external/icu/ExternalProject_icu.mk | 3 +- external/nss/ExternalProject_nss.mk | 3 +- setup_native/Library_inst_msu_msi.mk | 4 ++- setup_native/Library_instooofiltmsi.mk | 4 ++- setup_native/Library_qslnkmsi.mk | 4 ++- setup_native/Library_reg4allmsdoc.mk | 4 ++- setup_native/Library_reg_dlls.mk | 4 ++- setup_native/Library_regactivex.mk | 4 ++- setup_native/Library_sdqsmsi.mk | 4 ++- setup_native/Library_sellangmsi.mk | 4 ++- setup_native/Library_shlxtmsi.mk | 4 ++- setup_native/Library_sn_tools.mk | 4 ++- setup_native/StaticLibrary_quickstarter.mk | 4 ++- setup_native/StaticLibrary_seterror.mk | 4 ++- winaccessibility/source/UAccCOM/MAccessible.cxx | 28 ++++++++++++++++++------ 15 files changed, 62 insertions(+), 20 deletions(-)
New commits: commit 98b92b339fa3c28319f3f6cec94abb04229f487a Author: Michael Stahl <[email protected]> AuthorDate: Thu Nov 27 17:32:22 2025 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Thu Nov 27 17:34:26 2025 +0100 gbuild: -fsanitize=address MSVC build setup_native assorted DLLs must have ASAN disabled. ICU build doesn't work, so disable ASAN for that. This built with MSVC 2022 and: CC=...cl.exe -fsanitize=address CXX=...cl.exe -fsanitize=address --disable-firebird-sdbc --disable-skia --disable-pdfium Change-Id: I296241e43b68579fdd9b6af9c98a5b541c8ae89a diff --git a/external/icu/ExternalProject_icu.mk b/external/icu/ExternalProject_icu.mk index 5388eee58983..dcba30a1b0f5 100644 --- a/external/icu/ExternalProject_icu.mk +++ b/external/icu/ExternalProject_icu.mk @@ -21,7 +21,8 @@ $(call gb_ExternalProject_get_state_target,icu,build) : $(call gb_Trace_StartRange,icu,EXTERNAL) $(call gb_ExternalProject_run,build,\ autoconf -f \ - && export LIB="$(ILIB)" PYTHONWARNINGS="default" \ + && export CC="$(filter-out -fsanitize%,$(CC))" CXX="$(filter-out -fsanitize%,$(CXX))" \ + LIB="$(ILIB)" PYTHONWARNINGS="default" \ gb_ICU_XFLAGS="-FS $(SOLARINC) $(gb_DEBUGINFO_FLAGS) $(if $(MSVC_USE_DEBUG_RUNTIME),-MDd,-MD -Gy)" \ && CFLAGS="$${gb_ICU_XFLAGS}" CPPFLAGS="$(SOLARINC)" CXXFLAGS="$${gb_ICU_XFLAGS}" \ INSTALL=`cygpath -m /usr/bin/install` $(if $(MSVC_USE_DEBUG_RUNTIME),LDFLAGS="-DEBUG") \ diff --git a/external/nss/ExternalProject_nss.mk b/external/nss/ExternalProject_nss.mk index b603061ca9a0..0a27b10801a7 100644 --- a/external/nss/ExternalProject_nss.mk +++ b/external/nss/ExternalProject_nss.mk @@ -43,7 +43,8 @@ $(call gb_ExternalProject_get_state_target,nss,build): \ $(MAKE) nss_build_all RC="rc.exe $(SOLARINC)" \ NSINSTALL='$(call gb_ExternalExecutable_get_command,python) $(SRCDIR)/external/nss/nsinstall.py' \ NSS_DISABLE_GTESTS=1 \ - CCC="$(CXX)" \ + CC="$(patsubst %,\"%\",$(CC))" \ + CXX="$(patsubst %,\"%\",$(CXX))" \ ,nss) $(call gb_Trace_EndRange,nss,EXTERNAL) diff --git a/setup_native/Library_inst_msu_msi.mk b/setup_native/Library_inst_msu_msi.mk index 1a6646f2fa30..85575a13c122 100644 --- a/setup_native/Library_inst_msu_msi.mk +++ b/setup_native/Library_inst_msu_msi.mk @@ -15,7 +15,6 @@ $(eval $(call gb_Library_add_defs,inst_msu_msi,\ $(eval $(call gb_Library_add_cxxflags,inst_msu_msi,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_Library_add_ldflags,inst_msu_msi,\ @@ -38,4 +37,7 @@ $(eval $(call gb_Library_use_system_win32_libs,inst_msu_msi,\ Msi \ )) +$(call gb_Library_get_linktarget_target,inst_msu_msi): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_Library_get_linktarget_target,inst_msu_msi): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/Library_instooofiltmsi.mk b/setup_native/Library_instooofiltmsi.mk index 785fda3f35e6..9238a8c5a800 100644 --- a/setup_native/Library_instooofiltmsi.mk +++ b/setup_native/Library_instooofiltmsi.mk @@ -15,7 +15,6 @@ $(eval $(call gb_Library_add_defs,instooofiltmsi,\ $(eval $(call gb_Library_add_cxxflags,instooofiltmsi,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_Library_add_ldflags,instooofiltmsi,\ @@ -36,4 +35,7 @@ $(eval $(call gb_Library_use_system_win32_libs,instooofiltmsi,\ advapi32 \ )) +$(call gb_Library_get_linktarget_target,instooofiltmsi): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_Library_get_linktarget_target,instooofiltmsi): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/Library_qslnkmsi.mk b/setup_native/Library_qslnkmsi.mk index f2246a1b6395..4703c403de9c 100644 --- a/setup_native/Library_qslnkmsi.mk +++ b/setup_native/Library_qslnkmsi.mk @@ -15,7 +15,6 @@ $(eval $(call gb_Library_add_defs,qslnkmsi,\ $(eval $(call gb_Library_add_cxxflags,qslnkmsi,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_Library_add_ldflags,qslnkmsi,\ @@ -43,4 +42,7 @@ $(eval $(call gb_Library_use_system_win32_libs,qslnkmsi,\ shell32 \ )) +$(call gb_Library_get_linktarget_target,qslnkmsi): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_Library_get_linktarget_target,qslnkmsi): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/Library_reg4allmsdoc.mk b/setup_native/Library_reg4allmsdoc.mk index 0e67147dfe49..bdb63c0f578b 100644 --- a/setup_native/Library_reg4allmsdoc.mk +++ b/setup_native/Library_reg4allmsdoc.mk @@ -15,7 +15,6 @@ $(eval $(call gb_Library_add_defs,reg4allmsdoc,\ $(eval $(call gb_Library_add_cxxflags,reg4allmsdoc,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_Library_add_ldflags,reg4allmsdoc,\ @@ -40,4 +39,7 @@ $(eval $(call gb_Library_use_system_win32_libs,reg4allmsdoc,\ shlwapi \ )) +$(call gb_Library_get_linktarget_target,reg4allmsdoc): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_Library_get_linktarget_target,reg4allmsdoc): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/Library_reg_dlls.mk b/setup_native/Library_reg_dlls.mk index d4decdcce2a4..34ecb919f9f7 100644 --- a/setup_native/Library_reg_dlls.mk +++ b/setup_native/Library_reg_dlls.mk @@ -15,7 +15,6 @@ $(eval $(call gb_Library_add_defs,reg_dlls,\ $(eval $(call gb_Library_add_cxxflags,reg_dlls,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_Library_add_ldflags,reg_dlls,\ @@ -38,4 +37,7 @@ $(eval $(call gb_Library_use_system_win32_libs,reg_dlls,\ Msi \ )) +$(call gb_Library_get_linktarget_target,reg_dlls): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_Library_get_linktarget_target,reg_dlls): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/Library_regactivex.mk b/setup_native/Library_regactivex.mk index 0789da0dbd03..7978f8872e55 100644 --- a/setup_native/Library_regactivex.mk +++ b/setup_native/Library_regactivex.mk @@ -15,7 +15,6 @@ $(eval $(call gb_Library_add_defs,regactivex,\ $(eval $(call gb_Library_add_cxxflags,regactivex,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_Library_add_ldflags,regactivex,\ @@ -36,4 +35,7 @@ $(eval $(call gb_Library_use_system_win32_libs,regactivex,\ msi \ )) +$(call gb_Library_get_linktarget_target,regactivex): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_Library_get_linktarget_target,regactivex): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/Library_sdqsmsi.mk b/setup_native/Library_sdqsmsi.mk index bc769c65b85c..162d499e62c4 100644 --- a/setup_native/Library_sdqsmsi.mk +++ b/setup_native/Library_sdqsmsi.mk @@ -15,7 +15,6 @@ $(eval $(call gb_Library_add_defs,sdqsmsi,\ $(eval $(call gb_Library_add_cxxflags,sdqsmsi,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_Library_add_ldflags,sdqsmsi,\ @@ -43,4 +42,7 @@ $(eval $(call gb_Library_use_system_win32_libs,sdqsmsi,\ shell32 \ )) +$(call gb_Library_get_linktarget_target,sdqsmsi): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_Library_get_linktarget_target,sdqsmsi): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/Library_sellangmsi.mk b/setup_native/Library_sellangmsi.mk index 962ebf7639c0..b98f2df039fe 100644 --- a/setup_native/Library_sellangmsi.mk +++ b/setup_native/Library_sellangmsi.mk @@ -19,7 +19,6 @@ $(eval $(call gb_Library_add_defs,sellangmsi,\ $(eval $(call gb_Library_add_cxxflags,sellangmsi,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_Library_add_ldflags,sellangmsi,\ @@ -44,4 +43,7 @@ $(eval $(call gb_Library_use_system_win32_libs,sellangmsi,\ shell32 \ )) +$(call gb_Library_get_linktarget_target,sellangmsi): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_Library_get_linktarget_target,sellangmsi): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/Library_shlxtmsi.mk b/setup_native/Library_shlxtmsi.mk index 63488e79a989..78653d9bd8f4 100644 --- a/setup_native/Library_shlxtmsi.mk +++ b/setup_native/Library_shlxtmsi.mk @@ -17,7 +17,6 @@ $(eval $(call gb_Library_add_defs,shlxtmsi,\ $(eval $(call gb_Library_add_cxxflags,shlxtmsi,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_Library_add_ldflags,shlxtmsi,\ @@ -50,4 +49,7 @@ $(eval $(call gb_Library_use_system_win32_libs,shlxtmsi,\ psapi \ )) +$(call gb_Library_get_linktarget_target,shlxtmsi): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_Library_get_linktarget_target,shlxtmsi): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/Library_sn_tools.mk b/setup_native/Library_sn_tools.mk index 061cdbad37f1..4a16090cd0de 100644 --- a/setup_native/Library_sn_tools.mk +++ b/setup_native/Library_sn_tools.mk @@ -15,7 +15,6 @@ $(eval $(call gb_Library_add_defs,sn_tools,\ $(eval $(call gb_Library_add_cxxflags,sn_tools,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_Library_add_ldflags,sn_tools,\ @@ -41,4 +40,7 @@ $(eval $(call gb_Library_use_system_win32_libs,sn_tools,\ advapi32 \ )) +$(call gb_Library_get_linktarget_target,sn_tools): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_Library_get_linktarget_target,sn_tools): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/StaticLibrary_quickstarter.mk b/setup_native/StaticLibrary_quickstarter.mk index 1bb0c5405c0c..66dba4534a7b 100644 --- a/setup_native/StaticLibrary_quickstarter.mk +++ b/setup_native/StaticLibrary_quickstarter.mk @@ -15,11 +15,13 @@ $(eval $(call gb_StaticLibrary_add_defs,quickstarter,\ $(eval $(call gb_StaticLibrary_add_cxxflags,quickstarter,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_StaticLibrary_add_exception_objects,quickstarter,\ setup_native/source/win32/customactions/quickstarter/quickstarter \ )) +$(call gb_StaticLibrary_get_linktarget_target,quickstarter): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_StaticLibrary_get_linktarget_target,quickstarter): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: diff --git a/setup_native/StaticLibrary_seterror.mk b/setup_native/StaticLibrary_seterror.mk index c6fdb80c9889..c33b8c2011e0 100644 --- a/setup_native/StaticLibrary_seterror.mk +++ b/setup_native/StaticLibrary_seterror.mk @@ -15,11 +15,13 @@ $(eval $(call gb_StaticLibrary_add_defs,seterror,\ $(eval $(call gb_StaticLibrary_add_cxxflags,seterror,\ $(if $(MSVC_USE_DEBUG_RUNTIME),/MTd,/MT) \ - $(if $(filter -fsanitize=%,$(CC)),,/fno-sanitize-address-vcasan-lib) \ )) $(eval $(call gb_StaticLibrary_add_exception_objects,seterror,\ setup_native/source/win32/customactions/tools/seterror \ )) +$(call gb_StaticLibrary_get_linktarget_target,seterror): gb_CC := $(filter-out -fsanitize%,$(gb_CC)) +$(call gb_StaticLibrary_get_linktarget_target,seterror): gb_CXX := $(filter-out -fsanitize%,$(gb_CXX)) + # vim: set noet sw=4 ts=4: commit 9502a9f76731afa0f5105e6d79b069222677f88d Author: Michael Stahl <[email protected]> AuthorDate: Thu Nov 27 16:52:12 2025 +0100 Commit: Michael Stahl <[email protected]> CommitDate: Thu Nov 27 17:34:25 2025 +0100 tdf#168897 winaccessibility: fix JAWS crash with CAccTable stack: UAccCOM.dll!ATL::CComObjectRootBase::OuterAddRef() Line 2631 UAccCOM.dll!ATL::CComContainedObject<CAccImage>::AddRef() Line 3719 AccEventCache.dll!00007ffd2039be28() AccEventCache.dll!00007ffd20355677() AccEventCache.dll!00007ffd20346d41() AccEventCache.dll!00007ffd20347f9a() AccEventCache.dll!00007ffd20338ba2() AccEventCache.dll!00007ffd20380dd8() AccEventCache.dll!00007ffd2037fd7b() AccEventCache.dll!00007ffd2037f7ee() AccEventCache.dll!00007ffd2037d9e6() AccEventCache.dll!00007ffd2037d07f() ^ JAWS GlobalHooksDispatcher.dll!00007ffd214daed4() GlobalHooksDispatcher.dll!00007ffd214d8d84() user32.dll!00007ffd492068ac() ntdll.dll!00007ffd4ae71424() win32u.dll!NtUserNotifyWinEvent() winaccessibility.dll!AccObjectWinManager::NotifyAccEvent(com::sun::star::accessibility::XAccessible * pXAcc, UnoMSAAEvent eEvent) Line 182 ^ selfAccObj looks very dead here but that is a red herring! winaccessibility.dll!AccContainerEventListener::FireStateFocusedChange(bool enable) Line 351 winaccessibility.dll!AccContainerEventListener::SetComponentState(__int64 state, bool enable) Line 178 winaccessibility.dll!AccParagraphEventListener::SetComponentState(__int64 state, bool enable) Line 123 winaccessibility.dll!AccContainerEventListener::HandleStateChangedEvent(com::sun::star::uno::Any oldValue, com::sun::star::uno::Any newValue) Line 106 winaccessibility.dll!AccContainerEventListener::notifyEvent(const com::sun::star::accessibility::AccessibleEventObject & aEvent) Line 72 winaccessibility.dll!AccParagraphEventListener::notifyEvent(const com::sun::star::accessibility::AccessibleEventObject & aEvent) Line 77 comphelper.dll!comphelper::AccessibleEventNotifier::addEvent(const unsigned long _nClient, const com::sun::star::accessibility::AccessibleEventObject & _rEvent) Line 256 swlo.dll!SwAccessibleContext::FireAccessibleEvent(com::sun::star::accessibility::AccessibleEventObject & rEvent) Line 457 swlo.dll!SwAccessibleContext::FireStateChangedEvent(__int64 nState, bool bNewState) Line 478 swlo.dll!SwAccessibleParagraph::InvalidateFocus_() Line 397 swlo.dll!SwAccessibleContext::InvalidateFocus() Line 1314 swlo.dll!SwAccessibleMap::InvalidateFocus() Line 2695 swlo.dll!SwViewShell::InvalidateAccessibleFocus() Line 2597 swlo.dll!SwEditWin::GetFocus() Line 5569 vcllo.dll!vcl::Window::CompatGetFocus() Line 3891 vcllo.dll!vcl::Window::ImplGrabFocus(GetFocusFlags nFlags) Line 385 vcllo.dll!vcl::Window::GrabFocus() Line 2983 sfxlo.dll!SfxFrame::GrabFocusOnComponent_Impl() Line 650 The problem is quite simply that CMAccessible::SmartQI() returns a pointer that is the result of querying the newly created COM aggregation for IID_IUnknown instead of the requested `iid` interface. Apparently the wrong result happens to work in many cases, but the CAccTable actually has 2 interfaces IAccessibleTable and IAccessibleTable2, and the COM aggravation for IAccessibleTable2 is the one that crashes; in this case the correct pointer is an offset of 8 to the start of CAccTable, while in the working cases there is no offset. So likely the bug was introduced by commits 3b86569fcba210eb6570fabef7ff8abf6aff91f0 and d0e8e6e3cd51736583603e37f0ba2ff7bdf29f5c but only started to crash with 839dbf9ecf9f8fbec7de983d1a2e16d7de6f868c. Change-Id: I7c7d295c8032b95fe7f64b8da4dd9bc3212563f9 diff --git a/winaccessibility/source/UAccCOM/MAccessible.cxx b/winaccessibility/source/UAccCOM/MAccessible.cxx index 6c1367185cac..4f13f016d86c 100644 --- a/winaccessibility/source/UAccCOM/MAccessible.cxx +++ b/winaccessibility/source/UAccCOM/MAccessible.cxx @@ -2416,15 +2416,31 @@ HRESULT WINAPI CMAccessible::SmartQI(void* /*pv*/, REFIID iid, void** ppvObject) assert(hr == S_OK); if(hr == S_OK) { + // does it matter which IID was used to query before it is + // put into the map? probably not, and currently + // QueryInterface is called after lookup anyway... m_containedObjects.emplace(*rEntry.piid, static_cast<IUnknown*>(*ppvObject)); + // very nonobvious: this QI only succeeds on an IID_IUnknown + // pointer because that one points directly to the + // CComAggObject whereas the other-IID ones point into + // CAcc* objects and end up forward back here to SmartQI + // which firstly doesn't know IID_IUNOXWrapper and secondly + // it would be useless to return a new instance for it, it + // *must* be the same CAcc* instance that was just created. + // Also, it's not possible to get the CAccTable out of the + // CComAggObject because it is private. + // However for the aggregated objects this here is also the + // *only* place where this interface is called; every other + // call is on a non-aggregated object - so it's sufficient + // if it works once right after construction. IUNOXWrapper* wrapper = nullptr; static_cast<IUnknown*>(*ppvObject)->QueryInterface(IID_IUNOXWrapper, reinterpret_cast<void**>(&wrapper)); - if(wrapper) - { - wrapper->put_XInterface( - reinterpret_cast<hyper>(m_xAccessible.get())); - wrapper->Release(); - } + assert(wrapper); // every map entry implements it currently + wrapper->put_XInterface( + reinterpret_cast<hyper>(m_xAccessible.get())); + wrapper->Release(); + // ppvObject is IID_IUnknown - Query for requested target! + static_cast<IUnknown*>(*ppvObject)->QueryInterface(iid, ppvObject); return S_OK; } }
