Terminal: conhost.exe crash after ERROR_SHARING_VIOLATION exception when using dwShareFlags=0 screen buffers

Created on 16 Oct 2019 · 4Comments · Source: microsoft/terminal

Environment

Windows build number: 10.0.18362.418
Windows cmd.exe version: 10.0.18362.1
Windows conhost.exe version: 10.0.18362.1

Steps to reproduce

Build this program as C or C++ in Visual Studio, and run it manually from the command line in a cmd.exe window:

#include <stdio.h>
#include <windows.h>

int main(int argc, char** argv) {
    const HANDLE in = GetStdHandle(STD_INPUT_HANDLE);
    const HANDLE out = GetStdHandle(STD_OUTPUT_HANDLE);
    const HANDLE csb = CreateConsoleScreenBuffer(GENERIC_READ | GENERIC_WRITE, 0, NULL, CONSOLE_TEXTMODE_BUFFER, NULL);
    const BOOL success = SetConsoleActiveScreenBuffer(csb);
    char buffer[1];
    DWORD dwRead = 0;
    ReadFile(in, buffer, sizeof(buffer), &dwRead, NULL); // Fails with GetLastError() == ERROR_SHARING_VIOLATION (makes sense)
    const BOOL success2 = SetConsoleActiveScreenBuffer(out);
    return 0;
}

Expected behavior (as on Windows 7)

The program quickly exits (edit: after hitting enter!) and returns the user to the command prompt.

Actual behavior (Windows 10)

The program exits, conhost.exe throws an exception and then crashes, causing the terminal window to close. An adplus log for conhost.exe is attached, but some excerpts:

ADPlus_log_34e8_2019-10-15_17-25-27-407.log

Initial choking on ERROR_SHARING_VIOLATION

...
0:003> g
onecore\windows\core\console\open\src\server\objectheader.cpp(58)\conhost.exe!00007FF6EAD2B3F3: (caller: 00007FF6EAD5C77C) ReturnHr(1) tid(3300) 80070020 The process cannot access the file because it is being used by another process.
onecore\windows\core\console\open\src\host\readdatacooked.cpp(81)\conhost.exe!00007FF6EAD5C798: (caller: 00007FF6EAD515F1) Exception(1) tid(3300) 80070020 The process cannot access the file because it is being used by another process.

(20b4.3300): C++ EH exception - code e06d7363 (first chance)
FirstChance_eh_CPlusPlusEH
...
Call stack below ---
 # ... : Call Site
00 ... : KERNELBASE!RaiseException+0x69
01 ... : ucrtbase!CxxThrowException+0xad
02 ... : conhost!wil::details::ThrowResultExceptionInternal+0x55
03 ... : conhost!wil::details::ReportFailure+0x220f8
04 ... : conhost!wil::details::ReportFailure_Hr+0x44
05 ... : conhost!wil::details::in1diag3::Throw_Hr+0x26
06 ... : conhost!COOKED_READ_DATA::COOKED_READ_DATA+0x154
07 ... : conhost!std::make_unique<COOKED_READ_DATA,InputBuffer * __ptr64,INPUT_READ_HANDLE_DATA * __ptr64,SCREEN_INFORMATION & __ptr64,__int64,unsigned short * __ptr64,unsigned long const & __ptr64,CommandHistory * __ptr64 const & __ptr64,std::basic_string_view<unsigned short,std::char_traits<unsigned short> > const & __ptr64,0>+0xad
08 ... : conhost!_ReadLineInput+0x101
09 ... : conhost!DoReadConsole+0x14a
0a ... : conhost!ApiRoutines::ReadConsoleAImpl+0x9a
0b ... : conhost!ApiDispatchers::ServerReadConsole+0x3f7
0c ... : conhost!ConsoleIoThread+0x20c9f
0d ... : KERNEL32!BaseThreadInitThunk+0x14
0e ... : ntdll!RtlUserThreadStart+0x21

(20b4.3300): C++ EH exception - code e06d7363 (first chance)
FirstChance_eh_CPlusPlusEH
...
Call stack below ---
 # ... : Call Site
00 ... : KERNELBASE!RaiseException+0x69
01 ... : ucrtbase!CxxThrowException+0xad
02 ... : conhost!wil::details::ResultFromCaughtExceptionInternal+0x6c
03 ... : conhost!wil::details::ReportFailure_CaughtExceptionCommon+0x63
04 ... : conhost!wil::details::ReportFailure_CaughtException+0x4d
05 ... : conhost!wil::details::in1diag3::Return_CaughtException+0x1b
06 ... : conhost!`_ReadLineInput'::`1'::catch$59+0x25
07 ... : ucrtbase!CallSettingFrame+0x20
08 ... : ucrtbase!__FrameHandler3::CxxCallCatchBlock+0xe8
09 ... : ntdll!RcConsolidateFrames+0x6 (TrapFrame @ 00000076`7497bea8)
0a ... : conhost!_ReadLineInput+0x101
0b ... : conhost!DoReadConsole+0x14a
0c ... : conhost!ApiRoutines::ReadConsoleAImpl+0x9a
0d ... : conhost!ApiDispatchers::ServerReadConsole+0x3f7
0e ... : conhost!ConsoleIoThread+0x20c9f
0f ... : KERNEL32!BaseThreadInitThunk+0x14
10 ... : ntdll!RtlUserThreadStart+0x21

onecore\windows\core\console\open\src\host\stream.cpp(524)\conhost.exe!00007FF6EAD528B2: (caller: 00007FF6EAD519EE) ReturnHr(2) tid(3300) 80070020 The process cannot access the file because it is being used by another process.
onecore\windows\core\console\open\src\host\readdatacooked.cpp(81)\conhost.exe!00007FF6EAD5C798: (caller: 00007FF6EAD515F1) Exception(1) tid(3300) 80070020 The process cannot access the file because it is being used by another process.

Access violation on cleanup

(20b4.3300): Access violation - code c0000005 (first chance)
FirstChance_av_AccessViolation
...
Call stack below ---
 # ... : Call Site
00 ... : conhost!ConsoleObjectHeader::FreeIoHandle+0x4
01 ... : conhost!ConsoleHandleData::_CloseOutputHandle+0x2c
02 ... : conhost!IoDispatchers::ConsoleCloseObject+0x48
03 ... : conhost!ConsoleIoThread+0x248
04 ... : KERNEL32!BaseThreadInitThunk+0x14
05 ... : ntdll!RtlUserThreadStart+0x21
Creating C:\dumps\20191015_172527_Crash_Mode\MINIDUMP_FirstChance_av_AccessViolation_conhost.exe__34e8_2019-10-15_17-25-40-330_20b4.dmp - mini user dump
Dump successfully written

(20b4.3300): Access violation - code c0000005 (!!! second chance !!!)
SecondChance_av_AccessViolation
...
Call stack below ---
 # ... : Call Site
00 ... : conhost!ConsoleObjectHeader::FreeIoHandle+0x4
01 ... : conhost!ConsoleHandleData::_CloseOutputHandle+0x2c
02 ... : conhost!IoDispatchers::ConsoleCloseObject+0x48
03 ... : conhost!ConsoleIoThread+0x248
04 ... : KERNEL32!BaseThreadInitThunk+0x14
05 ... : ntdll!RtlUserThreadStart+0x21
Creating C:\dumps\20191015_172527_Crash_Mode\FULLDUMP_SecondChance_av_AccessViolation_conhost.exe__34e8_2019-10-15_17-25-40-396_20b4.dmp - mini user dump
Dump successfully written

Workarounds

Pass FILE_SHARE_READ | FILE_SHARE_WRITE to CreateConsoleScreenBuffer's second parameter, despite the docs stating that "This parameter can be zero".
Don't read stdin while an unshared screen buffer is active
Use Windows 7