RFR: 8322215: [win] OS events that close the stage can cause Glass to reference freed memory

[Michael Strauß]

On Wed, 20 Dec 2023 17:31:57 GMT, Martin Fox <mfox at openjdk.org> wrote:

> When a Stage is closed while processing an OS message the glass peer object is deleted immediately even if it's still executing member functions. As glass unwinds the stack and executes cleanup code it's referencing freed memory.
> 
> There are cases where glass generates JavaFX events back-to-back. For example, when handling the Delete key glass sends a PRESSED and TYPED event in the same routine. If the Stage is closed during the PRESSED event the code that sends the TYPED event is running inside an object that has already been deleted.
> 
> When the Stage is closed glass calls the OS routine ::DestroyWindow on the HWND causing a WM_NCDESTROY message to be sent. Currently the BaseWnd object is deleted when processing this message. This PR defers the destruction until all messages have been processed. This is the same approach used in the Linux code.

Looks good! I've left a comment inline.

modules/javafx.graphics/src/main/native-glass/win/BaseWnd.h line 88:

> 86:     HCURSOR m_hCursor;
> 87: 
> 88:     LONG m_message_count;

Minor: the naming scheme in this class would be `m_messageCount`.

-------------

Marked as reviewed by mstrauss (Committer).

PR Review: https://git.openjdk.org/jfx/pull/1309#pullrequestreview-1820145372
PR Review Comment: https://git.openjdk.org/jfx/pull/1309#discussion_r1451654273