[Lazarus] Spurious bus error / access violation with menus on WinCE

Sven Barth pascaldragon at googlemail.com
Thu Aug 4 16:44:00 CEST 2011 

Hello together!

I have an application that creates modal forms that contain a menu and 
when playing around with that application long enough, I get either a 
bus error or an access violation.

The backtrace looks like this:

MENUS_TMENUITEM_$__GETCOUNT$$LONGINT + 24 in section .text
WINCEWSMENUS_CESETMENU$LONGWORD$LONGWORD$TMENU + 516 in section .text
WINCEINT_TWINCEWIDGETSET_$__SETMENU$LONGWORD$LONGWORD$$BOOLEAN + 208 in 
section .text
LCLINTF_SETMENU$LONGWORD$LONGWORD$$BOOLEAN + 64 in section .text
MENUS_TMAINMENU_$__SETWINDOWHANDLE$LONGWORD + 104 in section .text
FORMS_TCUSTOMFORM_$__UPDATEMENU + 192 in section .text
FORMS_TCUSTOMFORM_$__CREATEWND + 72 in section .text
FORMS_TFORM_$__CREATEWND + 64 in section .text
CONTROLS_TWINCONTROL_$__CREATEHANDLE + 64 in section .text
CONTROLS_TWINCONTROL_$__HANDLENEEDED + 184 in section .text
CONTROLS_TWINCONTROL_$_DOALLAUTOSIZE_CHECKHANDLEALLOCATED$TWINCONTROL$$BOOLEAN 
+ 88 in section .text
CONTROLS_TWINCONTROL_$__DOALLAUTOSIZE + 192 in section .text
CONTROLS_TCONTROL_$__ENABLEAUTOSIZING + 312 in section .text
CONTROLS_TCONTROL_$__SETVISIBLE$BOOLEAN + 476 in section .text
FORMS_TCUSTOMFORM_$__SETVISIBLE$BOOLEAN + 184 in section .text
FORMS_TCUSTOMFORM_$__SHOW + 48 in section .text
FORMS_TCUSTOMFORM_$__SHOWMODAL$$LONGINT + 616 in section .text

I have checked the error location and my current conclusion is that the 
LCLMenu parameter given to CeSetMenu contains a freed object. In 
TWinCEWidgetSet.SetMenu the value of the parameter is calculated by 
checking two lists MenuLCLObjectList (containing TMenu entries) and 
MenuHandleList (containing HMENU entries). I see that those two lists 
are filled in TWinCEWSMenu.CreateHandle, but they don't appear to be 
emptied anywhere. So my assumption is that CreateMenu (which is called 
in TWinCEWSMenu.CreateHandle) might return a HMENU value that was 
already inserted into MenuHandleList, but of which the menu was already 
freed (because not needed anymore), so the search in 
TWinCEWidgetSet.SetMenu will return the old entry (linear search...) 
which can already be overwriten => access violation / bus error when 
accessing the Items property.

Is my assumption valid and I should thus open a bug report?

Regards,
Sven

More information about the Lazarus mailing list