1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
|
Description: a11y atspi: add null checks in table iface methods
Add null checks to cover the cases where QAccessibleTableInterface::cellAt
returns nullptr (which happens e.g. when called with invalid indices via
AT-SPI) or where the cell object doesn't implement the
QAccessibleTableCellInterface, which would previously result in crashes.
.
Cherry-picked into 5.15 as it fixes a crash in popular accessibility client
software. Conflict resolution: remove C++17'isms (`if` with initializer).
Origin: upstream, https://invent.kde.org/qt/qt/qtbase/-/commit/076da096464a5d3f
Last-Update: 2025-03-24
Bug: https://bugs.debian.org/1081682
--- a/src/platformsupport/linuxaccessibility/atspiadaptor.cpp
+++ b/src/platformsupport/linuxaccessibility/atspiadaptor.cpp
@@ -2393,13 +2393,14 @@ bool AtSpiAdaptor::tableInterface(QAcces
if (cols > 0) {
row = index / cols;
col = index % cols;
- QAccessibleTableCellInterface *cell = interface->tableInterface()->cellAt(row, col)->tableCellInterface();
- if (cell) {
- row = cell->rowIndex();
- col = cell->columnIndex();
- rowExtents = cell->rowExtent();
- colExtents = cell->columnExtent();
- isSelected = cell->isSelected();
+ QAccessibleInterface *cell = interface->tableInterface()->cellAt(row, col);
+ QAccessibleTableCellInterface *cellIface = cell ? cell->tableCellInterface() : nullptr;
+ if (cellIface) {
+ row = cellIface->rowIndex();
+ col = cellIface->columnIndex();
+ rowExtents = cellIface->rowExtent();
+ colExtents = cellIface->columnExtent();
+ isSelected = cellIface->isSelected();
success = true;
}
}
@@ -2410,12 +2411,22 @@ bool AtSpiAdaptor::tableInterface(QAcces
} else if (function == QLatin1String("GetColumnExtentAt")) {
int row = message.arguments().at(0).toInt();
int column = message.arguments().at(1).toInt();
- connection.send(message.createReply(interface->tableInterface()->cellAt(row, column)->tableCellInterface()->columnExtent()));
+ int columnExtent = 0;
+ QAccessibleInterface *cell = interface->tableInterface()->cellAt(row, column);
+ QAccessibleTableCellInterface *cellIface = cell ? cell->tableCellInterface() : nullptr;
+ if (cellIface)
+ columnExtent = cellIface->columnExtent();
+ connection.send(message.createReply(columnExtent));
} else if (function == QLatin1String("GetRowExtentAt")) {
int row = message.arguments().at(0).toInt();
int column = message.arguments().at(1).toInt();
- connection.send(message.createReply(interface->tableInterface()->cellAt(row, column)->tableCellInterface()->rowExtent()));
+ int rowExtent = 0;
+ QAccessibleInterface *cell = interface->tableInterface()->cellAt(row, column);
+ QAccessibleTableCellInterface *cellIface = cell ? cell->tableCellInterface() : nullptr;
+ if (cellIface)
+ rowExtent = cellIface->rowExtent();
+ connection.send(message.createReply(rowExtent));
} else if (function == QLatin1String("GetColumnHeader")) {
int column = message.arguments().at(0).toInt();
@@ -2455,8 +2466,12 @@ bool AtSpiAdaptor::tableInterface(QAcces
} else if (function == QLatin1String("IsSelected")) {
int row = message.arguments().at(0).toInt();
int column = message.arguments().at(1).toInt();
- QAccessibleTableCellInterface* cell = interface->tableInterface()->cellAt(row, column)->tableCellInterface();
- connection.send(message.createReply(cell->isSelected()));
+ bool isSelected = false;
+ QAccessibleInterface *cell = interface->tableInterface()->cellAt(row, column);
+ QAccessibleTableCellInterface *cellIface = cell ? cell->tableCellInterface() : nullptr;
+ if (cellIface)
+ isSelected = cellIface->isSelected();
+ connection.send(message.createReply(isSelected));
} else if (function == QLatin1String("AddColumnSelection")) {
int column = message.arguments().at(0).toInt();
connection.send(message.createReply(interface->tableInterface()->selectColumn(column)));
|