020
@zadjii-msft zadjii-msft added Resolution-Fix-Available It's available in an Insiders build or a release and removed Needs-Tag-Fix Doesn't match tag requirements labels Mar 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area-TerminalConnection Issues pertaining to the terminal<->backend connection interface Issue-Bug It either shouldn't be doing this or needs an investigation. Priority-2 A description (P2) Product-Conhost For issues in the Console codebase Resolution-Fix-Available It's available in an Insiders build or a release Severity-Crash Crashes are real bad news.
Projects
None yet
Milestone
Terminal v1.0
Development

No branches or pull requests
5 participants
@Treit @DHowett-MSFT @zadjii-msft @mkitzan @cinnamon-msft