RFR: 8322215: [win] OS events that close the stage can cause Glass to reference freed memory [v2]
Kevin Rushforth
kcr at openjdk.org
Mon Jan 22 21:33:36 UTC 2024
On Wed, 17 Jan 2024 16:43:23 GMT, Martin Fox <mfox at openjdk.org> wrote:
>> When a Stage is closed while processing an OS message the glass peer object is deleted immediately even if it's still executing member functions. As glass unwinds the stack and executes cleanup code it's referencing freed memory.
>>
>> There are cases where glass generates JavaFX events back-to-back. For example, when handling the Delete key glass sends a PRESSED and TYPED event in the same routine. If the Stage is closed during the PRESSED event the code that sends the TYPED event is running inside an object that has already been deleted.
>>
>> When the Stage is closed glass calls the OS routine ::DestroyWindow on the HWND causing a WM_NCDESTROY message to be sent. Currently the BaseWnd object is deleted when processing this message. This PR defers the destruction until all messages have been processed. This is the same approach used in the Linux code.
>
> Martin Fox has updated the pull request incrementally with one additional commit since the last revision:
>
> Updated to match existing naming conventions
The code changes look good.
I tested it, and confirm that with a debug build the test crashes without the fix and passes with the fix.
-------------
Marked as reviewed by kcr (Lead).
PR Review: https://git.openjdk.org/jfx/pull/1309#pullrequestreview-1837411541
More information about the openjfx-dev
mailing list