Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(NTSTATUS) 0xc0000409 - Bufferoverflow #10194

Open
Larhei opened this issue Nov 22, 2024 · 0 comments
Open

(NTSTATUS) 0xc0000409 - Bufferoverflow #10194

Larhei opened this issue Nov 22, 2024 · 0 comments
Labels
bug Something isn't working needs-triage Issue needs to be triaged by the area owners

Comments

@Larhei
Copy link

Larhei commented Nov 22, 2024
edited
Loading

Describe the bug

We are getting crashes within our unpackeged Maui App when closing the MainWindow while drawing some Image (thats my uneducated guess.)

Windbg is giving me with KB
 # RetAddr               : Args to Child                                                           : Call Site
00 00007ffb`3dfe500f     : 00007ffb`3e0aa000 00007ffb`3df40000 0000dd58`001ee000 000000d1`9117c590 : ntdll!LdrpICallHandler+0xf
01 00007ffb`3df44cef     : 000000d1`9117c590 00000000`00000000 00000000`00000000 00000000`0010000b : ntdll!RtlpExecuteHandlerForException+0xf
02 00007ffb`3dfe3d7e     : 3ff00000`00000000 000000d1`9117c9f0 00000264`56fd5e60 00007ffa`a6c83d2b : ntdll!RtlDispatchException+0x40f
03 00007ffb`3dfd027e     : 00007ffa`a934df13 00000264`56fd5e60 00000264`56fd5e60 00000000`00000000 : ntdll!KiUserExceptionDispatch+0x2e
04 00007ffa`a934df13     : 00000264`56fd5e60 00000264`56fd5e60 00000000`00000000 00007ffa`00000000 : ntdll!LdrpDispatchUserCallTarget+0xe
05 (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasImageSource::CreateDrawingSessionWithUpdateRectangle::__l2::<lambda_f9c35089076e450fa8495e634d76fa21>::operator()+0x107 [C:\__w\1\s\winrt\lib\xaml\CanvasImageSource.cpp @ 290] 
06 00007ffa`a934d61f     : 00000000`00000000 00000264`56a94380 00000000`00000001 00007ffa`a750a82e : Microsoft_Graphics_Canvas!ExceptionBoundary<<lambda_f9c35089076e450fa8495e634d76fa21> >+0x12b [C:\__w\1\s\winrt\inc\ErrorHandling.h @ 221] 
07 00007ffa`a934d5d8     : 00000264`56ad0960 00000264`56ad0960 00000000`00000001 000000d1`9117d050 : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasImageSource::CreateDrawingSessionWithUpdateRectangle+0x3f [C:\__w\1\s\winrt\lib\xaml\CanvasImageSource.cpp @ 300] 
08 00007ffa`a9343504     : 000000d1`9117d058 00000000`00000002 00000000`00000000 00007ffa`a75084ef : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasImageSource::CreateDrawingSession+0x48 [C:\__w\1\s\winrt\lib\xaml\CanvasImageSource.cpp @ 275] 
09 00007ffa`a93479f3     : 000000d1`00000000 000000d1`9117d1f0 00000264`57163390 00007ffa`a93ee548 : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::BaseControlWithDrawHandler<ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasControlTraits>::Draw+0x48 [C:\__w\1\s\winrt\lib\xaml\BaseControl.h @ 1112] 
0a (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasControl::DrawControl::__l2::<lambda_cb32cd7695b27102c2fe625dabc4fdc3>::operator()+0x17 [C:\__w\1\s\winrt\lib\xaml\CanvasControl.cpp @ 228] 
0b 00007ffa`a93481d6     : 00000000`00000001 00001fa4`7a413985 00000264`56a94320 00000264`5635f2b0 : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::BaseControl<ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasControlTraits>::RunWithRenderTarget<<lambda_cb32cd7695b27102c2fe625dabc4fdc3> &>+0x1ef [C:\__w\1\s\winrt\lib\xaml\BaseControl.h @ 703] 
0c (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::BaseControl<ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasControlTraits>::RunWithRenderTarget::__l2::<lambda_38ce0798f83025c459604c482bfa6c3d>::operator()+0x32 [C:\__w\1\s\winrt\lib\xaml\BaseControl.h @ 580] 
0d (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_Graphics_Canvas!std::invoke+0x32 [c:\program files\microsoft visual studio\2022\enterprise\VC\Tools\MSVC\14.38.33130\include\type_traits @ 1741] 
0e 00007ffa`a9343c9b     : 00000223`b3e20d20 00000264`56a94320 00000000`00000020 00000000`00000000 : Microsoft_Graphics_Canvas!std::_Func_impl_no_alloc<<lambda_38ce0798f83025c459604c482bfa6c3d>,void,ABI::Microsoft::Graphics::Canvas::ICanvasDevice *,enum ABI::Microsoft::Graphics::Canvas::UI::Xaml::RunWithDeviceFlags>::_Do_call+0x36 [c:\program files\microsoft visual studio\2022\enterprise\VC\Tools\MSVC\14.38.33130\include\functional @ 812] 
0f (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_Graphics_Canvas!std::_Func_class<void,ABI::Microsoft::Graphics::Canvas::ICanvasDevice *,enum ABI::Microsoft::Graphics::Canvas::UI::Xaml::RunWithDeviceFlags>::operator()+0x24 [c:\program files\microsoft visual studio\2022\enterprise\VC\Tools\MSVC\14.38.33130\include\functional @ 854] 
10 00007ffa`a9342283     : 000000d1`9117d2c0 000000d1`9117d480 000000d1`9117d359 00000264`56a94560 : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::RecreatableDeviceManager<ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasControlTraits>::RunWithDevice+0x11b [C:\__w\1\s\winrt\lib\xaml\RecreatableDeviceManager.impl.h @ 186] 
11 (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::BaseControl<ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasControlTraits>::RunWithRenderTarget+0x141 [C:\__w\1\s\winrt\lib\xaml\BaseControl.h @ 577] 
12 00007ffa`a93420b1     : 000000d1`9117d480 000000d1`9117d480 00000264`56a94668 00000264`56a94320 : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasControl::DrawControl+0x187 [C:\__w\1\s\winrt\lib\xaml\CanvasControl.cpp @ 222] 
13 00007ffa`a9346011     : 00000264`566a4600 00000264`5a9356f0 00000264`56162320 00000000`00000000 : Microsoft_Graphics_Canvas!<lambda_098dba2eb993d81b26588cdc38e48494>::operator()+0xe9 [C:\__w\1\s\winrt\lib\xaml\CanvasControl.cpp @ 196] 
14 00007ffa`a9341fc3     : 00000264`6010a0c0 00007ffa`a741e58e 00000223`b59569f0 00000000`00000000 : Microsoft_Graphics_Canvas!ExceptionBoundary<<lambda_098dba2eb993d81b26588cdc38e48494> >+0x9 [C:\__w\1\s\winrt\inc\ErrorHandling.h @ 222] 
15 00007ffa`a93482f9     : 00000264`56a94320 00007ffa`a741c848 00000223`b59569f0 00000264`6010a098 : Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasControl::OnCompositionRendering+0x13 [C:\__w\1\s\winrt\lib\xaml\CanvasControl.cpp @ 217] 
16 (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_Graphics_Canvas!Microsoft::WRL::Callback::__l2::<lambda_43622bed9df17de97679dfd9f5418de9>::operator()+0x12 [C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\winrt\wrl\event.h @ 335] 
17 00007ffa`a6fa75b5     : 00000000`00000000 00007ffa`a741afd3 00000000`00000000 00000000`00000078 : Microsoft_Graphics_Canvas!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl ABI::Windows::Foundation::ITypedEventHandler_impl<ABI::Windows::Foundation::Internal::AggregateType<ABI::Microsoft::UI::Xaml::XamlRoot *,ABI::Microsoft::UI::Xaml::IXamlRoot *>,ABI::Windows::Foundation::Internal::AggregateType<ABI::Microsoft::UI::Xaml::XamlRootChangedEventArgs *,ABI::Microsoft::UI::Xaml::IXamlRootChangedEventArgs *> >::*)(ABI::Microsoft::UI::Xaml::IXamlRoot *,ABI::Microsoft::UI::Xaml::IXamlRootChangedEventArgs *)>::DelegateInvokeHelper<ABI::Windows::Foundation::ITypedEventHandler<ABI::Microsoft::UI::Xaml::XamlRoot *,ABI::Microsoft::UI::Xaml::XamlRootChangedEventArgs *>,<lambda_43622bed9df17de97679dfd9f5418de9>,1,ABI::Microsoft::UI::Xaml::IXamlRoot *,ABI::Microsoft::UI::Xaml::IXamlRootChangedEventArgs *>::Invoke+0x19 [C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\winrt\wrl\event.h @ 245] 
18 00007ffa`a71f31d1     : 00007ffa`a6d23be0 00000000`00000000 00000223`b59569f0 00000000`00000000 : Microsoft_UI_Xaml!DirectUI::CEventSourceBase<DirectUI::IUntypedEventSource,ABI::Windows::Foundation::ITypedEventHandler<ABI::Microsoft::UI::Xaml::Controls::TextBox *,ABI::Microsoft::UI::Xaml::Controls::TextBoxSelectionChangingEventArgs *>,ABI::Microsoft::UI::Xaml::Controls::ITextBox,ABI::Microsoft::UI::Xaml::Controls::ITextBoxSelectionChangingEventArgs>::Raise+0x1b9 [C:\__w\1\s\dxaml\xcp\dxaml\lib\JoltClasses.h @ 271] 
19 (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_UI_Xaml!DirectUI::DXamlCore::OnRenderingEvent+0x24 [C:\__w\1\s\dxaml\xcp\dxaml\lib\DXamlCore.cpp @ 2362] 
1a 00007ffa`a6c1ada9     : 00000264`566a3e00 00000264`4b326220 000000d1`9117d730 00000223`b59569f0 : Microsoft_UI_Xaml!DirectUI::DXamlCore::RaiseEvent+0x1f5 [C:\__w\1\s\dxaml\xcp\dxaml\lib\DXamlCore.cpp @ 2109] 
1b 00007ffa`a6c1d634     : 00000223`b59174b0 00000223`b59174b0 00000223`b59174b0 00000000`00000000 : Microsoft_UI_Xaml!CCoreServices::CallPerFrameCallback+0x91 [C:\__w\1\s\dxaml\xcp\core\dll\xcpcore.cpp @ 4202] 
1c 00007ffa`a6c1ce95     : 000000d1`9117d940 000000d1`9117d940 00007ffa`a77b5f78 00007ffa`a6bfc623 : Microsoft_UI_Xaml!CCoreServices::NWDrawTree+0x6e0 [C:\__w\1\s\dxaml\xcp\core\dll\xcpcore.cpp @ 6184] 
1d 00007ffa`a6c2f930     : 00000264`4b3076f0 00000264`4b19de08 000000d1`9117d940 00000264`4b326220 : Microsoft_UI_Xaml!CCoreServices::NWDrawMainTree+0x1ed [C:\__w\1\s\dxaml\xcp\core\dll\xcpcore.cpp @ 5922] 
1e 00007ffa`a6e33388     : 00000000`00000000 00000000`00000000 000000d1`9117d9f0 000000d1`9117da00 : Microsoft_UI_Xaml!CWindowRenderTarget::Draw+0x88 [C:\__w\1\s\dxaml\xcp\core\compositor\windowrendertarget.cpp @ 129] 
1f 00007ffa`a6e6bcd2     : 00000223`b591d0f0 00000223`b591d14c 00000000`00000000 00007ffa`a6c4accf : Microsoft_UI_Xaml!CXcpBrowserHost::OnTick+0x58 [C:\__w\1\s\dxaml\xcp\host\win\browserdesktop\WinBrowserHost.cpp @ 339] 
20 00007ffa`a6e6b543     : 00000223`b591d0e0 00000223`b591d0e0 00000223`b5911590 000000d1`9117dac1 : Microsoft_UI_Xaml!CXcpDispatcher::Tick+0x142 [C:\__w\1\s\dxaml\xcp\win\shared\xcpwindow.cpp @ 1128] 
21 00007ffa`a6e6b33f     : 00000000`00000000 00000264`5d9980d0 000000d1`9117dac1 0000f7e1`043148c0 : Microsoft_UI_Xaml!CXcpDispatcher::OnReentrancyProtectedWindowMessage+0x1ff [C:\__w\1\s\dxaml\xcp\win\shared\xcpwindow.cpp @ 741] 
22 00007ffa`a6e6a867     : 00000000`00000000 00000264`55fdeb00 00007ffa`a78a4f68 00000000`00000000 : Microsoft_UI_Xaml!CXcpDispatcher::ProcessMessage+0x7b [C:\__w\1\s\dxaml\xcp\win\shared\xcpwindow.cpp @ 630] 
23 00007ffa`a6e6e8fd     : 000000d1`9117db00 00007ffa`4fe900d3 00000264`56714170 00000223`b591d0e0 : Microsoft_UI_Xaml!CDeferredInvoke::DispatchQueuedMessage+0x83 [C:\__w\1\s\dxaml\xcp\win\shared\xcpwindow.cpp @ 147] 
24 (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_UI_Xaml!CXcpDispatcher::MessageTimerCallback+0x44 [C:\__w\1\s\dxaml\xcp\win\shared\xcpwindow.cpp @ 1213] 
25 (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_UI_Xaml!CXcpDispatcher::MessageTimerCallbackStatic+0x48 [C:\__w\1\s\dxaml\xcp\win\shared\xcpwindow.cpp @ 1203] 
26 (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_UI_Xaml!CXcpDispatcher::Init::__l46::<lambda_1>::operator()+0x48 [C:\__w\1\s\dxaml\xcp\win\shared\xcpwindow.cpp @ 313] 
27 00007ffa`b06f71f7     : 00000264`4b2f4100 00007ffa`b067dedd 00000000`00000001 00007ffa`b067d4ee : Microsoft_UI_Xaml!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl ABI::Windows::Foundation::ITypedEventHandler_impl<ABI::Windows::Foundation::Internal::AggregateType<ABI::Microsoft::UI::Dispatching::DispatcherQueueTimer *,ABI::Microsoft::UI::Dispatching::IDispatcherQueueTimer *>,IInspectable *>::*)(ABI::Microsoft::UI::Dispatching::IDispatcherQueueTimer *,IInspectable *)>::DelegateInvokeHelper<Microsoft::WRL::Implements<Microsoft::WRL::RuntimeClassFlags<2>,ABI::Windows::Foundation::ITypedEventHandler<ABI::Microsoft::UI::Dispatching::DispatcherQueueTimer *,IInspectable *>,Microsoft::WRL::FtmBase>,`CXcpDispatcher::Init'::`46'::<lambda_1> &,1,ABI::Microsoft::UI::Dispatching::IDispatcherQueueTimer *,IInspectable *>::Invoke+0x5d [C:\__w\1\s\packages\Microsoft.Windows.SDK.cpp.10.0.22621.755\c\Include\10.0.22621.0\winrt\wrl\event.h @ 354] 
28 00007ffa`b06f254f     : 00000000`0000000b 00000264`4b2f4100 00000264`4b30e3d8 00000264`4b2ffce0 : CoreMessagingXP!Microsoft::WRL::Details::DelegateArgTraits<long (__cdecl Windows::Foundation::ITypedEventHandler_impl<Windows::Foundation::Internal::AggregateType<Microsoft::UI::Dispatching::DispatcherQueueTimer * __ptr64,Microsoft::UI::Dispatching::IDispatcherQueueTimer * __ptr64>,IInspectable * __ptr64>::*)(Microsoft::UI::Dispatching::IDispatcherQueueTimer * __ptr64,IInspectable * __ptr64) __ptr64>::DelegateInvokeHelper<Microsoft::WRL::Implements<Microsoft::WRL::RuntimeClassFlags<2>,Windows::Foundation::ITypedEventHandler<Microsoft::UI::Dispatching::DispatcherQueueTimer * __ptr64,IInspectable * __ptr64>,Microsoft::WRL::FtmBase>,<lambda_82cf8073f4f042d1a68771c460cb9f49>,-1,Microsoft::UI::Dispatching::IDispatcherQueueTimer * __ptr64,IInspectable * __ptr64>::Invoke+0x87
29 00007ffa`b06f7693     : 00000264`4b2f4100 00000000`00000000 00000264`4b3081b0 00000264`4b2f4100 : CoreMessagingXP!Microsoft::WRL::InvokeTraits<-2>::InvokeDelegates<<lambda_1e854da9c9ccd42f6138c3b007a32877>,Windows::Foundation::ITypedEventHandler<Microsoft::UI::Dispatching::DispatcherQueueTimer * __ptr64,IInspectable * __ptr64> >+0x83
2a 00007ffa`b06a09fd     : 00000264`4b3081b0 00000000`00000000 000000d1`9117dc60 00000000`00000001 : CoreMessagingXP!Microsoft::UI::Dispatching::DispatcherQueueTimer::TimerCallback+0xf3
2b 00007ffa`b06a4a56     : 00000264`4b2f0580 00007ffa`b06f75a0 00000264`00000000 00000000`00000001 : CoreMessagingXP!CFlat::SehSafe::Execute<<lambda_a81ff790741c2a62f2197c2561f5fe49> >+0x21
2c 00007ffa`b0690d99     : 00000264`4b2f4be0 00000264`00000000 00000264`4b300b90 00000000`00189f72 : CoreMessagingXP!Microsoft::CoreUI::ActionCallback::ImportAdapter$+0x66
2d 00007ffa`b067c880     : 00000264`4b306c30 00000264`545abf80 00000264`4b300b90 00000264`4b2f3ad0 : CoreMessagingXP!Microsoft::CoreUI::Dispatch::TimeoutManager::Callback_OnDispatch+0x1a9
2e 00007ffa`b067c5ed     : 00000264`4b2f0580 00000000`00000000 00000000`00000000 00000264`4b2f3ad0 : CoreMessagingXP!Microsoft::CoreUI::Dispatch::Dispatcher::Callback_DispatchNextItem+0x1bc
2f 00007ffa`b066fd7c     : 00000000`00000000 ffffffff`fffffffe 00000223`b3f479f0 00007ffb`3df65a17 : CoreMessagingXP!Microsoft::CoreUI::Dispatch::Dispatcher::Callback_DispatchLoop+0x1b9
30 00007ffa`b0672c66     : 00000223`b3f479f0 00000223`b3f74530 00000264`00000000 00000264`4b19e920 : CoreMessagingXP!Microsoft::CoreUI::Dispatch::EventLoop::Callback_RunCoreLoop+0x164
31 00007ffa`b0672fdc     : 00000264`4b2f0580 00000264`4b2f55d0 00000000`00000001 00007ffa`b066f1f1 : CoreMessagingXP!Microsoft::CoreUI::Dispatch::UserAdapter::DrainCoreMessagingQueue+0x15a
32 00007ffa`b06b36a3     : 00000000`007f09d0 000000d1`9117e370 80006010`00000001 00000000`00000000 : CoreMessagingXP!Microsoft::CoreUI::Dispatch::UserAdapter::OnUserDispatch+0x98
33 00007ffa`b06b3836     : 00000264`4b197d10 00000000`007f09d0 00000000`00000000 00000264`4b19e920 : CoreMessagingXP!Microsoft::CoreUI::Dispatch::UserAdapter::DoWork+0xa7
34 00007ffa`b06b3dae     : 00000000`00000001 00000000`007f09d0 0000b584`e1885a40 00005f64`26e14287 : CoreMessagingXP!Microsoft::CoreUI::Dispatch::UserAdapter::HandleDispatchNotifyMessage+0x132
35 00007ffb`3cdb74d6     : 00000000`00000001 00000000`00000000 000000d1`9117e238 000000d1`9117e258 : CoreMessagingXP!Microsoft::CoreUI::Dispatch::UserAdapter::WindowProc+0x5e
36 00007ffb`3cdb6ff2     : 00000223`b4517e30 00007ffa`b06b3d50 00000000`007f09d0 000000d1`9117e330 : user32!UserCallWinProcCheckWow+0x266
37 00007ffa`a71dfacd     : 000000d1`9117e330 000000d1`00000000 00000000`00000000 00000000`00000000 : user32!DispatchMessageWorker+0x1b2
38 00007ffa`a71dd9e2     : 00000000`00000000 000000d1`9117e3b9 00000000`00000000 00007ffa`b06f0f60 : Microsoft_UI_Xaml!DirectUI::FrameworkApplication::RunDesktopWindowMessageLoop+0x99 [C:\__w\1\s\dxaml\xcp\dxaml\lib\FrameworkApplication_Partial.cpp @ 1321] 
39 00007ffa`a6e8f1b8     : 00000264`4b2dbb20 000000d1`9117e6f8 000000d1`9117e898 00007ffa`4db3129c : Microsoft_UI_Xaml!DirectUI::FrameworkApplication::StartDesktop+0x3c2 [C:\__w\1\s\dxaml\xcp\dxaml\lib\FrameworkApplication_Partial.cpp @ 242] 
3a (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Microsoft_UI_Xaml!DirectUI::FrameworkApplicationFactory::StartImpl+0xbd [C:\__w\1\s\dxaml\xcp\dxaml\lib\FrameworkApplication_Partial.cpp @ 183] 
3b 00007ffa`4db28ab3     : 000000d1`9117e740 000000d1`9117e4d0 000000d1`9117e1a0 00000000`00000003 : Microsoft_UI_Xaml!DirectUI::FrameworkApplicationFactory::Start+0x108 [C:\__w\1\s\dxaml\xcp\dxaml\lib\winrtgeneratedclasses\FrameworkApplication.g.cpp @ 843] 
3c 00007ffa`4db275cc     : 00000223`b7c12b30 00000223`b7c12ad8 00000000`4476b800 00000223`b8800000 : 0x00007ffa`4db28ab3
3d 00007ffa`4db270d8     : 00000223`b7c12ad8 00000000`00088e04 00000000`4476b800 00000223`b8800000 : 0x00007ffa`4db275cc
3e 00007ffa`ad6e69a3     : 00000223`b7c0d9d8 000000d1`9117ec98 000000d1`9117ec98 000000d1`9117e889 : 0x00007ffa`4db270d8
3f 00007ffa`ad64576c     : 00000000`00000000 00000000`00000000 000000d1`9117e898 00007ffa`00000001 : coreclr!CallDescrWorkerInternal+0x83 [D:\a\_work\1\s\src\coreclr\vm\amd64\CallDescrWorkerAMD64.asm @ 74] 
40 00007ffa`ad663d28     : 000000d1`9117e918 00000000`00000000 00000000`00000048 00007ffa`ad683776 : coreclr!MethodDescCallSite::CallTargetWorker+0x208 [D:\a\_work\1\s\src\coreclr\vm\callhelpers.cpp @ 595] 
41 (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : coreclr!MethodDescCallSite::Call+0xb [D:\a\_work\1\s\src\coreclr\vm\callhelpers.h @ 465] 
42 00007ffa`ad663e86     : 00000223`b7c0d9d8 00000223`b8412448 00000000`00000000 000000d1`9117ec98 : coreclr!RunMainInternal+0x11c [D:\a\_work\1\s\src\coreclr\vm\assembly.cpp @ 1235] 
43 00007ffa`ad66419f     : 00000223`b58b3360 00007ffa`00000000 00000223`b58b3360 000000d1`9117ec98 : coreclr!RunMain+0xd2 [D:\a\_work\1\s\src\coreclr\vm\assembly.cpp @ 1306] 
44 00007ffa`ad651077     : 00000000`00000000 00000000`00000000 00000000`00000000 00000223`b58bd060 : coreclr!Assembly::ExecuteMainMethod+0x1a3 [D:\a\_work\1\s\src\coreclr\vm\assembly.cpp @ 1434] 
45 00007ffa`ad610ecc     : 00000000`00000001 000000d1`00000000 00000000`00000001 00007ffa`b2b5237a : coreclr!CorHost2::ExecuteAssembly+0x1e7 [D:\a\_work\1\s\src\coreclr\vm\corhost.cpp @ 349] 
46 00007ffa`b2b6ec7f     : 00000223`b3f2a0a0 00000223`b3f155d0 00000000`00000000 00000223`b3f155d0 : coreclr!coreclr_execute_assembly+0xcc [D:\a\_work\1\s\src\coreclr\dlls\mscoree\exports.cpp @ 494] 
47 (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : hostpolicy!coreclr_t::execute_assembly+0x29 [D:\a\_work\1\s\src\native\corehost\hostpolicy\coreclr.cpp @ 108] 
48 00007ffa`b2b6ef5c     : 00000223`b3f1fa18 000000d1`9117f009 00007ffa`b2ba61e0 00000223`b3f1fa18 : hostpolicy!run_app_for_context+0x58f [D:\a\_work\1\s\src\native\corehost\hostpolicy\hostpolicy.cpp @ 256] 
49 00007ffa`b2b6f86a     : 00000000`00000000 00000223`b3f1fa10 00000223`b3f1fa10 00000000`00000000 : hostpolicy!run_app+0x3c [D:\a\_work\1\s\src\native\corehost\hostpolicy\hostpolicy.cpp @ 285] 
4a 00007ffa`b2c7da09     : 00000223`b3f2fb18 00000223`b3f2fa00 00000000`00000000 000000d1`9117f0e9 : hostpolicy!corehost_main+0x15a [D:\a\_work\1\s\src\native\corehost\hostpolicy\hostpolicy.cpp @ 426] 
4b 00007ffa`b2c7ff86     : 00000223`b3f1b000 000000d1`9117f470 00000000`00000000 00000000`00000000 : hostfxr!execute_app+0x2e9 [D:\a\_work\1\s\src\native\corehost\fxr\fx_muxer.cpp @ 145] 
4c 00007ffa`b2c8207c     : 00007ffa`b2cb38b8 00000223`b3f34150 000000d1`9117f3b0 000000d1`9117f360 : hostfxr!`anonymous namespace'::read_config_and_execute+0xa6 [D:\a\_work\1\s\src\native\corehost\fxr\fx_muxer.cpp @ 532] 
4d 00007ffa`b2c80553     : 000000d1`9117f470 000000d1`9117f490 000000d1`9117f3e1 000000d1`9117f470 : hostfxr!fx_muxer_t::handle_exec_host_command+0x16c [D:\a\_work\1\s\src\native\corehost\fxr\fx_muxer.cpp @ 1007] 
4e 00007ffa`b2c78390     : 000000d1`9117f490 00000223`b3f33cf0 00000000`00000002 00007ff6`17d394fe : hostfxr!fx_muxer_t::execute+0x483 [D:\a\_work\1\s\src\native\corehost\fxr\fx_muxer.cpp @ 578] 
*** WARNING: Unable to verify checksum for Fux.exe
4f 00007ff6`17d3a4a1     : 00007ffb`3b02a4b8 00007ffa`b2c798f0 000000d1`9117f630 00000223`b3f2cb70 : hostfxr!hostfxr_main_startupinfo+0xa0 [D:\a\_work\1\s\src\native\corehost\fxr\hostfxr.cpp @ 63] 
50 00007ff6`17d3a8b6     : 00007ff6`17d4d050 00000000`00000007 00000223`b3f1fa10 00000000`0000005a : Fux_exe!exe_start+0x7b1 [D:\a\_work\1\s\src\native\corehost\corehost.cpp @ 253] 
51 00007ff6`17d421f8     : 00000000`00000000 00000000`00000000 00000223`b3f1fa10 00000000`00000000 : Fux_exe!wmain+0x146 [D:\a\_work\1\s\src\native\corehost\corehost.cpp @ 324] 
52 (Inline Function)     : --------`-------- --------`-------- --------`-------- --------`-------- : Fux_exe!invoke_main+0x22 [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 90] 
53 00007ffb`3ca87ac4     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Fux_exe!__scrt_common_main_seh+0x10c [D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl @ 288] 
54 00007ffb`3df9a8c1     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14
55 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21

!analyze -v

*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 1468

    Key  : Analysis.Elapsed.mSec
    Value: 16587

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 1

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 2171

    Key  : Analysis.Init.Elapsed.mSec
    Value: 2077604

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 478

    Key  : CLR.Engine
    Value: CORECLR

    Key  : CLR.Version
    Value: 9.0.24.52809

    Key  : FailFast.Name
    Value: GUARD_ICALL_CHECK_FAILURE

    Key  : FailFast.Type
    Value: 10

    Key  : Failure.Bucket
    Value: FAIL_FAST_GUARD_ICALL_CHECK_FAILURE_ACTIONABLE_BlockNotBusy_c0000409_ucrtbase.dll!_free_base

    Key  : Failure.Hash
    Value: {29eee777-f4fc-7eb5-1288-02c24d8ab605}

    Key  : Timeline.OS.Boot.DeltaSec
    Value: 62987

    Key  : Timeline.Process.Start.DeltaSec
    Value: 283

    Key  : WER.OS.Branch
    Value: rs5_release

    Key  : WER.OS.Version
    Value: 10.0.17763.1

    Key  : WER.Process.Version
    Value: 1.0.0.0


FILE_IN_CAB:  xxx.exe_241114_140136.dmp

COMMENT:  
*** procdump.exe   -ma -e -t -w xxx.exe c:\dumps
*** Unhandled exception: C0000409

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

CONTEXT:  (.ecxr)
rax=00007ffb3dfd01b0 rbx=0000000000000000 rcx=000000000000000a
rdx=0000000000000000 rsi=0000000000000000 rdi=00007ffb3df40000
rip=00007ffb3dfd01bf rsp=000000d19117c018 rbp=000000d19117c590
 r8=000000d19117c780  r9=000000d19117c600 r10=00007ffb3e0af388
r11=00007ffb3df40000 r12=00007ffb3dfd027e r13=000000d19117c090
r14=000000d19117ceb8 r15=000000d19117cc70
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrpICallHandler+0xf:
00007ffb`3dfd01bf cd29            int     29h
Resetting default scope

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007ffb3dfd01bf (ntdll!LdrpICallHandler+0x000000000000000f)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 000000000000000a
Subcode: 0xa FAST_FAIL_GUARD_ICALL_CHECK_FAILURE 

PROCESS_NAME:  xxx.dll

ERROR_CODE: (NTSTATUS) 0xc0000409 - Das System hat in dieser Anwendung den  berlauf eines stapelbasierten Puffers ermittelt. Dieser  berlauf k nnte einem b sartigen Benutzer erm glichen, die Steuerung der Anwendung zu  bernehmen.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  000000000000000a

FAULTING_THREAD:  ffffffff

STACK_TEXT:  
00007ffb`3e0a2848 00007ffb`3dfdf521 ntdll!RtlpLogHeapFailure+0x45
00007ffb`3e0a2850 00007ffb`3dfeeae0 ntdll!RtlFreeHeap+0x96ca0
00007ffb`3e0a2858 00007ffb`3af4b38b ucrtbase!_free_base+0x1b
00007ffb`3e0a2860 00007ffa`a934d0e6 Microsoft_Graphics_Canvas!ABI::Microsoft::Graphics::Canvas::UI::Xaml::CanvasImageSource::`scalar deleting destructor'+0x26
00007ffb`3e0a2868 00007ffa`a934ebc1 Microsoft_Graphics_Canvas!Microsoft::WRL::Details::RuntimeClassImpl<Microsoft::WRL::RuntimeClassFlags<1>,1,1,0,ABI::Microsoft::Graphics::Canvas::UI::Xaml::ICanvasImageSource,Microsoft::WRL::FtmBase,ABI::Microsoft::Graphics::Canvas::ICanvasResourceCreator,ABI::Microsoft::Graphics::Canvas::ICanvasResourceCreatorWithDpi,Microsoft::WRL::ComposableBase<IInspectable> >::Release+0x41
00007ffb`3e0a2870 00007ffa`a71e7464 Microsoft_UI_Xaml!FxCallbacks::FrameworkCallbacks_OnParentUpdated+0xf4
00007ffb`3e0a2878 00007ffa`a6c56313 Microsoft_UI_Xaml!CDependencyObject::OnParentChange+0x133
00007ffb`3e0a2880 00007ffa`a6ca989c Microsoft_UI_Xaml!CMultiParentShareableDependencyObject::RemoveParent+0xfc
00007ffb`3e0a2888 00007ffa`a7481f02 Microsoft_UI_Xaml!CDependencyObject::ResetReferenceFromChild+0xd2
00007ffb`3e0a2890 00007ffa`a6c0a131 Microsoft_UI_Xaml!CDependencyObject::Release+0x131
00007ffb`3e0a2898 00007ffa`a751c809 Microsoft_UI_Xaml!CImageBase::CloseMedia+0x49
00007ffb`3e0a28a0 00007ffa`a751c8ea Microsoft_UI_Xaml!CImageBase::InvokeImpl+0xca
00007ffb`3e0a28a8 00007ffa`a750be5a Microsoft_UI_Xaml!CImage::InvokeImpl+0x1a
00007ffb`3e0a28b0 00007ffa`a6c5517a Microsoft_UI_Xaml!CDependencyObject::EnterImpl+0x1ea
00007ffb`3e0a28b8 00007ffa`a6c62118 Microsoft_UI_Xaml!CUIElement::EnterImpl+0x288
00007ffb`3e0a28c0 00007ffa`a6c82d68 Microsoft_UI_Xaml!CFrameworkElement::EnterImpl+0x98
00007ffb`3e0a28c8 00007ffa`a6c9bcfc Microsoft_UI_Xaml!CMediaBase::EnterImpl+0x3c
00007ffb`3e0a28d0 00007ffa`a6c54f06 Microsoft_UI_Xaml!CDependencyObject::Enter+0x3f6
00007ffb`3e0a28d8 00007ffa`a73de8c8 Microsoft_UI_Xaml!CDOCollection::ChildEnter+0xd8
00007ffb`3e0a28e0 00007ffa`a73de4f5 Microsoft_UI_Xaml!CDOCollection::EnterImpl+0xd5
00007ffb`3e0a28e8 00007ffa`a6c54f06 Microsoft_UI_Xaml!CDependencyObject::Enter+0x3f6
00007ffb`3e0a28f0 00007ffa`a6c62207 Microsoft_UI_Xaml!CUIElement::EnterImpl+0x377
00007ffb`3e0a28f8 00007ffa`a6c82d68 Microsoft_UI_Xaml!CFrameworkElement::EnterImpl+0x98
00007ffb`3e0a2900 00007ffa`a6c54f06 Microsoft_UI_Xaml!CDependencyObject::Enter+0x3f6
00007ffb`3e0a2908 00007ffa`a73de8c8 Microsoft_UI_Xaml!CDOCollection::ChildEnter+0xd8
00007ffb`3e0a2910 00007ffa`a73de4f5 Microsoft_UI_Xaml!CDOCollection::EnterImpl+0xd5
00007ffb`3e0a2918 00007ffa`a6c54f06 Microsoft_UI_Xaml!CDependencyObject::Enter+0x3f6
00007ffb`3e0a2920 00007ffa`a6c62207 Microsoft_UI_Xaml!CUIElement::EnterImpl+0x377
00007ffb`3e0a2928 00007ffa`a6c82d68 Microsoft_UI_Xaml!CFrameworkElement::EnterImpl+0x98
00007ffb`3e0a2930 00007ffa`a6c54f06 Microsoft_UI_Xaml!CDependencyObject::Enter+0x3f6
00007ffb`3e0a2938 00007ffa`a73de8c8 Microsoft_UI_Xaml!CDOCollection::ChildEnter+0xd8
00007ffb`3e0a2940 00007ffa`a73de4f5 Microsoft_UI_Xaml!CDOCollection::EnterImpl+0xd5


STACK_COMMAND:  ** Pseudo Context ** HeapPseudo ** Value: 23ddeb34240 ** ; kb

SYMBOL_NAME:  ucrtbase!_free_base+1b

MODULE_NAME: ucrtbase

IMAGE_NAME:  ucrtbase.dll

FAILURE_BUCKET_ID:  FAIL_FAST_GUARD_ICALL_CHECK_FAILURE_ACTIONABLE_BlockNotBusy_c0000409_ucrtbase.dll!_free_base

OS_VERSION:  10.0.17763.1

BUILDLAB_STR:  rs5_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

IMAGE_VERSION:  6.2.17763.6189

FAILURE_ID_HASH:  {29eee777-f4fc-7eb5-1288-02c24d8ab605}

Followup:     MachineOwner





### Steps to reproduce the bug

None. Happens random.

### Expected behavior

_No response_

### Screenshots

_No response_

### NuGet package version

WinUI 3 - Windows App SDK 1.6.3: 1.6.241114003

### Windows version

Windows 10 (1809): Build 17763

### Additional context

_No response_
@Larhei Larhei added the bug Something isn't working label Nov 22, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the needs-triage Issue needs to be triaged by the area owners label Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs-triage Issue needs to be triaged by the area owners
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Larhei