We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 4394

Summary:	[REGRESSION] Crash in SDL_PumpEvents() after SDL_DestroyWindow()
Product:	SDL	Reporter:	Cameron Gutman <cameron.gutman>
Component:	video	Assignee:	Sam Lantinga <slouken>
Status:	RESOLVED FIXED	QA Contact:	Sam Lantinga <slouken>
Severity:	critical
Priority:	P2	CC:	jeroen.clarysse, sezeroz
Version:	2.0.9
Hardware:	x86
OS:	macOS 10.13

Description Cameron Gutman 2018-11-20 04:45:12 UTC

After updating to SDL 2.0.9, I got a user report that my app was crashing when closing a SDL_WINDOW_FULLSCREEN window to return to my Qt-based UI. It looks like the dead SDL window is getting a spurious updateLayer call which is causing SDL to dereference a null SDL_WindowData pointer.

For some reason, this only happens when using SDL_WINDOW_FULLSCREEN and not windowed or SDL_WINDOW_FULLSCREEN_DESKTOP. I was also unsuccessful in my attempt to get a simple reproducer for this crash. The Session.cpp code is available https://github.com/moonlight-stream/moonlight-qt/blob/688c4a90d994aa23e7b0af3ffcbb8707886db780/app/streaming/session.cpp but I slightly modified it (adding a SDL_PumpEvents() call at 1179 to immediately trigger the issue, otherwise it happened when Qt next pumped the event loop).

The crashing line is:

    NSMutableArray *contexts = data->nscontexts;

The following is a symbolicated crash using the latest HG code available (144400e4630d885d2eb0761b7174433b4c0d90bb).

Process:               Moonlight [47354]
Path:                  /Users/USER/*/Moonlight.app/Contents/MacOS/Moonlight
Identifier:            Moonlight
Version:               0
Code Type:             X86-64 (Native)
Parent Process:        Qt Creator [46471]
Responsible:           Moonlight [47354]
User ID:               501

Date/Time:             2018-11-19 20:34:50.175 -0800
OS Version:            Mac OS X 10.14.1 (18B75)
Report Version:        12
Anonymous UUID:        9CDFA65F-02F8-9ED1-4583-E823280598DA


Time Awake Since Boot: 80000 seconds

System Integrity Protection: disabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000010
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [47354]

VM Regions Near 0x10:
--> 
    __TEXT                 0000000103d62000-0000000104011000 [ 2748K] r-x/rwx SM=COW  /Users/USER/*/Moonlight.app/Contents/MacOS/Moonlight

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libSDL2-2.0.0.dylib           	0x00000001046a7c30 ScheduleContextUpdates + 64 (SDL_cocoawindow.m:228)
1   libSDL2-2.0.0.dylib           	0x00000001046a98ea -[SDLView updateLayer] + 90 (SDL_cocoawindow.m:1190)
2   com.apple.AppKit              	0x00007fff4a5056c7 _NSViewUpdateLayer + 45
3   com.apple.AppKit              	0x00007fff4a5050e7 -[_NSViewBackingLayer display] + 505
4   com.apple.QuartzCore          	0x00007fff57e5d1a4 CA::Layer::display_if_needed(CA::Transaction*) + 634
5   com.apple.QuartzCore          	0x00007fff57e4b42f CA::Context::commit_transaction(CA::Transaction*) + 319
6   com.apple.QuartzCore          	0x00007fff57e4ad00 CA::Transaction::commit() + 576
7   com.apple.AppKit              	0x00007fff4a4fbe41 __65+[CATransaction(NSCATransaction) NS_setFlushesWithDisplayRefresh]_block_invoke + 274
8   com.apple.CoreFoundation      	0x00007fff4cf016ad __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 23
9   com.apple.CoreFoundation      	0x00007fff4cf015e2 __CFRunLoopDoObservers + 452
10  com.apple.CoreFoundation      	0x00007fff4cea3109 __CFRunLoopRun + 1166
11  com.apple.CoreFoundation      	0x00007fff4cea2a28 CFRunLoopRunSpecific + 463
12  com.apple.HIToolbox           	0x00007fff4c13bb35 RunCurrentEventLoopInMode + 293
13  com.apple.HIToolbox           	0x00007fff4c13b774 ReceiveNextEventCommon + 371
14  com.apple.HIToolbox           	0x00007fff4c13b5e8 _BlockUntilNextEventMatchingListInModeWithFilter + 64
15  com.apple.AppKit              	0x00007fff4a3f7eb7 _DPSNextEvent + 997
16  com.apple.AppKit              	0x00007fff4a3f6c56 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 1362
17  libSDL2-2.0.0.dylib           	0x00000001046a181a Cocoa_PumpEvents + 138 (SDL_cocoaevents.m:438)
18  libSDL2-2.0.0.dylib           	0x00000001045f33a7 SDL_PumpEvents_REAL + 23 (SDL_events.c:657)
19  Moonlight                     	0x0000000103dbb847 Session::exec(int, int) + 6087 (session.cpp:1179)

Comment 1 Sam Lantinga 2018-11-20 05:32:35 UTC

*** Bug 4386 has been marked as a duplicate of this bug. ***

Comment 2 Sam Lantinga 2018-11-20 05:36:18 UTC

Thanks for the report, this should be fixed:
https://hg.libsdl.org/SDL/rev/6b3a68e3dd06

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 4394

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.