Open Bug 1953045 Opened 6 days ago Updated 2 days ago

Hit MOZ_CRASH() at M:/src/xpcom/build/LateWriteChecks.cpp:118 if after using ATOK

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
x86_64
Windows 11
Type:
defect

Tracking

()

People

(Reporter: masayuki, Unassigned)

Details

(Keywords: inputmethod)

I use ATOK which is a 3rd party IME on Windows. When I do something within some editable element while running a debug build, I sometimes see this failure:

[117776] Hit MOZ_CRASH() at M:/src/xpcom/build/LateWriteChecks.cpp:118
#01: LateWriteObserver::Observe (M:\src\xpcom\build\LateWriteChecks.cpp:118)
#02: mozilla::IOInterposer::Report (M:\src\xpcom\build\IOInterposer.cpp:479)
#03: mozilla::IOInterposeObserver::Observation::Report (M:\src\xpcom\build\IOInterposer.cpp:386)
#04: `anonymous namespace'::InterposedNtWriteFile (M:\src\xpcom\build\PoisonIOInterposerWin.cpp:358)
#05: WriteFile[C:\WINDOWS\System32\KERNELBASE.dll +0x2be2b]
#06: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x2868a9]
#07: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x286685]
#08: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x2869b2]
#09: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x286b08]
#10: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x2744e1]
#11: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x274353]
#12: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x2742f6]
#13: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x27458b]
#14: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x2040b8]
#15: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x81e61]
#16: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x9a8f76]
#17: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x9a8ca9]
#18: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x9a70fe]
#19: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x69f254]
#20: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x61ece0]
#21: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x2c66b3]
#22: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x2c6758]
#23: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x17c4f9]
#24: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x17ea53]
#25: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x5a235]
#26: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x2693c]
#27: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x26a79]
#28: DllUnregisterServer[C:\Program Files\JustSystems\ATOK35_X64\ATOK35TIP.DLL +0x1f841]
#29: TF_UninitSystem[C:\WINDOWS\System32\MSCTF.dll +0x9d9d0]
#30: CtfImeCreateInputContext[C:\WINDOWS\System32\MSCTF.dll +0x188d3]
#31: TF_InitSystem[C:\WINDOWS\System32\MSCTF.dll +0x13569]
#32: TF_InitSystem[C:\WINDOWS\System32\MSCTF.dll +0x14464]
#33: TF_InitSystem[C:\WINDOWS\System32\MSCTF.dll +0x136a1]
#34: TF_InitSystem[C:\WINDOWS\System32\MSCTF.dll +0x141a8]
#35: TF_Notify[C:\WINDOWS\System32\MSCTF.dll +0x2c5f2]
#36: CharUpperW[C:\WINDOWS\System32\user32.dll +0x25c9a]
#37: GetDpiForWindow[C:\WINDOWS\System32\user32.dll +0x24aff]
#38: GetDpiForWindow[C:\WINDOWS\System32\user32.dll +0x249be]
#39: KiUserCallbackDispatcher[C:\WINDOWS\SYSTEM32\ntdll.dll +0xa4404]
#40: NtUserDestroyWindow[C:\WINDOWS\System32\win32u.dll +0x2754]
#41: std::_Func_impl_no_alloc<`lambda at M:\src\widget\windows\WinEventObserver.cpp:87:26',void>::_Do_call (C:\Users\toybox\.mozbuild\vs\VC\Tools\MSVC\14.39.33519\include\functional:905)
#42: mozilla::KillClearOnShutdown (M:\src\xpcom\base\ClearOnShutdown.cpp:56)
#43: mozilla::AppShutdown::AdvanceShutdownPhaseInternal (M:\src\xpcom\base\AppShutdown.cpp:390)
#44: mozilla::ShutdownXPCOM (M:\src\xpcom\build\XPCOMInit.cpp:684)
#45: ScopedXPCOMStartup::~ScopedXPCOMStartup (M:\src\toolkit\xre\nsAppRunner.cpp:1993)
#46: mozilla::UniquePtr<ScopedXPCOMStartup,mozilla::DefaultDelete<ScopedXPCOMStartup> >::operator= (M:\fx64-dbg\dist\include\mozilla\UniquePtr.h:272)
#47: XREMain::XRE_main (M:\src\toolkit\xre\nsAppRunner.cpp:6151)
#48: XRE_main (M:\src\toolkit\xre\nsAppRunner.cpp:6183)
#49: NS_internal_main (M:\src\browser\app\nsBrowserApp.cpp:467)
#50: wmain (M:\src\toolkit\xre\nsWindowsWMain.cpp:151)
#51: __scrt_common_main_seh (D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288)
#52: BaseThreadInitThunk[C:\WINDOWS\System32\KERNEL32.DLL +0x1259d]
#53: RtlUserThreadStart[C:\WINDOWS\SYSTEM32\ntdll.dll +0x5af38]

Looks like that ATOK writes something when it's unloaded from the process, but we assert not doing that. I think IME may need to write the conversion history at idle to improve the conversions/suggestions for the user. So, I don't think writing something at unloading is not illegal.

(FYI: This is not a recent regression, I saw this crash since long time ago.)

It's not "illegal" but I think that frequently won't work in sandboxed MSIX apps anyway, so it's weird they are still doing it in-process instead of doing some IPC with a shared process (which some IMEs seem to do as a workaround to load dictionary for example)

You need to log in before you can comment on or make changes to this bug.