vcl/source/treelist/svtabbx.cxx | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
New commits:
commit e59c026c561da4ae0b9bd1a33fcee3fbc724dece
Author: Michael Weghorn <m.wegh...@posteo.de>
AuthorDate: Thu Aug 17 17:25:47 2023 +0200
Commit: Michael Weghorn <m.wegh...@posteo.de>
CommitDate: Fri Aug 18 06:06:07 2023 +0200
vcl a11y: Fix nullptr deref in SvHeaderTabListBox::calcHeaderRect
While working on tdf#156561 and tdf#141101, I experienced
a crash with the below backtrace on Windows at some point.
Potentially a regression from:
commit 0e8b7dd7a013dffe080148baac926a698f36ad85
Date: Wed Jul 19 15:19:28 2023 +0200
split GetWindowExtentsRelative asunder
Use the `GetWindowExtentsAbsolute` variant when
screen coordinates are wanted, as is done elsewhere
since the above commit.
Backtrace:
1
std::unique_ptr<WindowImpl,std::default_delete<WindowImpl>>::operator-> memory
3295 0x7fffa807a02a
2 vcl::Window::GetWindowExtentsRelative
window.cxx 2953 0x7fffa82b7132
3 SvHeaderTabListBox::calcHeaderRect
svtabbx.cxx 771 0x7fffa850a1a6
4
accessibility::AccessibleBrowseBoxHeaderBar::implGetBoundingBoxOnScreen
AccessibleBrowseBoxHeaderBar.cxx 311 0x7fffa41b2728
5 accessibility::AccessibleBrowseBoxBase::getBoundingBoxOnScreen
AccessibleBrowseBoxBase.cxx 408 0x7fffa41ada97
6 accessibility::AccessibleBrowseBoxBase::getLocationOnScreen
AccessibleBrowseBoxBase.cxx 228 0x7fffa41ae134
7 CMAccessible::accHitTest
MAccessible.cxx 988 0x7fffbf8d7fad
8 NdrSendReceive
RPCRT4 0x7ff81155b4b3
9 NdrSendReceive
RPCRT4 0x7ff81155a282
10 NdrStubCall2
RPCRT4 0x7ff8114fe1ca
11 NdrStubCall3
RPCRT4 0x7ff8114fd494
12 CStdStubBuffer_Invoke
combase 0x7ff812295f1c
13 CStdStubBuffer_Invoke
RPCRT4 0x7ff81153a74b
14 CoWaitForMultipleHandles
combase 0x7ff81226bad3
15 CoWaitForMultipleHandles
combase 0x7ff81226b85e
16 HSTRING_UserSize
combase 0x7ff81229aaa6
17 RoGetActivatableClassRegistration
combase 0x7ff812211283
18 CoWaitForMultipleHandles
combase 0x7ff812269d7d
19 SetErrorInfo
combase 0x7ff812205036
20 CoMarshalInterface
combase 0x7ff8122635fa
21 CallWindowProcW
USER32 0x7ff8126be858
22 DispatchMessageW
USER32 0x7ff8126be299
23 ImplSalDispatchMessage
salinst.cxx 474 0x7fffa48301d8
24 ImplSalYield
salinst.cxx 551 0x7fffa48308fd
25 WinSalInstance::DoYield
salinst.cxx 580 0x7fffa482fe01
26 ImplYield
svapp.cxx 352 0x7fffa891790d
27 Application::Yield
svapp.cxx 437 0x7fffa891b862
28 Application::Execute
svapp.cxx 330 0x7fffa8914c4a
29 desktop::Desktop::Main
app.cxx 1601 0x7fffc71696b2
30 ImplSVMain
svmain.cxx 204 0x7fffa892d08c
31 SVMain
svmain.cxx 237 0x7fffa892d8f2
32 soffice_main
sofficemain.cxx 94 0x7fffc71b81f2
33 sal_main
main.c 51 0x7ff6b4f91013
34 main
main.c 49 0x7ff6b4f9105a
35 invoke_main
exe_common.inl 79 0x7ff6b4f91459
36 __scrt_common_main_seh
exe_common.inl 288 0x7ff6b4f9137e
37 __scrt_common_main
exe_common.inl 331 0x7ff6b4f9123e
38 mainCRTStartup
exe_main.cpp 17 0x7ff6b4f914ce
39 BaseThreadInitThunk
KERNEL32 0x7ff810cd7614
40 RtlUserThreadStart
ntdll 0x7ff8128e26b1
Change-Id: I43c2a19e6ec2ccda11114251883e41b47f74929c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/155807
Tested-by: Jenkins
Reviewed-by: Michael Weghorn <m.wegh...@posteo.de>
diff --git a/vcl/source/treelist/svtabbx.cxx b/vcl/source/treelist/svtabbx.cxx
index 7458a67fd9f5..ca668d45ddb0 100644
--- a/vcl/source/treelist/svtabbx.cxx
+++ b/vcl/source/treelist/svtabbx.cxx
@@ -765,10 +765,14 @@ tools::Rectangle SvHeaderTabListBox::calcHeaderRect( bool
_bIsColumnBar, bool _b
if ( _bIsColumnBar )
{
vcl::Window* pParent = nullptr;
- if ( !_bOnScreen )
+ if (_bOnScreen)
+ aRect =
tools::Rectangle(m_pImpl->m_pHeaderBar->GetWindowExtentsAbsolute());
+ else
+ {
pParent = m_pImpl->m_pHeaderBar->GetAccessibleParentWindow();
-
- aRect = m_pImpl->m_pHeaderBar->GetWindowExtentsRelative( *pParent );
+ assert(pParent);
+ aRect = m_pImpl->m_pHeaderBar->GetWindowExtentsRelative(*pParent );
+ }
}
return aRect;
}
