Crash in ModalComponentManager::handleAsyncUpdate

#1

I’m seeing a fair amount of crashes in ModalComponentManager::handleAsyncUpdate in the crash reports from my users. I haven’t been able to reproduce it. Has anybody else seen a crash like this or any idea what could cause it?

rax=00000000152a9560 rbx=0000000000000000 rcx=0000000000000000
rdx=00000000004c0000 rsi=0000000000000001 rdi=ffffffffffffffff
rip=00000001411959b3 rsp=000000000014fd40 rbp=0000000000000008
 r8=0000000000181380  r9=0000000000008000 r10=00000000004f2218
r11=00000000004f2210 r12=0000000000000008 r13=0000000000000000
r14=00000000152a9560 r15=00000000048a46c8
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
MyApp_!juce::OwnedArray::getUnchecked+0x3 [inlined in MyApp_!juce::ModalComponentManager::handleAsyncUpdate+0x43]:
00000001`411959b3 498b1c0c        mov     rbx,qword ptr [r12+rcx] ds:00000000`00000008=????????????????
  *** Stack trace for last set context - .thread/.cxr resets it
Call Site
MyApp_!juce::OwnedArray::getUnchecked
MyApp_!juce::ModalComponentManager::handleAsyncUpdate
MyApp_!juce::WindowsMessageHelpers::dispatchMessageFromLParam
MyApp_!juce::MessageManager::dispatchNextMessageOnSystemQueue
MyApp_!juce::MessageManager::runDispatchLoop
MyApp_!juce::JUCEApplicationBase::main
*** WARNING: Unable to verify timestamp for kernel32.dll
*** ERROR: Module load completed but symbols could not be loaded for kernel32.dll
MyApp_!invoke_main
MyApp_!__scrt_common_main_seh
kernel32

Function in question looks like this:

void ModalComponentManager::handleAsyncUpdate()
{
    for (int i = stack.size(); --i >= 0;)
    {
        auto* item = stack.getUnchecked(i);

        if (! item->isActive)
        {
            std::unique_ptr<ModalItem> deleter (stack.removeAndReturn (i));
            Component::SafePointer<Component> compToDelete (item->autoDelete ? item->component : nullptr);

            for (int j = item->callbacks.size(); --j >= 0;)
                item->callbacks.getUnchecked(j)->modalStateFinished (item->returnValue);

            compToDelete.deleteAndZero();
        }
    }
}

I don’t see how this function can go wrong? It looks pretty simple. General heap corruption somewhere else maybe?

0 Likes