View Issue Details

IDProjectCategoryView StatusLast Update
0028404LazarusWidgetsetpublic2020-07-06 11:38
ReporterBart Broersma Assigned ToMartin Friebe  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Platformi386OSWindow 
Product Version1.5 (SVN) 
Target Version1.6Fixed in Version2.2 
Summary0028404: Crash in TWIindowProcHelper.DoWindowProc when using TCalendarPopupForm
DescriptionPlace a TCalendarEdit on a form.
Run
Click on the button to make the calendar pop up.
Pres Alt-Key
Calendar popup form disappears (which is unexpected to me)
Now press any key or click the mouse anywhere: crash in TWIindowProcHelper.DoWindowProc (win32callback.inc).
Steps To ReproduceBuild and run attached sample.
Follow steps describe above.

Alternatively
- Press button that says: "Popup"
- Pres Alt-Key
- Press any key or click mouse

C:\Users\Bart\LazarusProjecten\bugs\PopupForm>project1
TForm1.FormCreate
TForm1.FormActivate
TForm1.FormDeActivate
TGeneralPopupForm.FormDeactivate
TGeneralPopupForm.FormClose
TForm1.FormActivate
TApplication.HandleException Access violation
  Stack trace:
  $0040AF58
  $004DAE18 TWINDOWPROCHELPER__DOWINDOWPROC, line 2545 of ./win32/win32callback.inc
  $004DB11A WINDOWPROC, line 2608 of ./win32/win32callback.inc
  $0055D685 CUSTOMFORMWNDPROC, line 395 of ./win32/win32wsforms.pp
Additional InformationThe unit "generalpopop.pas" in the sampleproject contains a stripped down version that reproduces the behaviour (and crash) of the calendar popup form.

It also contains a workaround (supply "--fix" (without quotes) as first runtime parameter to the application).

I'll attach a sample Delphi project (D7) with the same functionality as the "generalpopupform', which does not crash.
I noticed that in Delphi when I press the Alt-Key, visually the focus _seems_ to go to the mainform, but TGeneralPopupForm.FormDeactivate is NOT called in this case (and the form does not get closed and freed), nor is the MainForms's OnActivate.
TagsNo tags attached.
Fixed in Revision63507
LazTarget2.2
WidgetsetWin32/Win64
Attached Files

Activities

Bart Broersma

2015-07-19 13:52

developer  

popup.zip (66,785 bytes)

Bart Broersma

2015-07-19 13:52

developer  

delphi-popup.zip (3,489 bytes)

Bart Broersma

2015-07-19 13:54

developer  

backtrace.txt (2,486 bytes)   
C:\Users\Bart\LazarusProjecten\bugs\PopupForm>gdb project1.exe
GNU gdb (GDB) 7.2
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "mingw32".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from C:\Users\Bart\LazarusProjecten\bugs\PopupForm/project1.exe.
..done.
(gdb) run
Starting program: C:\Users\Bart\LazarusProjecten\bugs\PopupForm/project1.exe
[New Thread 2960.0x13b4]
TForm1.FormCreate
TForm1.FormActivate
TForm1.FormDeActivate
TGeneralPopupForm.FormDeactivate
TGeneralPopupForm.FormClose
TForm1.FormActivate

Program received signal SIGSEGV, Segmentation fault.
0x0040af58 in SYSTEM_TOBJECT_$__INHERITSFROM$TCLASS$$BOOLEAN ()
(gdb) bt
#0  0x0040af58 in SYSTEM_TOBJECT_$__INHERITSFROM$TCLASS$$BOOLEAN ()
#1  0x0040aa83 in fpc_do_is ()
#2  0x005528ed in DELIVERMESSAGE (TARGET=0x238d78, AMESSAGE=void)
    at lclmessageglue.pas:106
#3  0x004daa64 in TWINDOWPROCHELPER__DOWINDOWPROC (
    this=<error reading variable>) at ./win32/win32callback.inc:2443
#4  0x004db11a in WINDOWPROC (WINDOW=525854, MSG=274, WPARAM=61696, LPARAM=0)
    at ./win32/win32callback.inc:2608
#5  0x0055d685 in CUSTOMFORMWNDPROC (WINDOW=525854, MSG=274, WPARAM=61696,
    LPARAM=0) at ./win32/win32wsforms.pp:395
#6  0x76aa62fa in USER32!OffsetRect () from C:\Windows\syswow64\user32.dll
#7  0x0008061e in ?? ()
#8  0x00000112 in ?? ()
#9  0x0000f100 in ?? ()
#10 0x00000000 in ?? ()
(gdb)
#0  0x0040af58 in SYSTEM_TOBJECT_$__INHERITSFROM$TCLASS$$BOOLEAN ()
#1  0x0040aa83 in fpc_do_is ()
#2  0x005528ed in DELIVERMESSAGE (TARGET=0x238d78, AMESSAGE=void)
    at lclmessageglue.pas:106
#3  0x004daa64 in TWINDOWPROCHELPER__DOWINDOWPROC (
    this=<error reading variable>) at ./win32/win32callback.inc:2443
#4  0x004db11a in WINDOWPROC (WINDOW=525854, MSG=274, WPARAM=61696, LPARAM=0)
    at ./win32/win32callback.inc:2608
#5  0x0055d685 in CUSTOMFORMWNDPROC (WINDOW=525854, MSG=274, WPARAM=61696,
    LPARAM=0) at ./win32/win32wsforms.pp:395
#6  0x76aa62fa in USER32!OffsetRect () from C:\Windows\syswow64\user32.dll
#7  0x0008061e in ?? ()
#8  0x00000112 in ?? ()
#9  0x0000f100 in ?? ()
#10 0x00000000 in ?? ()
backtrace.txt (2,486 bytes)   

Bart Broersma

2015-07-19 13:54

developer   ~0084986

Attached backtrace.

Martin Friebe

2020-07-04 19:36

manager   ~0123754

Fixed in 63507
Please test and close if ok.

For info:
The issue happens when pressing alt. The button click is just hitting corrupted memory from the earlier error.

There are nested DoWindProc when pressing Alt.

From bottom up (reverse stack order):

DoWindowProc(TCalendar, WM_SYSKEYUP) => CallDefaultWindowProc
kernel
CustomFormWndProc => WindowProc
 => DoWindowProc(TCalendarPopUpForm, WM_SYSCOMMAND)
 => HandleSysCommand => ... => DoSysCmdKeyMenu => Windows.SendMessage
kernel
CustomFormWndProc => WindowProc
 => DoWindowProc(TForm1, WM_SYSCOMMAND) => CallDefaultWindowProc
kernel
CustomFormWndProc => WindowProc
 => DoWindowProc(TForm1, WM_ENTERIDLE) => Application.Idle(False);
...
Application.Idle => ReleaseComponents

This would free the lWinControl hold in some of the outer DoWindProc.
When the inner DoWindProc finish and return to the outer, there is a dangling pointer.

The fix in rev 63507 fixes the dangling pointer, by getting notified of the destruction.

The fix does not deal with the timing of the destruction, or that the destroyed WinControls will never get the WM_SYSCOMMAND (by DeliverMessage).

Bart Broersma

2020-07-06 11:38

developer   ~0123772

Nicely done.
Thanks.

Issue History

Date Modified Username Field Change
2015-07-19 13:47 Bart Broersma New Issue
2015-07-19 13:52 Bart Broersma File Added: popup.zip
2015-07-19 13:52 Bart Broersma File Added: delphi-popup.zip
2015-07-19 13:54 Bart Broersma File Added: backtrace.txt
2015-07-19 13:54 Bart Broersma Note Added: 0084986
2015-07-19 13:58 Bart Broersma Additional Information Updated View Revisions
2015-07-19 14:07 Bart Broersma Widgetset => Win32/Win64
2015-07-19 14:07 Bart Broersma Summary Crash in TWIindowProcHelper.DoWindowProc when using TCalendarPopopForm => Crash in TWIindowProcHelper.DoWindowProc when using TCalendarPopupForm
2020-07-04 18:21 Martin Friebe Assigned To => Martin Friebe
2020-07-04 18:21 Martin Friebe Status new => assigned
2020-07-04 18:21 Martin Friebe Build r48930 => r48930
2020-07-04 19:36 Martin Friebe Status assigned => resolved
2020-07-04 19:36 Martin Friebe Resolution open => fixed
2020-07-04 19:36 Martin Friebe Fixed in Version => 2.2
2020-07-04 19:36 Martin Friebe Fixed in Revision => 63507
2020-07-04 19:36 Martin Friebe LazTarget - => 2.2
2020-07-04 19:36 Martin Friebe Widgetset Win32/Win64 => Win32/Win64
2020-07-04 19:36 Martin Friebe Note Added: 0123754
2020-07-06 11:38 Bart Broersma Status resolved => closed
2020-07-06 11:38 Bart Broersma Note Added: 0123772