AV when view search result

ts4242 · Post by *ts4242 » 2013-05-08, 22:34 UTC

I searched a folder for *.ico, i found about 6500 files, i feed to listbox then switch view to thumbnail, i continued scroll randomly up and down, after sometime TC became slow and creating icon thumb take a lot of time then AV popup

Code: Select all

---------------------------
Total Commander 8.01
---------------------------
Access violation at address 004027DB. Write of address 00000000.
Access violation at address 004027DB. Write of address 00000000
Windows 8 6.2 (Build 9200)

Please report this error to the Author, with a description
of what you were doing when this error occurred!

Windows exception: C0000005
Stack trace:
004027DB
5631BD  6377D2  444AD1  446A22  >423F38  445FE3
423F38  429604  42969C  6D9F34  
Raw:
55CEE7  5631BD  5631E7  445F51  423F38  446D9B
4474FA  402E4A  444AD1  446CF1  4460A5  446A22
446A45  423F38  445FE3  423F38  445F51  6377D2
446D9B  447AA1  444AD1  446C59  4460A5  402E4A
444AD1  446CF1  425C14  4460A5  446A22  423F38
445FE3  423F38  429604  42969C  429856  6D9F34

Press Ctrl+C to copy this report!
Continue execution?
---------------------------
Yes   No   
---------------------------

The message box was totally black, i was not able to see anything even the yes no buttons, i tried to switch to other app and back to TC to refresh the message box but it remains black.

While the message box is still open, I opened the task manger and found TC uses more than 250 MB and about 7000 GDI objects.

Post by *ghisler(Author) » 2013-05-09, 13:08 UTC

It seems to have happened when TC tried to show a bitmap:

Code: Select all

          sectionbmp:=CreateDIBSection(dc, bmi, DIB_RGB_COLORS, pointer(databits), nil, 0);
          move(dibits^,databits^,mx*my*4);

Apparently CreateDIBSection failed, maybe one of the icons was bad. I will analyze it.

ts4242 · Post by *ts4242 » 2013-05-11, 22:42 UTC

I searched the same folder for *.ico again, i continued scroll randomly up and down, this time no AV error, but TC became slow and act strange e.g.

Double click on an icon, a black message box say (I was not able to read it therefore i pressed Ctrl+C to get it)

Code: Select all

---------------------------
Total Commander
---------------------------
Error executing program! (8)
---------------------------
OK   
---------------------------

Note the code is 8 not 5 as usual.

Copy icon to other panel, a black dialog popup, according to its size i don't think it is the normal copy dialog, this dialog forced me to kill TC process because i couldn't close that dialog at all neither by [X] button nor ESC

There was memory leak (TC uses more than 200 MB)

Let me know if you want me to do specific test that may help you to catch that error.

Post by *ghisler(Author) » 2013-05-13, 14:00 UTC

Error 8 is ERROR_NOT_ENOUGH_MEMORY.

So apparently there is a memory leak, or probably a resource leak. Can you check in task manager how many GDI and USER handles are used by totalcmd.exe? You need to add additional columns to see them.

Since there is no known leak in TC itself, I guess that one of the icon shell extensions or icon overlay extensions has a leak.

ts4242 · Post by *ts4242 » 2013-05-13, 15:12 UTC

ghisler(Author) wrote:Can you check in task manager how many GDI and USER handles are used by totalcmd.exe?

I have reported GDI count in first post, it was about 7000 but second time it was about 5000.

MarcinW · Post by *MarcinW » 2013-06-05, 21:08 UTC

ts4242 wrote:The message box was totally black, i was not able to see anything even the yes no buttons, i tried to switch to other app and back to TC to refresh the message box but it remains black.

GDI resources have been exhausted (7000 GDI objects), so painting of the message box failed.

ghisler(Author) wrote:Apparently CreateDIBSection failed, maybe one of the icons was bad.

In our case CreateDIBSection failed, because GDI handles have been exhausted. Theoretical maximum handles count per session (= per each user logged in) is 65535. But there is also a per-process limit, which is defined in a registry key (see GDI Objects). In practice the limit is even lower than the registry key says, for my computer it is about 6200 GDI handles per process - see a test code below.

I put a lot of image files into a directory and tried to reproduce the problem. I noticed that initially Total Commander allocates GDI objects only for currently displayed thumbnails, but when I scroll down thumbnails in the panel, the number of allocated GDI objects increases. So there is a possibility of exhausting GDI handles when the panel contains a lot of thumbnails.

So two improvements can be done:
1) TCMD should free invisible buffered thumbnails (their DIB sections), if their number reaches, let's say, 2000. This will prevent exhausting the session limit for GDI handles and minimize the possibility, that other applications will fail due to lack of GDI resources.
2) TCMD should free invisible buffered thumbnails (their DIB sections) immediately, if CreateDIBSection failed. There is a possibility, that another application will use a lot of GDI handles and TCMD won't be able to allocate even 2000 GDI handles. Then TCMD should free all invisible buffered thumbnails and should try to display currently visible thumbnails again (try to call CreateDIBSection again).

However, I can't explain such a big memory usage. 32x32 icon with 24-bit color will use 32*32*3 = 3072 bytes of memory. Due to memory granularity (4096 bytes), CreateDIBSection will allocate 4096 bytes of memory for each icon. For 7000 icons, the memory usage will be 4096*7000 = 27.3 MB. So this is 10x less than in the bug report.

Testing maximum GDI handles count:

Code: Select all

program Test;

uses
  Windows, SysUtils;

var
  I : Integer;
  Count : Integer;
  BitmapInfo : TBitmapInfo;
  BitmapBits : Pointer;
  Bitmaps : array[0..1024*1024-1] of HBITMAP;
begin
  with BitmapInfo, bmiHeader do
  begin
    biSize:=SizeOf(bmiHeader);
    bmiHeader.biWidth:=32;
    bmiHeader.biHeight:=32;
    bmiHeader.biPlanes:=1;
    bmiHeader.biBitCount:=24;
    bmiHeader.biCompression:=BI_RGB;
    bmiHeader.biSizeImage:=0;
    bmiHeader.biXPelsPerMeter:=96;
    bmiHeader.biYPelsPerMeter:=96;
    bmiHeader.biClrUsed:=0;
    bmiHeader.biClrImportant:=0;
  end;
  Count:=0;
  for I:=0 to High(Bitmaps) do
  begin
    Bitmaps[I]:=CreateDIBSection(0,BitmapInfo,DIB_RGB_COLORS,BitmapBits,0,0);
    if Bitmaps[I] = 0 then
    begin
      for Count:=0 to I-1 do
        DeleteObject(Bitmaps[Count]);
      Count:=I;
      Break;
    end;
  end;
  MessageBox(0,PChar('Bitmaps successfully created: '+IntToStr(Count)),'Result',0);
end.

Regards

ts4242 · Post by *ts4242 » 2013-06-09, 18:45 UTC

I can reproduce that bug constantly.

Most of the icons are not ordinary because each icon file contains many sizes and types e.g. 32x32 16 color, 32x32 256 color 32x32 XP color, up to 256x256 XP color.

It seems that TC extracts different icon size for the same file because at first TC extracts and shows icon of size 64x64 or 96x96 then after many scroll up/down TC extracts and shows icon of size 32x32 or 16x16 for the same file previously shown as 64x64 or 96x96.

Here is a video show TC and Process Explorer before the bug occurs, you can see how memory and GDI used, at the end of the video the following Error occurred when i tried to copy icon to the other panel.

Code: Select all

---------------------------
Total Commander 8.01
---------------------------
Error reading Pinned.FlatButton: Invalid ImageList.
Error reading Pinned.FlatButton: Invalid ImageList
Windows 8 6.2 (Build 9200)

Please report this error to the Author, with a description
of what you were doing when this error occurred!

Delphi exception: EReadError
Stack trace:
75132005
4026B8  403296  403296  403296  403296  403296
403296  403296  403296  403296  403296  403296
403296  403296  403296  403296  403296  403296
403296  4DFA8E  681031  54B57E  54897C  54BCFB
642F32  444E8F  444ECB  4460A5  446A22  >423F38
445FE3  423F38  429604  42969C  6D9F34  
Raw:
40E921  4026B8  4036E7  40E921  40E921  403296
424F9A  46E912  4497F3  403213  40EAC8  4497F3
4497F3  4497F3  4026A0  402CEC  4497F3  4497F3
4495A1  44971C  4498AE  45E853  45E8AF  45EE2D
403296  45F189  45F8B6  45FE46  403296  460D9F
460F4A  40A3B0  40ED7C  403296  40EA7B  403296
403296  40F2F3  40E5DC  40F5F4  40E5BE  411187
443B8A  40E4C7  403296  40E650  403296  40E5BE
411187  443B8A  44558C  403296  40E4C7  403296
40E650  403296  40E58F  403296  411187  443B8A

Press Ctrl+C to copy this report!
Continue execution?
---------------------------
Yes   No   
---------------------------

Post by *ghisler(Author) » 2013-07-11, 13:43 UTC

The error doesn't seem to be related to drag&drop - it happens when trying to create the F5 copy dialog, apparently when trying to load the "pinned" icon of the extended options.

Where is TC located? It sounds that TC cannot access its EXE file for some unknown reason.

MarcinW · Post by *MarcinW » 2013-07-14, 18:18 UTC

ghisler(Author) wrote:Where is TC located? It sounds that TC cannot access its EXE file for some unknown reason.

Well, I have no idea what is a cause of the exception in this case. But problems with accessing EXE are almost impossible, because EXE of Total Commander is small and should be entirely cached in the RAM or in the swap file (more detailed explanation in this post).

ts4242 · Post by *ts4242 » 2013-07-14, 20:42 UTC

ghisler(Author) wrote:Where is TC located?

My TC folder is F:\Total_Commander\

ghisler(Author) wrote:It sounds that TC cannot access its EXE file for some unknown reason.

That error occurs when TC uses a lot of GDI objects and huge memory.

MarcinW · Post by *MarcinW » 2013-07-14, 21:00 UTC

This makes sense. Creating image list from EXE resource fails, so we get an error. But the error class name (EReadError) is misleading in this case: creating image list fails not because of problems with reading EXE, but because of lack of GDI resources.