[Lazarus] Spurious bus error / access violation with menus on WinCE
Sven Barth
pascaldragon at googlemail.com
Fri Aug 5 10:05:58 CEST 2011
Am 04.08.2011 16:44, schrieb Sven Barth:
> Hello together!
>
> I have an application that creates modal forms that contain a menu and
> when playing around with that application long enough, I get either a
> bus error or an access violation.
>
[snip]
>
> I have checked the error location and my current conclusion is that the
> LCLMenu parameter given to CeSetMenu contains a freed object. In
> TWinCEWidgetSet.SetMenu the value of the parameter is calculated by
> checking two lists MenuLCLObjectList (containing TMenu entries) and
> MenuHandleList (containing HMENU entries). I see that those two lists
> are filled in TWinCEWSMenu.CreateHandle, but they don't appear to be
> emptied anywhere. So my assumption is that CreateMenu (which is called
> in TWinCEWSMenu.CreateHandle) might return a HMENU value that was
> already inserted into MenuHandleList, but of which the menu was already
> freed (because not needed anymore), so the search in
> TWinCEWidgetSet.SetMenu will return the old entry (linear search...)
> which can already be overwriten => access violation / bus error when
> accessing the Items property.
>
> Is my assumption valid and I should thus open a bug report?
Ok, I now have a confirmation regarding my theory.
I have added debug output to TWinCEWSMenu.CreateHandle and
TWinCEWSMenuItem.DestroyHandle and I've found the following sequence:
Adding handle 231445204 of menu 01AD63A0 as 0
Adding handle 231495636 of menu 01ADA010 as 1 (1)
Index of handle 231495716 of menu 00000000: -1 (2)
Index of handle 231495636 of menu 01ADA010: 1 (3)
Adding handle 231495636 of menu 01ADA290 as 1 (4)
Index of handle 231495716 of menu 00000000: -1
Index of handle 231495636 of menu 01ADA290: 1
(1) Here the menu of a modal form is created
(2) Here the one menu item is freed (that is not found in the list, as
it's not a TMenu descendant)
(3) Here the top menu item of the TMenu is freed (that handle was
created in (1))
(4) Here the menu is handle from (1) is reused which would then lead to
a crash if I'd not remove the handle and the associated menu object from
the two lists.
So I'll now open a new issue and include a patch with it :D
Regards,
Sven
More information about the Lazarus
mailing list