Crash due to invalid notify reference in TComponent
Original Reporter info from Mantis: luizamerico
-
Reporter name: Luiz Americo
Original Reporter info from Mantis: luizamerico
- Reporter name: Luiz Americo
Description:
Calling TComponent.FreeNotification when csDestroying is set can lead to a crash due to a invalid reference in FFreeNotifies. Under Delphi this crash does not occurs
The attached program demonstrate this:
When Child.FreeNotification(GrandFather) is called, Child has csDestroying set so FreeNotification will call GrandFather.Notification with Child as parameter. That will call TFather.Notification and finally call TCousin.Notification all with Child as parameter and Operation = opRemove. At TCousin.Notification the reference to Child in FFreeNotifies will be removed.
When Cousin is destroyed there's no reference to Child in FFreeNotifies so it does not remove itself from Child free notification
When Child is destroyed there's still a reference to the already destroyed Cousin. Trying to access it we have to eat BADF00D
It seems that removing the check for csDestroying in FreeNotification would fix, but i did not tested. Doing now.
Below is the output from fpc (2.7.1 [2012/09/29] for i386) and delphi 7
fpc
---
Father Begin BeforeDestruction
Begin FreeNotification Child.csDestroying: True
GrandFatherNotification - TChild
FatherNotification - TChild
CousinNotification - TChild
End FreeNotification
Father End BeforeDestruction
Father Begin Destroy
Cousin Begin Destroy
Cousin End Destroy
Child Begin Destroy
An unhandled exception occurred at $00000020:
EAccessViolation: Access violation<br/>
$00000020
$00413D4F
$00401C3E
Delphi
---
Father Begin BeforeDestruction
Begin FreeNotification Child.csDestroying: True
End FreeNotification
Father End BeforeDestruction
Father Begin Destroy
Cousin Begin Destroy
Cousin End Destroy
FatherNotification - TChild
Child Begin Destroy
GrandFatherNotification - TChild
FatherNotification - TChild
Child End Destroy
GrandFatherNotification - TFather
FatherNotification - TFather
Father End Destroy
Mantis conversion info:
- Mantis ID: 23031
- Fixed in version: 3.0.0
- Fixed in revision: 22589 (#3cafdc2a)
- Target version: 2.6.1