To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=93419 Issue #|93419 Summary|[a11y] Crash in calc opening a doc in a11y Component|Drawing Version|DEV300m30 Platform|All URL| OS/Version|Linux Status|NEW Status whiteboard| Keywords| Resolution| Issue type|PATCH Priority|P3 Subcomponent|code Assigned to|ka Reported by|cmc
------- Additional comments from [EMAIL PROTECTED] Wed Sep 3 10:08:37 +0000 2008 ------- The attached document crashes on load when a11y is enabled. valgrind shows.... ==9009== Invalid write of size 8 ==9009== at 0x17E3E2F4: accessibility::AccessibleGraphicShape::AccessibleGraphicShape(accessibility::AccessibleShapeInfo const&, accessibility::AccessibleShapeTreeInfo const&) (AccessibleGraphicShape.cxx:50) ==9009== by 0x17E5CB92: accessibility::CreateSvxAccessibleShape(accessibility::AccessibleShapeInfo const&, accessibility::AccessibleShapeTreeInfo const&, int) (SvxShapeTypes.cxx:86) ==9009== by 0x170644E5: ScChildrenShapes::Get(ScAccessibleShapeData const*) const (AccessibleDocument.cxx:505) ==9009== by 0x17065E3A: ScChildrenShapes::Get(int) const (AccessibleDocument.cxx:528) ==9009== by 0x170666CD: ScAccessibleDocument::getAccessibleChild(int) (AccessibleDocument.cxx:1634) ==9009== by 0xA394C70: AtkListener::updateChildList(com::sun::star::accessibility::XAccessibleContext*) (in /usr/lib64/openoffice.org/basis3.0/program/libvclplug_gtklx.so) ==9009== by 0xA395A10: AtkListener::AtkListener(_AtkObjectWrapper*) (in /usr/lib64/openoffice.org/basis3.0/program/libvclplug_gtklx.so) ==9009== by 0xA3A2246: atk_object_wrapper_new (in /usr/lib64/openoffice.org/basis3.0/program/libvclplug_gtklx.so) ==9009== by 0xA395035: AtkListener::handleChildAdded(com::sun::star::uno::Reference<com::sun::star::accessibility::XAccessibleContext> const&, com::sun::star::uno::Reference<com::sun::star::accessibility::XAccessible> const&) (in /usr/lib64/openoffice.org/basis3.0/program/libvclplug_gtklx.so) ==9009== by 0xA3953AD: AtkListener::notifyEvent(com::sun::star::accessibility::AccessibleEventObject const&) (in /usr/lib64/openoffice.org/basis3.0/program/libvclplug_gtklx.so) ==9009== by 0x354469039B: comphelper::AccessibleEventNotifier::addEvent(unsigned, com::sun::star::accessibility::AccessibleEventObject const&) (in /usr/lib64/openoffice.org/basis3.0/program/libcomphelp4gcc3.so) ==9009== by 0x354468DC48: comphelper::OAccessibleContextHelper::NotifyAccessibleEvent(short, com::sun::star::uno::Any const&, com::sun::star::uno::Any const&) (in /usr/lib64/openoffice.org/basis3.0/program/libcomphelp4gcc3.so) ==9009== Address 0xfc54b88 is 0 bytes inside a block of size 328 free'd ==9009== at 0x4A0609F: free (vg_replace_malloc.c:323) ==9009== by 0x17E361F4: accessibility::AccessibleContextBase::CommitChange(short, com::sun::star::uno::Any const&, com::sun::star::uno::Any const&) (Reference.hxx:121) ==9009== by 0x17E3676A: accessibility::AccessibleContextBase::SetAccessibleName(rtl::OUString const&, accessibility::AccessibleContextBase::StringOrigin) (AccessibleContextBase.cxx:635) ==9009== by 0x17E3BBE9: accessibility::AccessibleShape::UpdateNameAndDescription() (AccessibleShape.cxx:1223) ==9009== by 0x17E3C264: accessibility::AccessibleShape::AccessibleShape(accessibility::AccessibleShapeInfo const&, accessibility::AccessibleShapeTreeInfo const&) (AccessibleShape.cxx:126) ==9009== by 0x17E3E2E8: accessibility::AccessibleGraphicShape::AccessibleGraphicShape(accessibility::AccessibleShapeInfo const&, accessibility::AccessibleShapeTreeInfo const&) (AccessibleGraphicShape.cxx:50) ==9009== by 0x17E5CB92: accessibility::CreateSvxAccessibleShape(accessibility::AccessibleShapeInfo const&, accessibility::AccessibleShapeTreeInfo const&, int) (SvxShapeTypes.cxx:86) ==9009== by 0x170644E5: ScChildrenShapes::Get(ScAccessibleShapeData const*) const (AccessibleDocument.cxx:505) ==9009== by 0x17065E3A: ScChildrenShapes::Get(int) const (AccessibleDocument.cxx:528) ==9009== by 0x170666CD: ScAccessibleDocument::getAccessibleChild(int) (AccessibleDocument.cxx:1634) ==9009== by 0xA394C70: AtkListener::updateChildList(com::sun::star::accessibility::XAccessibleContext*) (in /usr/lib64/openoffice.org/basis3.0/program/libvclplug_gtklx.so) ==9009== by 0xA395A10: AtkListener::AtkListener(_AtkObjectWrapper*) (in /usr/lib64/openoffice.org/basis3.0/program/libvclplug_gtklx.so) What I see is that the ctor of AccessibleShape calls AccessibleShape::UpdateNameAndDescription which calls some fireEvents which take a reference to the object. So during construction the object isn't finialized so when the new references are destroyed, so is the object that is being constructed. So it doesn't look safe to call UpdateNameAndDescription when the object has not been constructed yet. Patch attached to add a new "SetInitialName..." etc. for use during construction, that doesn't fire a changed event. Crash goes away afterwards --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
