Skip to content

Bump MicroCOM, add workaround for WinRT bug#20992

Open
kekekeks wants to merge 2 commits intomasterfrom
fixes/microcom-bump
Open

Bump MicroCOM, add workaround for WinRT bug#20992
kekekeks wants to merge 2 commits intomasterfrom
fixes/microcom-bump

Conversation

@kekekeks
Copy link
Member

@kekekeks kekekeks commented Mar 25, 2026

WinRT has broken reference counting for effects returned from GetSource. It will Release returned ref
and attempt to use it afterward:

Details 
QueryInterface: Avalonia.Win32.WinRT.IGraphicsEffectD2D1Interop from 000001C4C4EDD6D0 - Avalonia.Win32.WinRT.IGraphicsEffect Avalonia.Win32.WinRT.Composition.SaturationEffect
QueryInterface return: 0, 000001C4C4EDD820 - Avalonia.Win32.WinRT.IGraphicsEffectD2D1Interop Avalonia.Win32.WinRT.Composition.SaturationEffect
GetNativePointer(owned): 000001C4C4EDD8B0 - Avalonia.Win32.WinRT.IGraphicsEffectSource 
^^^ Value returned from IGraphicsEffectD2D1Interop::GetSource(0)
Avalonia.Win32.WinRT.Composition.WinUIGaussianBlurEffect
QueryInterface: Avalonia.Win32.WinRT.IGraphicsEffect from 000001C4C4EDD8B0 - Avalonia.Win32.WinRT.IGraphicsEffectSource Avalonia.Win32.WinRT.Composition.WinUIGaussianBlurEffect
QueryInterface return: 0, 000001C4C4EDD700 - Avalonia.Win32.WinRT.IGraphicsEffect 
^^^ reference first obtained here ^^^
Avalonia.Win32.WinRT.Composition.WinUIGaussianBlurEffect
QueryInterface: Avalonia.Win32.WinRT.IGraphicsEffectD2D1Interop from 000001C4C4EDD700 - Avalonia.Win32.WinRT.IGraphicsEffect Avalonia.Win32.WinRT.Composition.WinUIGaussianBlurEffect
QueryInterface return: 0, 000001C4C4EDD610 - Avalonia.Win32.WinRT.IGraphicsEffectD2D1Interop Avalonia.Win32.WinRT.Composition.WinUIGaussianBlurEffect
Release: 000001C4C4EDD610 - Avalonia.Win32.WinRT.IGraphicsEffectD2D1Interop Avalonia.Win32.WinRT.Composition.WinUIGaussianBlurEffect"
Release: 000001C4C4EDD700 - Avalonia.Win32.WinRT.IGraphicsEffect 
^^ Released here
Avalonia.Win32.WinRT.Composition.WinUIGaussianBlurEffect"
Release: 000001C4C4EDD8B0 - Avalonia.Win32.WinRT.IGraphicsEffectSource Avalonia.Win32.WinRT.Composition.WinUIGaussianBlurEffect"
Release: 000001C4C4EDD820 - Avalonia.Win32.WinRT.IGraphicsEffectD2D1Interop Avalonia.Win32.WinRT.Composition.SaturationEffect"
QueryInterface: Avalonia.Win32.WinRT.IGraphicsEffectD2D1Interop from 000001C4C4EDD6D0 - Avalonia.Win32.WinRT.IGraphicsEffect Avalonia.Win32.WinRT.Composition.SaturationEffect
QueryInterface return: 0, 000001C4C4EDD820 - Avalonia.Win32.WinRT.IGraphicsEffectD2D1Interop Avalonia.Win32.WinRT.Composition.SaturationEffect
Release: 000001C4C4EDD820 - Avalonia.Win32.WinRT.IGraphicsEffectD2D1Interop Avalonia.Win32.WinRT.Composition.SaturationEffect"
QueryInterface: Avalonia.Win32.WinRT.IGraphicsEffectD2D1Interop from 000001C4C4EDD700
^^^ Use-after-free

This usually works because the wrapper effect DOES hold a reference to the COM object, so invalid memory access succeeds. In our case MicroCOM will rightfully release native memory once the latest native reference is gone.

So we need to keep CCWs alive for the entire call as a workaround.

This PR bumps MicroCOM to 0.11.4 and adds some .props that allow referencing it directly from source.

@avaloniaui-bot
Copy link

avaloniaui-bot commented Mar 26, 2026

You can test this PR using the following package version. 12.0.999-cibuild0064085-alpha. (feed url: https://nuget-feed-all.avaloniaui.net/v3/index.json) [PRBUILDID]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kekekeks @avaloniaui-bot @MrJul