[Windows] Guard HDR callbacks against destroyed windows#118669
Closed
shaun0927 wants to merge 1 commit into
Closed
[Windows] Guard HDR callbacks against destroyed windows#118669shaun0927 wants to merge 1 commit into
shaun0927 wants to merge 1 commit into
Conversation
bruvzg
requested changes
Apr 17, 2026
Follow-up on godotengine#118339, addressing review feedback on godotengine#118669. Move the windows.has(...) guard from the internal _get_screen_hdr_data helper to the public HDR methods that own the WindowID lookup, so the check sits at the API boundary like every other public method on DisplayServerWindows. Also keep the guard on the WinRT-deferred callback _winrt_adv_color_info_cb, where the callback can fire after the window is gone. Public methods guarded: - window_is_hdr_output_supported - window_request_hdr_output - window_set_hdr_output_reference_luminance - window_set_hdr_output_max_luminance The previously proposed controller.ShutdownQueueAsync().get() change in winrt_utils.cpp was dropped: bruvzg confirmed it would deadlock, since destroy_queue runs on the main thread after the event pump has already stopped, so .get() would never return.
shaun0927
force-pushed
the
fix/winrt-hdr-callback-guards
branch
from
66dd0be to
a11adf3
Compare
Author
|
Thanks @bruvzg for the review. Pushed a follow-up that addresses both points:
The deferred callback Let me know if there are other call sites I missed. |
bruvzg
approved these changes
Apr 17, 2026
bruvzg
changed the title
Member
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #118672
Summary
Follow-up on #118339.
DisplayServerWindows::_get_screen_hdr_dataand the WinRT-deferred callback_winrt_adv_color_info_cbaccesswindows[p_window]without thewindows.has(...)guard that every other public method onDisplayServerWindowsalready uses. Becausewindows[]auto-inserts a defaultWindowDataon miss (non-const) or hits UB (const), a callback that fires after the window is gone — or a public HDR call against an already-closedWindowID— leaks an entry or crashes.Per @bruvzg's review feedback, this PR places the guard at the API boundary — the public HDR methods that own the
WindowIDlookup — rather than inside the helper, so the pattern matches the rest of the class. The deferred callback keeps its own guard since it owns the entry path coming back in from the WinRT dispatcher.Changes
platform/windows/display_server_windows.cpp:ERR_FAIL_COND(!windows.has(p_id))to_winrt_adv_color_info_cb.ERR_FAIL_COND_V(!windows.has(p_window), false)towindow_is_hdr_output_supported.ERR_FAIL_COND(!windows.has(p_window))towindow_request_hdr_output,window_set_hdr_output_reference_luminance, andwindow_set_hdr_output_max_luminance.The originally proposed
controller.ShutdownQueueAsync().get()change inwinrt_utils.cppwas dropped: @bruvzg confirmed it would deadlock sincedestroy_queueruns on the main thread after the event pump has already stopped, so.get()would never return. The token is revoked per-window indestroy_wdbefore the queue tears down, so no callback can fire across the destructor in practice.Testing
Reproduced (1) by cycling HDR on/off via Windows Settings on a secondary monitor while a second editor window is dragged onto/off that monitor and closed during the toggle. Without the guards,
windows[p_id]auto-inserts a freshWindowData(visible as a leaked entry in debug builds) and_update_hdr_output_for_windowruns against a default-initialized struct.No behaviour change outside the error paths.
Note
🤖 AI Disclosure
AI assistance (Claude) was used to scan the diff range introduced by #118339 and to draft this patch and PR description. The findings, the placement of the guards, and the rejection of the
ShutdownQueueAsync().get()approach were verified by hand against the surrounding code and against @bruvzg's review feedback before pushing.