search

microsoft / microsoft-ui-xaml

Windows UI Library: the latest Windows 10 native controls and Fluent styles for your applications
MIT License
6.28k stars 675 forks source link

Typing in Korean with spellcheck enabled causes a crash #6927

Closed ilitosh closed 1 year ago

ilitosh commented 2 years ago

Describe the bug

Typing in Korean with Spellcheck enabled often crashes Textbox component.

Stack trace:

Index  Function
--------------------------------------------------------------------------------
 1      combase.dll!RoFailFastWithErrorContextInternal2(HRESULT hrError, unsigned long cStowedExceptions, _STOWED_EXCEPTION_INFORMATION_V2 * * aStowedExceptionPointers)
 2      Windows.UI.Xaml.dll!CCoreServices::NWDrawTree(HWWalk * pHWWalk, CWindowRenderTarget * pRenderTarget, VisualTree * pVisualTree, unsigned int forceRedraw, XRECT_WH * prcDirtyRect)
*3      Windows.UI.Xaml.dll!CCoreServices::NWDrawMainTree(CWindowRenderTarget * pIRenderTarget, bool fForceRedraw, XRECT_WH * prcDirtyRect)
 4      Windows.UI.Xaml.dll!CWindowRenderTarget::Draw(CCoreServices * fForceRedraw, unsigned int prcDirtyRect, XRECT_WH *)
 5      Windows.UI.Xaml.dll!CXcpBrowserHost::OnTick()
 6      Windows.UI.Xaml.dll!CXcpDispatcher::Tick()
 7      Windows.UI.Xaml.dll!CXcpDispatcher::OnReentrancyProtectedWindowMessage(HWND__ * msg, unsigned int lParam, unsigned int)
 8      [Inline Frame] Windows.UI.Xaml.dll!CXcpDispatcher::ProcessMessage(HWND__ *)
 9      Windows.UI.Xaml.dll!CXcpDispatcher::WindowProc(HWND__ * hwnd, unsigned int msg, unsigned int wParam, long lParam)
 10     Windows.UI.Xaml.dll!CDeferredInvoke::DispatchQueuedMessage(bool * dispatchedWork, bool * hasMoreWork)
 11     [Inline Frame] Windows.UI.Xaml.dll!CXcpDispatcher::MessageTimerCallback()
 12     Windows.UI.Xaml.dll!CXcpDispatcher::MessageTimerCallbackStatic(void * myUserData)
 13     CoreMessaging.dll!Microsoft__CoreUI__DispatchGroupHandler$CallbackThunk(class System::Delegate *)
 14     CoreMessaging.dll!System::Action::Invoke(void)
 15     CoreMessaging.dll!Microsoft::CoreUI::Dispatch::TimeoutManager::Callback_OnDispatch(void)
 16     CoreMessaging.dll!Microsoft::CoreUI::Dispatch::Dispatcher::DispatchNextItem(void)
 17     CoreMessaging.dll!Microsoft::CoreUI::Dispatch::Dispatcher::Callback_DispatchLoop(struct Microsoft::CoreUI::Dispatch::RunnablePriorityMask)
 18     CoreMessaging.dll!Microsoft::CoreUI::Dispatch::EventLoop::Callback_RunCoreLoop(struct Microsoft::CoreUI::Dispatch::RunMode,bool,bool &)
 19     CoreMessaging.dll!Microsoft::CoreUI::Dispatch::UserAdapterBase::DrainCoreMessagingQueue(struct Microsoft::CoreUI::Dispatch::UserAdapterBase__UserPriority,bool,struct System::IntPtr &)
 20     CoreMessaging.dll!Microsoft::CoreUI::Dispatch::UserAdapter::OnUserDispatch(bool,struct Microsoft::CoreUI::Dispatch::UserAdapterBase__UserPriority,struct System::IntPtr &)
 21     CoreMessaging.dll!Microsoft::CoreUI::Dispatch::UserAdapter::OnUserDispatchRaw(struct System::IntPtr,struct Microsoft::CoreUI::Dispatch::UserAdapterBase__UserPriority,bool,struct System::IntPtr &)
 22     CoreMessaging.dll!Microsoft::CoreUI::Dispatch::UserAdapter_DoWork(struct Microsoft::CoreUI::Dispatch::UserData *,struct Microsoft::CoreUI::Dispatch::UserAdapterBase__UserPriority,bool)
 23     CoreMessaging.dll!Microsoft::CoreUI::Dispatch::UserAdapter_HandleDispatchNotifyMessage(struct HWND__ *,unsigned int,long)
 24     CoreMessaging.dll!Microsoft::CoreUI::Dispatch::UserAdapter_WindowProc(struct HWND__ *,unsigned int,unsigned int,long)
 25     user32.dll!__InternalCallWinProc@20()
 26     user32.dll!UserCallWinProcCheckWow()
 27     user32.dll!DispatchClientMessage()
 28     user32.dll!___fnDWORD@4()
 29     ntdll.dll!_KiUserCallbackDispatcher@12()
 30     user32.dll!PeekMessageW()
 31     combase.dll!CCliModalLoop::MyPeekMessage(tagMSG * pMsg, HWND__ * hwnd, unsigned int min, unsigned int max, unsigned short wFlag)
 32     combase.dll!CCliModalLoop::HandleWakeForMsg()
 33     combase.dll!CCliModalLoop::BlockFn(void * * ahEvent, unsigned long cEvents, unsigned long * lpdwSignaled)
 34     combase.dll!ModalLoop(CSyncClientCall * pClientCall)
 35     combase.dll!ClassicSTAThreadDispatchCrossApartmentCall(tagRPCOLEMESSAGE * pMessage, OXIDEntry * pOXIDEntry, CSyncClientCall * pClientCall)
 36     [Inline Frame] combase.dll!CSyncClientCall::SwitchAptAndDispatchCall(tagRPCOLEMESSAGE * pMessage)
 37     combase.dll!CSyncClientCall::SendReceive2(tagRPCOLEMESSAGE * pMessage, unsigned long * pstatus)
 38     [Inline Frame] combase.dll!SyncClientCallRetryContext::SendReceiveWithRetry(tagRPCOLEMESSAGE *)
 39     [Inline Frame] combase.dll!CSyncClientCall::SendReceiveInRetryContext(SyncClientCallRetryContext *)
 40     combase.dll!ClassicSTAThreadSendReceive(CSyncClientCall * pClientCall, tagRPCOLEMESSAGE * pMsg, unsigned long * pulStatus)
 41     combase.dll!CSyncClientCall::SendReceive(tagRPCOLEMESSAGE * pMessage, unsigned long * pulStatus)
 42     [Inline Frame] combase.dll!CClientChannel::SendReceive(tagRPCOLEMESSAGE *)
 43     combase.dll!NdrExtpProxySendReceive(void * pThis, _MIDL_STUB_MESSAGE * pStubMsg)
 44     rpcrt4.dll!_NdrClientCall2()
 45     combase.dll!ObjectStublessClient(void * ParamAddress, long Method)
 46     combase.dll!_ObjectStubless@0()
 47     msftedit.dll!CSpellerGlobalState::ForegroundSpellCheck(struct ISpellChecker *,unsigned short *,bool)
 48     msftedit.dll!CSpellerGlobalState::SpellCheck(struct ISpellChecker *,unsigned short *,bool,bool,unsigned long,bool)
 49     msftedit.dll!CSpellCheckerEngine::CheckRangeWithCtx(struct ISpellEnginePosition *,struct ISpellEnginePosition *,struct ISpellEnginePosition *,bool)
 50     msftedit.dll!CSpellCheckerEngine::SpellCheckAndAutocorrect(bool *,unsigned long,bool)
 51     msftedit.dll!CSpellChecker::Spellcheck(void)
 52     msftedit.dll!CSpellChecker::ScanAndUpdate(void)
 53     msftedit.dll!CGenUndoBuilder::~CGenUndoBuilder()
 54     msftedit.dll!CTxtRange::SetText2()
 55     msftedit.dll!CTSF30Base::OnTextUpdatingWorker()
 56     msftedit.dll!Microsoft::WRL::Details::DelegateArgTraits<long (__stdcall Windows::Foundation::ITypedEventHandler_impl<Windows::Foundation::Internal::AggregateType<Windows::UI::Text::Core::CoreTextEditContext *,Windows::UI::Text::Core::ICoreTextEditContext *>,Windows::Foundation::Internal::AggregateType<Windows::UI::Text::Core::CoreTextTextUpdatingEventArgs *,Windows::UI::Text::Core::ICoreTextTextUpdatingEventArgs *>>::*)(Windows::UI::Text::Core::ICoreTextEditContext *,Windows::UI::Text::Core::ICoreTextTextUpdatingEventArgs *)>::DelegateInvokeHelper<Windows::Foundation::ITypedEventHandler<Windows::UI::Text::Core::CoreTextEditContext *,Windows::UI::Text::Core::CoreTextTextUpdatingEventArgs *>,<lambda_954949c5830b0088dafa56babb0eecfa>,-1,Windows::UI::Text::Core::ICoreTextEditContext *,Windows::UI::Text::Core::ICoreTextTextUpdatingEventArgs *>::Invoke()
 57     Windows.UI.Core.TextInput.dll!Microsoft::WRL::InvokeTraits<-2>::InvokeDelegates<class <lambda_01228b047d095ba6977e9a543f5ec51b>,struct Windows::Foundation::ITypedEventHandler<class Windows::UI::Internal::Text::Core::CoreTextEditViewJunction *,class Windows::UI::Internal::Text::Core::ViewCompositionTerminatedEventArgs *> >(class <lambda_01228b047d095ba6977e9a543f5ec51b>,class Microsoft::WRL::Details::EventTargetArray *,class Microsoft::WRL::EventSource<struct Windows::Foundation::ITypedEventHandler<class Windows::UI::Internal::Text::Core::CoreTextEditViewJunction *,class Windows::UI::Internal::Text::Core::ViewCompositionTerminatedEventArgs *>,struct Microsoft::WRL::InvokeModeOptions<-2> > *)
 58     Windows.UI.Core.TextInput.dll!Microsoft::WRL::EventSource<struct Windows::Foundation::ITypedEventHandler<class Windows::UI::Internal::Text::Core::CoreTextSystemInputProcessor *,class Windows::UI::Internal::Text::Core::CoreTextInputKeyNotifiedArgs *>,struct Microsoft::WRL::InvokeModeOptions<-2> >::InvokeAll<struct Windows::UI::Internal::Text::Core::ICoreTextSystemInputProcessor *,struct Windows::UI::Internal::Text::Core::ICoreTextInputKeyNotifiedArgs *>(struct Windows::UI::Internal::Text::Core::ICoreTextSystemInputProcessor *,struct Windows::UI::Internal::Text::Core::ICoreTextInputKeyNotifiedArgs *)
 59     Windows.UI.Core.TextInput.dll!Windows::UI::Text::Core::CEditContext::ReplaceTextInternal(int,int,struct MsgString *,bool,int,int)
 60     Windows.UI.Core.TextInput.dll!Windows::UI::Text::Core::CEditContext::ReplaceText(int,int,struct MsgString *)
 61     msctf.dll!CTextChange::Execute()
 62     msctf.dll!CTextInputClientOwnerAdapter::_ExecuteOperation()
 63     msctf.dll!CTextInputClientOwnerAdapter::SetText(unsigned long,long,long,unsigned short const *,unsigned long,struct TS_TEXTCHANGE *)
 64     TextInputFramework.dll!CACPWrap::SetText(unsigned long,struct IAnchor *,struct IAnchor *,unsigned short const *,unsigned long)
 65     TextInputFramework.dll!CRange::_SetText(unsigned long,unsigned long,unsigned short const *,long)
 66     TextInputFramework.dll!CRange::SetText(unsigned long,unsigned long,unsigned short const *,long)
 67     IMETIP.DLL!CTipCompositionContext::SetText()
 68     IMETIP.DLL!CTipCompositionChunk::UpdateContext()
 69     IMETIP.DLL!CTipFnCompose::EsfnApplyInterimComposition(unsigned long,class CTipComposition *)
 70     IMETIP.DLL!CTipFnCompose::OnEditSession()
 71     IMETIP.DLL!CTipFnEditSessionHandler::_OnDoEditSession()
 72     IMETIP.DLL!Tsfutil::CTfEditSession::DoEditSession()
 73     TextInputFramework.dll!CInputContext::_DoEditSession(unsigned long,struct ITfEditSession *,unsigned long)
 74     TextInputFramework.dll!CInputContext::_EditSessionQiCallback(class CInputContext *,struct _TS_QUEUE_ITEM *,enum QiCallbackCode)
 75     TextInputFramework.dll!CInputContext::_DispatchQueueItem(struct _TS_QUEUE_ITEM *)
 76     TextInputFramework.dll!CInputContext::_EmptyLockQueue(unsigned long,int)
 77     TextInputFramework.dll!CInputContext::OnLockGranted(unsigned long)
 78     TextInputFramework.dll!CACPWrap::OnLockGranted(unsigned long)
 79     msctf.dll!CTextInputClientOwnerAdapter::_EnableCiceroSession()
 80     msctf.dll!CTextInputClientOwnerAdapter::RequestLock()
 81     TextInputFramework.dll!CACPWrap::RequestLock(unsigned long,long *)
 82     TextInputFramework.dll!SafeRequestLock(struct ITextStoreAnchor *,unsigned long,long *)
 83     TextInputFramework.dll!CInputContext::_QueueItem(struct _TS_QUEUE_ITEM *,int,long *)
 84     TextInputFramework.dll!CInputContext::RequestEditSession(unsigned long,struct ITfEditSession *,unsigned long,long *)
 85     IMETIP.DLL!CTipFnEditSessionHandler::InvokeInternal(enum __MIDL___MIDL_itf_tipfunc_0000_0009_0001,enum __MIDL___MIDL_itf_tipfunc_0000_0009_0002,struct ITipEditSessionProcedure *,struct IUnknown *,long *,unsigned long)
 86     IMETIP.DLL!CTipFnEditSessionHandler::Invoke(enum __MIDL___MIDL_itf_tipfunc_0000_0009_0001,enum __MIDL___MIDL_itf_tipfunc_0000_0009_0002,struct ITipEditSessionProcedure *,struct IUnknown *,long *)
 87     IMETIP.DLL!CTipFnCompose::OnApplyComposition(class CTipComposition *,int)
 88     IMETIP.DLL!CTipFnProductStringHandler::UpdateComposition()
 89     IMETIP.DLL!CTipFnProductStringHandler::_OnProductObjectChanged()
 90     IMETIP.DLL!Imeapiutil::CImeProductObjectChangeNotify::OnProductObjectChanged()
 91     IMJKAPI.DLL!CImeProductObject_JK::EndUpdateProductObject()
 92     imkrapi.dll!CImeCommonAPI_KOR_Desktop_V1::GenerateProductString(void)
 93     imkrapi.dll!CImeCommonAPI_KOR_Desktop_V1::RunHangulAutomata(struct __MIDL___MIDL_itf_imeapi_0000_0009_0001 const *)
 94     imkrapi.dll!CImeKeyEventHandler_KOR_Desktop_V1::ProcessKey(struct __MIDL___MIDL_itf_imeapi_0000_0009_0001 const *)
 95     imkrapi.dll!CImeKeyEventHandler_KOR_Desktop_V1::OnKeyDown(struct __MIDL___MIDL_itf_imeapi_0000_0009_0001 const *,int *)
 96     IMETIP.DLL!CTipFnKeyEventHandler::OnKeyDown()
 97     IMETIP.DLL!CTipContextEditorMgr::_OnKeyboardEvent()
 98     IMETIP.DLL!Tsfutil::CTfKeyEventSink::OnKeyDown()
 99     msctf.dll!CTip::OnKeyboardEvent(struct IInputContextPrivate *,enum KeyEventFlags,unsigned int,long,int *)
 100    msctf.dll!CThreadInputMgr::_CallKeyEventSink(unsigned long,struct IInputContextPrivate *,enum KeyEventFlags,unsigned int,long,int *)
 101    msctf.dll!CThreadInputMgr::_KeyStroke(enum KeyEventFlags,unsigned int,long,int *)
 102    msctf.dll!SYSTHREAD::OnKeyboardEvent(unsigned int,long,bool)
 103    msctf.dll!_TF_Notify@12()
 104    user32.dll!CtfHookProcWorker(int,unsigned int,long,unsigned long)
 105    user32.dll!CallHookWithSEH()
 106    user32.dll!___fnHkINDWORD@4()
 107    ntdll.dll!_KiUserCallbackDispatcher@12()
 108    XamlIslandsApp.exe!WinMain(HINSTANCE__ * hInstance, HINSTANCE__ * hPrevInstance, char * lpCmdLine, int nCmdShow)
 109    [External Code]`

Steps to reproduce the bug

  1. Configure Korean keyboard layout in "Language settings". I used the default settings: input method "Microsoft IME", hardware keyboard type "2 Beolsik" (I use a standard UK hardware keyboard without Korean language support).
  2. Start XamlIslandsApp from https://github.com/ilitosh/XamlPlayground. (This is just a basic XAML app with a basic Textbox.) Important to have Spellcheck enabled. This is where the TextBox is configured.
  3. Switch to Korean: and toggle English/Hangul tooggle to Hangul (see the image below). Type in Korean until it crashes. I used this AutoHotkey script which imitates typing, and reliably reproduces the crash most of the time. image

Expected behavior

Typing should not crash the application.

Screenshots

No response

NuGet package version

No response

Windows app type

Device form factor

Desktop

Windows version

Windows 10 (21H1): Build 19043

Additional context

No response

stmoy commented 2 years ago

FYI: this issue affects Messenger Desktop and React Native for Windows. Although this isn't specifically a RNW issue, we'll need this to be fixed in the context of Messenger.

stmoy commented 2 years ago

Following up on this internally: Bug 38902722.

The stack in the issue shows a stowed exception - we'll need to get the stowed exception stack to help narrow down the issue.

jonthysell commented 2 years ago

Investigating the provided repro repo.

jonthysell commented 2 years ago

I can repro on Win11 (provided I set the option to use the "old IME" as the new one doesn't do spellchecking.

image
asklar commented 2 years ago

We have an understanding of the issue but there doesn't seem to be much that an app can do to avoid the crash. Recommend fixing this in WinUI3 (fix details in the internal bug). CC @codendone

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 180 days with no activity. Remove stale label or comment or this will be closed in 5 days.