Upon further investigation, it would seem that the problem here is that when an event is being raised by a XAML element (underlying an RNX control), if there is a registered handler for it on the TS/JS side, then there is a mismanagement of the EventAttachInfo object and the XamlMetadata object it contains which leads to a crash if and only if the memory for either of these has been zero'd out or repurposed by the time it is attempted to be used.
Under normal circumstances, we weren't seeing this, since Windows doesn't seem to clear memory immediate after it has been released. But with AppVerifier running, the memory is immediately invalidated and written-to with garbage, exposing this potential race condition.
Steps To Reproduce
Create a sample RNW application with a variety of interactive XAML controls (via RNX)
Run Application Verifier and opt-in your RNW test app EXE
Run your RNW test app
Interact with various elements, resize the view, etc.
Observe a crash
Expected Results
No crash
Environment
System:
OS: Windows 11
CPU: "(24) x64 AMD Ryzen Threadripper PRO 3945WX 12-Cores "
Memory: 30.45 GB / 63.86 GB
Binaries:
Node:
version: 18.17.1
path: C:\Program Files\nodejs\node.EXE
Yarn:
version: 1.22.19
path: ~\AppData\Roaming\npm\yarn.CMD
npm:
version: 9.6.7
path: C:\Program Files\nodejs\npm.CMD
Watchman: Not Found
SDKs:
Android SDK: Not Found
Windows SDK:
AllowDevelopmentWithoutDevLicense: Enabled
AllowAllTrustedApps: Enabled
Versions:
- 10.0.17763.0
- 10.0.18362.0
- 10.0.19041.0
- 10.0.22000.0
- 10.0.22621.0
IDEs:
Android Studio: Not Found
Visual Studio:
- 17.8.34511.84 (Visual Studio Enterprise 2022)
- 16.11.34407.143 (Visual Studio Enterprise 2019)
Languages:
Java: Not Found
Ruby: Not Found
npmPackages:
"@react-native-community/cli": Not Found
react: Not Found
react-native: Not Found
react-native-windows: Not Found
npmGlobalPackages:
"*react-native*": Not Found
Android:
hermesEnabled: Not found
newArchEnabled: Not found
iOS:
hermesEnabled: Not found
newArchEnabled: Not found
Problem Description
When testing our application(s) under Application Verifier we are observing crashes that are being attributed to the following function signature:
Upon further investigation, it would seem that the problem here is that when an
eventis being raised by a XAML element (underlying an RNX control), if there is a registered handler for it on the TS/JS side, then there is a mismanagement of theEventAttachInfoobject and theXamlMetadataobject it contains which leads to a crash if and only if the memory for either of these has been zero'd out or repurposed by the time it is attempted to be used.Under normal circumstances, we weren't seeing this, since Windows doesn't seem to clear memory immediate after it has been released. But with AppVerifier running, the memory is immediately invalidated and written-to with garbage, exposing this potential race condition.
Steps To Reproduce
Expected Results
No crash
Environment