lime icon indicating copy to clipboard operation
lime copied to clipboard
verified publisher icon openfl

Access violation when exiting app on Lime 8.3

Open ACrazyTown opened this issue 9 months ago • 7 comments

On Lime 8.3 when targeting Hashlink on Windows and exiting the app an access violation occurs with the following crash log:

Uncaught exception: Access violation
Called from lime._internal.backend.native.NativeApplication.exit(lime/_internal/backend/native/NativeApplication.hx:181)
Called from lime.app.Application.__onModuleExit(lime/app/Application.hx:608)
Called from lime.app._Event_Int_Void.dispatch(lime/_internal/macros/EventMacro.hx:91)
Called from lime.system.$System.exit(lime/system/System.hx:213)
Called from lime.app.Application.__checkForAllWindowsClosed(lime/app/Application.hx:573)
Called from lime.app.Application.__removeWindow(lime/app/Application.hx:562)
Called from lime.app.Application.__onWindowClose(lime/app/Application.hx:622)
Called from lime.app.Application.~__addWindow.0(lime/app/Application.hx:477)
Called from lime.app._Event_Void_Void.dispatch(lime/_internal/macros/EventMacro.hx:91)
Called from lime._internal.backend.native.NativeWindow.close(lime/_internal/backend/native/NativeWindow.hx:202)
Called from lime.ui.Window.close(lime/ui/Window.hx:390)
Called from lime._internal.backend.native.NativeApplication.handleWindowEvent(lime/_internal/backend/native/NativeApplication.hx:562)
Called from lime._internal.backend.native.NativeApplication.exec(lime/_internal/backend/native/NativeApplication.hx:163)
Called from lime.app.Application.exec(lime/app/Application.hx:169)
Called from $ApplicationMain.start(ApplicationMain.hx:126)
Called from $ApplicationMain.create(ApplicationMain.hx:118)
Called from $ApplicationMain.main(ApplicationMain.hx:15)
Called from .init(?:1)

ACrazyTown avatar Mar 21 '25 19:03 ACrazyTown

From closing the window? I wonder if this is related to the atExit changes.

dimensionscape avatar Mar 21 '25 19:03 dimensionscape

Yes, seems to happen when calling lime.system.System.exit(0); as well

ACrazyTown avatar Mar 21 '25 19:03 ACrazyTown

https://github.com/openfl/lime/blob/c6cd26f699587704e1d1f9bac1487013863c94db/src/lime/_internal/backend/native/NativeApplication.hx#L181

Points to something perhaps in the native code. Or handle is already deallocated or something. This doesn't occur in 8.2? Possibly linked to any dep changes.

dimensionscape avatar Mar 21 '25 19:03 dimensionscape

Debugging with WinDbg gives me this:

 # Child-SP          RetAddr               Call Site
00 000000cc`a50fe340 00007ffd`b3824083     MSCTF!wil::com_ptr_t<Windows::Internal::ApplicationTargetedFeatureDatabase::IApplicationTargetedFeatureConfig,wil::err_exception_policy>::~com_ptr_t<Windows::Internal::ApplicationTargetedFeatureDatabase::IApplicationTargetedFeatureConfig,wil::err_exception_policy>+0xf
01 000000cc`a50fe370 00007ffd`b382e417     MSCTF!ShellHandwriting::HandwritingClient::~HandwritingClient+0xd3
02 000000cc`a50fe3b0 00007ffd`b3744d40     MSCTF!ShellHandwriting::HandwritingClient::Release+0x27
03 000000cc`a50fe3e0 00007ffd`b37ab435     MSCTF!Microsoft::WRL::ComPtr<ICandidateItem>::InternalRelease+0x20
04 000000cc`a50fe410 00007ffd`b37ab250     MSCTF!CThreadInputMgr::~CThreadInputMgr+0x1c1
05 000000cc`a50fe440 00007ffd`b376e120     MSCTF!CThreadInputMgr::`vector deleting destructor'+0x14
06 000000cc`a50fe470 00007ffd`04baede0     MSCTF!CThreadInputMgr::Release+0x70
07 000000cc`a50fe4a0 00007ffd`04bae084     lime!IME_Quit(struct SDL_VideoData * videodata = 0x000001d8`e2f5c020)+0xd0 [C:\HaxeToolkit\haxe\lib\lime\git\project\lib\sdl\src\video\windows\SDL_windowskeyboard.c @ 480] 
08 000000cc`a50fe4d0 00007ffd`04a5e87d     lime!WIN_QuitKeyboard(struct SDL_VideoDevice * _this = 0x000001d8`e2f91730)+0x24 [C:\HaxeToolkit\haxe\lib\lime\git\project\lib\sdl\src\video\windows\SDL_windowskeyboard.c @ 162] 
09 000000cc`a50fe510 00007ffd`04b6146a     lime!WIN_VideoQuit(struct SDL_VideoDevice * _this = 0x000001d8`e2f91730)+0x1d [C:\HaxeToolkit\haxe\lib\lime\git\project\lib\sdl\src\video\windows\SDL_windowsvideo.c @ 471] 
0a 000000cc`a50fe540 00007ffd`04b6023e     lime!SDL_VideoQuit_REAL(void)+0x6a [C:\HaxeToolkit\haxe\lib\lime\git\project\lib\sdl\src\video\SDL_video.c @ 3445] 
0b 000000cc`a50fe580 00007ffd`04b603fd     lime!SDL_QuitSubSystem_REAL(unsigned int flags = 0xf231)+0x11e [C:\HaxeToolkit\haxe\lib\lime\git\project\lib\sdl\src\SDL.c @ 458] 
0c 000000cc`a50fe5b0 00007ffd`04bc2e3a     lime!SDL_Quit_REAL(void)+0x1d [C:\HaxeToolkit\haxe\lib\lime\git\project\lib\sdl\src\SDL.c @ 527] 
0d 000000cc`a50fe5e0 00007ffd`040bb60b     lime!SDL_Quit(void)+0xa [C:\HaxeToolkit\haxe\lib\lime\git\project\lib\sdl\src\dynapi\SDL_dynapi_procs.h @ 92] 
0e 000000cc`a50fe610 00007ffd`04047337     lime!lime::SDLApplication::Quit(void)+0x2b [C:\HaxeToolkit\haxe\lib\lime\git\project\src\backend\sdl\SDLApplication.cpp @ 819] 
0f 000000cc`a50fe640 000076ca`9f00135d     lime!lime_hl_application_quit(struct lime::HL_CFFIPointer * application = 0x000001d8`e2ab21e0)+0x27 [C:\HaxeToolkit\haxe\lib\lime\git\project\src\ExternalInterface.cpp @ 345]

ACrazyTown avatar Mar 21 '25 19:03 ACrazyTown

Oh interesting. It appears the crash is in crash in lime!IME_Quit(struct SDL_VideoData * videodata = 0x000001d8`e2f5c020)+0xd0

It's related the Keyboard cleanup and one of a few possible things might be happening:

IME Cleanup Ordering Issue

If the input manager (CThreadInputMgr) is released after SDL has already cleaned up other resources, an access violation can happen I guess

or

IME Module Already Unloaded

If msctf is already in the process of shutting down when IME_Quit() is called, SDL may be calling into invalid memory.

or

SDL Bug in IME_Quit()

SDL’s IME handling (SDL_windowskeyboard.c) may be trying to free a pointer twice or access an already deleted object.

We did update SDL in Lime 8.3. I wonder why hashlink specifically has an issue here... I have a hunch, but I need to investigate further to verify my suspicions.

dimensionscape avatar Mar 21 '25 19:03 dimensionscape

This is where we run into trouble but I don't really know why the access violation occurs without digging deeper: https://github.com/libsdl-org/SDL/blob/9464f334b5637649fed69680dbc90250c91111b3/src/video/windows/SDL_windowskeyboard.c#L160

dimensionscape avatar Mar 21 '25 19:03 dimensionscape

Ah, I believe it also happens when targeting hxcpp/Windows. Unlike Hashlink, hxcpp doesn't log anything in the terminal on exit but using a debugger reveals the same issue:

(2cc0.18dc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
MSCTF!wil::com_ptr_t<Windows::Internal::ApplicationTargetedFeatureDatabase::IApplicationTargetedFeatureConfig,wil::err_exception_policy>::~com_ptr_t<Windows::Internal::ApplicationTargetedFeatureDatabase::IApplicationTargetedFeatureConfig,wil::err_exception_policy>+0xf:
00007ffd`f6993dbb 488b4010        mov     rax,qword ptr [rax+10h] ds:00007ffd`da1013e0=????????????????
0:000> kp
 # Child-SP          RetAddr               Call Site
00 00000066`d690e320 00007ffd`f6994083     MSCTF!wil::com_ptr_t<Windows::Internal::ApplicationTargetedFeatureDatabase::IApplicationTargetedFeatureConfig,wil::err_exception_policy>::~com_ptr_t<Windows::Internal::ApplicationTargetedFeatureDatabase::IApplicationTargetedFeatureConfig,wil::err_exception_policy>+0xf
01 00000066`d690e350 00007ffd`f699e417     MSCTF!ShellHandwriting::HandwritingClient::~HandwritingClient+0xd3
02 00000066`d690e390 00007ffd`f68b4d40     MSCTF!ShellHandwriting::HandwritingClient::Release+0x27
03 00000066`d690e3c0 00007ffd`f691b435     MSCTF!Microsoft::WRL::ComPtr<ICandidateItem>::InternalRelease+0x20
04 00000066`d690e3f0 00007ffd`f691b250     MSCTF!CThreadInputMgr::~CThreadInputMgr+0x1c1
05 00000066`d690e420 00007ffd`f68de120     MSCTF!CThreadInputMgr::`vector deleting destructor'+0x14
06 00000066`d690e450 00007ffd`28f7147a     MSCTF!CThreadInputMgr::Release+0x70
07 00000066`d690e480 00007ffd`28f71bd5     lime!hid_write_output_report+0x530da
08 00000066`d690e4b0 00007ffd`28ee6a26     lime!hid_write_output_report+0x53835
09 00000066`d690e4e0 00007ffd`28f4df66     lime!alEventControlSOFT+0xd2656
0a 00000066`d690e510 00007ffd`28f45ca2     lime!hid_write_output_report+0x2fbc6
0b 00000066`d690e560 00007ffd`28f45d8d     lime!hid_write_output_report+0x27902
0c 00000066`d690e590 00007ffd`28b3add9     lime!hid_write_output_report+0x279ed
0d 00000066`d690e5c0 00007ff6`58d90743     lime!lime_hl_curl_version_info+0x26c9
0e 00000066`d690e5f0 00007ff6`58dacf43     ApplicationMain_debug!lime::_internal::backend::native::NativeApplication_obj::exit+0xa3
0f 00000066`d690e650 00007ff6`58da0d9c     ApplicationMain_debug!lime::app::Application_obj::_hx___onModuleExit+0x123
10 00000066`d690e6b0 00007ff6`58f5ab09     ApplicationMain_debug!hx::ObjectPtr<lime::app::_Event_lime_ui_Window_Void_obj>::SetPtr+0x2ac
11 00000066`d690e6e0 00007ff6`58d9a469     ApplicationMain_debug!hx::CMemberFunction1::__run(class Dynamic * inArg0 = 0x00000066`d690e7b0)+0x39 [C:\HaxeToolkit\haxe\lib\hxcpp\git\include\hx\DynamicImpl.h @ 151] 
12 00000066`d690e720 00007ff6`58dbc8bd     ApplicationMain_debug!lime::app::_Event_Int_Void_obj::dispatch+0x119
13 00000066`d690e7b0 00007ff6`58b73866     ApplicationMain_debug!lime::_hx_system::System_obj::exit+0xcd

ACrazyTown avatar Mar 22 '25 15:03 ACrazyTown