Created attachment 147671 [details] Video showing what to do in accerciser to make LibreOffice crash Version: 6.3.0.0.alpha0+ Build ID: ef8de8d202deb92a57b52f4e48a4de77cf6d8b34 CPU threads: 1; OS: Linux 4.19; UI render: default; VCL: kde5; Locale: en-GB (en_GB.UTF-8); UI-Language: en-US Calc: threaded This is specific to the qt5/kde5 VCL plugin. It's not reproducible when using e.g. the gtk3 VCL plugin. Steps to reproduce: 1) start LibreOffice Writer: 'soffice --writer' 2) start "accerciser" (Accessibility Explorer) 3) navigate the tree in accerciser as shown in attached video, e.g. do everything until including clicking the "label" item Result: LibreOffice crashes (exit value is 77). When started from command line, the following output appears there: LibreOfficeDev 6.3 - Fatal Error: Notes: * some other items in the tree work just fine * Testing was done in Debian unstable, Orca is at version 3.30.1-1. * The crash does not appear when doing the same with the gtk3 VCL plugin instead, which shows similar items for navigation in the tree in accerciser.
Hi Michael Weghorn, is this issue still reproducible in master ?
(In reply to Xisco Faulí from comment #1) > Hi Michael Weghorn, > is this issue still reproducible in master ? Yes, still reproducible with Version: 6.3.0.0.alpha0+ Build ID: fef58ec13c548fbd692adabafb0a84f50c273146 CPU threads: 2; OS: Linux 4.19; UI render: default; VCL: kde5; TinderBox: Linux-rpm_deb-x86_64@86-TDF, Branch:master, Time: 2019-01-21_04:32:52 Locale: en-US (en_DK.UTF-8); UI-Language: en-US Calc: threaded
Thanks. Moving to NEW
Tentative duplicate of bug 122056
Created attachment 151790 [details] gdb backtrace at the problematic place
Created attachment 151791 [details] Screenshot of accerciser with gtk3 and problematic offset The problem is that 'Qt5AccessibleWidget::attributes' is called with 'offset' having the same value as the length of the text for the status bar entry and that causes and IndexOutOfBoundsException (maximum index allowed is length -1). The problematic index can also be observed when e.g. using the gtk3 VCL plugin for LibreOffice and navigating to the entry in accerciser. The attached screenshot shows accerciser with offset 11 used for a text of length 11 ("Page 1 of 1"). It can be seen that no text attributes are shown and "Start" and "End" are set to random (uninitialized) values, while all of those have reasonable values when using a lower value for the offset. It'd need further investigation what exactly is allowed here. I'll upload a patch that will make qt5 also ignore invalid offsets.
Change in Gerrit: https://gerrit.libreoffice.org/73225
Michael Weghorn committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/+/93c81657c6111b4bb97a2bb9ec155465f9a6f523%5E%21 tdf#122200 Qt5AccessibleWidget: Handle special offset values It will be available in 6.4.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Fixed in master now; pending backports for 6.2 and 6.3: https://gerrit.libreoffice.org/#/c/73378/ https://gerrit.libreoffice.org/#/c/73379/
Michael Weghorn committed a patch related to this issue. It has been pushed to "libreoffice-6-2": https://git.libreoffice.org/core/+/0b904a8b3ceb648cf6466cb33f07310a3c70f793%5E%21 tdf#122200 Qt5AccessibleWidget: Handle special offset values It will be available in 6.2.5. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Weghorn committed a patch related to this issue. It has been pushed to "libreoffice-6-3": https://git.libreoffice.org/core/+/5b54a62b086726f854a474623e1330b28b7984b7%5E%21 tdf#122200 Qt5AccessibleWidget: Handle special offset values It will be available in 6.3.0.1. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.