Fix FileSystemWatcher state cleanup on dispose/finalization on Windows #116830
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When the FSW is disposed or finalized while it's in use, on Windows the implementation disposes of the directory handle as a mechanism to stop the monitoring. If by that point the state object's weak reference to the FSW has been cleared out (which it always will have been in the case of finalization), the state object's relevant members are not disposed, leaking several objects. This fixes that to ensure the state is cleaned up, by cleaning it up when the callback is unable to get the FSW instance. This also addresses concerns over long-pinned managed buffers by switching to using a native buffer. Today the buffer is allocated and then immediately pinned, due to being passed immediately to the OS via a P/Invoke, and all writes to that buffer happen in unmanaged code. All reading also is already happening via a bounds-checked span. So instead of allocating and pinning a managed array, just allocate a native buffer, wrapped in a SafeHandle.
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a resource leak in FileSystemWatcher on Windows by ensuring proper cleanup of the state object during dispose/finalization and by switching from a managed buffer (which is immediately pinned) to a native buffer wrapped in a SafeHandle. Key changes include:
- Removal of managed array buffer allocation in the Windows implementation.
- Introduction of native buffer allocation via SafeNativeMemoryHandle along with appropriate disposal in AsyncReadState.
- Updates to the interop signature and Linux implementation to maintain consistency.
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/libraries/System.IO.FileSystem.Watcher/src/System/IO/FileSystemWatcher.cs | Removed the old AllocateBuffer method that used a managed byte array. |
| src/libraries/System.IO.FileSystem.Watcher/src/System/IO/FileSystemWatcher.Win32.cs | Changed buffer allocation to use SafeNativeMemoryHandle, updated resource disposal in the overlapped callback, and ensured state cleanup if the watcher has been garbage collected. |
| src/libraries/System.IO.FileSystem.Watcher/src/System/IO/FileSystemWatcher.Linux.cs | Added a managed AllocateBuffer method for the Linux implementation. |
| src/libraries/Common/src/Interop/Windows/Kernel32/Interop.ReadDirectoryChangesW.cs | Modified the interop definition to accept a SafeBuffer rather than a byte array. |
This was referenced Jun 19, 2025
jkotas
reviewed
Jun 20, 2025
src/libraries/System.IO.FileSystem.Watcher/src/System/IO/FileSystemWatcher.Win32.cs
Outdated
Show resolved
Hide resolved
jkotas
reviewed
Jun 20, 2025
src/libraries/System.IO.FileSystem.Watcher/src/System/IO/FileSystemWatcher.Win32.cs
Show resolved
Hide resolved
This was referenced Jun 20, 2025
jkotas
reviewed
Jun 21, 2025
src/libraries/System.IO.FileSystem.Watcher/src/System/IO/FileSystemWatcher.Win32.cs
Outdated
Show resolved
Hide resolved
jkotas
reviewed
Jun 21, 2025
src/libraries/System.IO.FileSystem.Watcher/src/System/IO/FileSystemWatcher.Win32.cs
Outdated
Show resolved
Hide resolved
jkotas
reviewed
Jun 21, 2025
src/libraries/System.IO.FileSystem.Watcher/src/System/IO/FileSystemWatcher.Win32.cs
Show resolved
Hide resolved
jkotas
reviewed
Jun 21, 2025
src/libraries/System.IO.FileSystem.Watcher/src/System/IO/FileSystemWatcher.Win32.cs
Outdated
Show resolved
Hide resolved
jkotas
approved these changes
Jun 21, 2025
|
will it fix #86146? |
It should, yes, at least in terms of the resources getting cleaned up eventually by finalization. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When the FSW is disposed or finalized while it's in use, on Windows the implementation disposes of the directory handle as a mechanism to stop the monitoring. If by that point the state object's weak reference to the FSW has been cleared out (which it always will have been in the case of finalization), the state object's relevant members are not disposed, leaking several objects. This fixes that to ensure the state is cleaned up, by cleaning it up when the callback is unable to get the FSW instance.
This also addresses concerns over long-pinned managed buffers by switching to using a native buffer. Today the buffer is allocated and then immediately pinned, due to being passed immediately to the OS via a P/Invoke, and all writes to that buffer happen in unmanaged code. All reading also is already happening via a bounds-checked span. So instead of allocating and pinning a managed array, just allocate a native buffer, wrapped in a SafeHandle.
Fixes #86146
Fixes #116614
Fixes #116768