Access violation in x64 builds of latest Notepad++ release

[rdipardo]

In the 8.3 release of Notepad++, the type of Scintilla's Sci_PositionCR message changed from long to intptr_t. As a result, 64-bit plugins using the NppPlugin.NET interface are prone to access violations when calling into the SCI_GETTEXTRANGE API.

After seeing this analysis of recent crashes involving the CsvQuery and DSpellCheck plugins, I was able to reproduce with CS-Script (1.7.26) — which, like CsvQuery, is compiled with NppPlugin.NET (0.93.96). The event log recorded a stack trace with ScintillaGateway.GetTextRange near the top:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name=".NET Runtime" />
    <EventID Qualifiers="0">1026</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2022-02-06T20:37:13.4781435Z" />
    <EventRecordID>20975</EventRecordID>
    <Correlation />
    <Execution ProcessID="9132" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>AcerNotebook</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Application: notepad++.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0000005, exception address 00007FF6BE92EFFF
    Stack:
    at Kbg.NppPluginNET.PluginInfrastructure.Win32.SendMessage(IntPtr, UInt32, IntPtr, IntPtr)
    at Kbg.NppPluginNET.PluginInfrastructure.Win32.SendMessage(IntPtr, UInt32, IntPtr, IntPtr)
    at Kbg.NppPluginNET.PluginInfrastructure.ScintillaGateway.GetTextRange(Kbg.NppPluginNET.PluginInfrastructure.TextRange)
    at CSScriptIntellisense.NppExtensions.GetTextBetween(Kbg.NppPluginNET.PluginInfrastructure.ScintillaGateway, Int32, Int32)
    at CSScriptNpp.CodeMapPanel.RefreshContent()
    at CSScriptNpp.Plugin.OnCurrentFileChanged()
    at CSScriptNpp.UnmanagedExports.beNotified(IntPtr)
    at Kbg.NppPluginNET.UnmanagedExports.beNotified(IntPtr)
    at Kbg.NppPluginNET.PluginInfrastructure.Win32.SendMessage(IntPtr, UInt32, IntPtr, System.String)
    at Kbg.NppPluginNET.PluginInfrastructure.Win32.SendMessage(IntPtr, UInt32, IntPtr, System.String)
    at CSScriptNpp.ProjectPanel.newBtn_Click(System.Object, System.EventArgs)
    at System.Windows.Forms.ToolStripItem.RaiseEvent(System.Object, System.EventArgs)
    at System.Windows.Forms.ToolStripButton.OnClick(System.EventArgs)
    at System.Windows.Forms.ToolStripItem.HandleClick(System.EventArgs)
    at System.Windows.Forms.ToolStripItem.HandleMouseUp(System.Windows.Forms.MouseEventArgs)
    at System.Windows.Forms.ToolStrip.OnMouseUp(System.Windows.Forms.MouseEventArgs)
    at System.Windows.Forms.Control.WmMouseUp(System.Windows.Forms.Message ByRef, System.Windows.Forms.MouseButtons, Int32)
    at System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
    at System.Windows.Forms.ToolStrip.WndProc(System.Windows.Forms.Message ByRef)
    at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)</Data>
  </EventData>
</Event>

For reference, both the CharacterRange and TextRange interface wrapper types have constructors taking ints:

  [StructLayout(LayoutKind.Sequential)]
  public struct CharacterRange
  {
      public CharacterRange(int cpmin, int cpmax) { cpMin = cpmin; cpMax = cpmax; }
      public int cpMin;
      public int cpMax;
  }

  public TextRange(CharacterRange chrRange, int stringCapacity)
  {
      _sciTextRange.chrg = chrRange;
      _sciTextRange.lpstrText = Marshal.AllocHGlobal(stringCapacity);
  }
  public TextRange(int cpmin, int cpmax, int stringCapacity)
  {
      _sciTextRange.chrg.cpMin = cpmin;
      _sciTextRange.chrg.cpMax = cpmax;
      _sciTextRange.lpstrText = Marshal.AllocHGlobal(stringCapacity);
  }

Related to:

• ScNotification.TextPointer points to nothing in 64bit #68
• Possible data corruption(Plugin Failure) in x64 environment due to usage of int where intptr_t should have been used #74
• [x64 fix]: Scintilla structures required correction for x64 #75

See also:

• Latest Notepad++ 8.2.2 dev builds crash jokedst/CsvQuery#33
• crash when use the develop npp++ from 29.01.2020 Predelnik/DSpellCheck#280
• install Plugin DSpellCheck generates a crash notepad-plus-plus/notepad-plus-plus#11104 (comment)
• https://community.notepad-plus-plus.org/topic/22471/recompile-your-x64-plugins-with-new-header

[Fruchtzwerg94]

See: #91

[mahee96]

will be taken care by validating Scintilla iface definitions with the API generated here for compatibility issues in next release plan.

Closing the issue.