[Libreoffice-bugs] [Bug 105712] With NVDA active launching Special Character dialog using Insert -> Special Character, or via F7 Spell check causes a fatal error. With using Standard Toolbar button it also hangs but without crash.

bugzilla-daemon Mon, 13 Feb 2017 16:32:43 -0800

https://bugs.documentfoundation.org/show_bug.cgi?id=105712


--- Comment #18 from James Teh <ja...@nvaccess.org> ---
NVDA is nowhere in the call stack here, so this is almost certainly not related
to NVDA code. Most likely, it's a bug in the accessibility code (which doesn't
run while NVDA isn't running, hence the lack of crash when NVDA isn't running).

Debugging this is painful because LO catches unhandled C++ exceptions and
displays a fatal error dialog, but in WinDBG, we lose the exception that was
caught (or at least, I don't know how to get to it). Catching first chance C++
exceptions helps, but there are quite a lot of them, so knowing which one
triggered the fatal error is tricky. Any advice on this?

I *think* the following is the exception in question and it is indeed related
to accessibility code. Here's the stack trace:

 # ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
00 0171e968 662b9339 KERNELBASE!RaiseException+0x62
01 0171e9a8 639231c2 msvcr120!_CxxThrowException(void * pExceptionObject =
0x0171e9c4, struct _s__ThrowInfo * pThrowInfo = 0x654eeb58)+0x5b
[f:\dd\vctools\crt\crtw32\eh\throw.cpp @ 152]
02 0171e9e4 61cf637b
mergedlo!svx::SvxShowCharSetVirtualAcc::getAccessibleChild(long i = 0n0)+0x172
[c:\cygwin64\home\buildslave\source\libo-core\svx\source\accessibility\charmapacc.cxx
@ 131]
03 0171ea28 61cf63b0
winaccessibility!AccTopWindowListener::AddAllListeners(class
com::sun::star::accessibility::XAccessible * pAccessible = 0x093741cc, class
com::sun::star::accessibility::XAccessible * pParentXAcc = 0x09373c64, struct
HWND__ * pWND = 0x000b0652)+0xfb
[c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx
@ 174]
04 0171ea6c 61cf63b0
winaccessibility!AccTopWindowListener::AddAllListeners(class
com::sun::star::accessibility::XAccessible * pAccessible = 0x09373c64, class
com::sun::star::accessibility::XAccessible * pParentXAcc = 0x093741cc, struct
HWND__ * pWND = 0x000b0652)+0x130
[c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx
@ 183]
05 0171eab0 61cf63b0
winaccessibility!AccTopWindowListener::AddAllListeners(class
com::sun::star::accessibility::XAccessible * pAccessible = 0x09373c04, class
com::sun::star::accessibility::XAccessible * pParentXAcc = 0x09373c64, struct
HWND__ * pWND = 0x000b0652)+0x130
[c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx
@ 183]
06 0171eaf4 61cf6529
winaccessibility!AccTopWindowListener::AddAllListeners(class
com::sun::star::accessibility::XAccessible * pAccessible = 0x08d47320, class
com::sun::star::accessibility::XAccessible * pParentXAcc = 0x09373c04, struct
HWND__ * pWND = 0x000b0652)+0x130
[c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx
@ 183]
07 0171eb38 61cf75ba
winaccessibility!AccTopWindowListener::HandleWindowOpened(class
com::sun::star::accessibility::XAccessible * pAccessible = 0x083998f8)+0xe9
[c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx
@ 79]
08 0171eb64 63e4cebe winaccessibility!AccTopWindowListener::windowOpened(struct
com::sun::star::lang::EventObject * e = 0x0171eba0)+0x6a
[c:\cygwin64\home\buildslave\source\libo-core\winaccessibility\source\service\acctopwindowlistener.cxx
@ 127]
09 0171ebb4 63e4e339 mergedlo!`anonymous
namespace'::VCLXToolkit::callTopWindowListeners(class VclSimpleEvent * pEvent =
0x1402a090, <function> * pFn = 0x63e492a6)+0xde
[c:\cygwin64\home\buildslave\source\libo-core\toolkit\source\awt\vclxtoolkit.cxx
@ 1828]
0a 0171ebc4 63e4c08e mergedlo!`anonymous
namespace'::VCLXToolkit::eventListenerHandler(class VclSimpleEvent * rEvent =
0x0171ec40)+0x29
[c:\cygwin64\home\buildslave\source\libo-core\toolkit\source\awt\vclxtoolkit.cxx
@ 1793]
0b 0171ebd0 643d0090 mergedlo!`anonymous
namespace'::VCLXToolkit::LinkStubeventListenerHandler(void * instance =
0x09f6ec08, class VclSimpleEvent * data = 0x0171ec40)+0xe
[c:\cygwin64\home\buildslave\source\libo-core\toolkit\source\awt\vclxtoolkit.cxx
@ 1754]
0c 0171ec10 643c80a7 mergedlo!VclEventListeners::Call(class VclSimpleEvent *
rEvent = 0x0171ec40)+0xd0
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\vclevent.cxx @ 61]
0d 0171ec1c 64138d53 mergedlo!Application::ImplCallEventListeners(class
VclSimpleEvent * rEvent = 0x0171ec40)+0x17
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svapp.cxx @ 839]
0e 0171ec98 641b2071 mergedlo!vcl::Window::CallEventListeners(unsigned long
nEvent = 0x3eb, void * pData = 0x13f44258)+0x63
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\event.cxx @
214]
0f 0171ecac 641b3dec mergedlo!vcl::Window::ImplSetReallyVisible(void)+0x61
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\window.cxx @
1307]
10 0171ed08 64127122 mergedlo!vcl::Window::Show(bool bVisible = true, ShowFlags
nFlags = NONE (0n0))+0x3ec
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\window.cxx @
2314]
11 0171ed40 64125e50 mergedlo!Dialog::ImplStartExecuteModal(void)+0x172
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\dialog.cxx @
832]
12 0171ed8c 5fa2cfd3 mergedlo!Dialog::Execute(void)+0x40
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\dialog.cxx @
896]
13 0171edf4 60ab5741 cuilo!SvxCharacterMap::Execute(void)+0x33
[c:\cygwin64\home\buildslave\source\libo-core\cui\source\dialogs\cuicharmap.cxx
@ 154]
14 0171eefc 60ab7d20 swlo!SwTextShell::InsertSymbol(class SfxRequest * rReq =
0x0171f49c)+0x3c1
[c:\cygwin64\home\buildslave\source\libo-core\sw\source\uibase\shells\textsh.cxx
@ 947]
15 0171f2ec 60ab5f2e swlo!SwTextShell::Execute(class SfxRequest * rReq =
0x0171f49c)+0x8e0
[c:\cygwin64\home\buildslave\source\libo-core\sw\source\uibase\shells\textsh1.cxx
@ 454]
16 0171f2f8 634223a4 swlo!SfxStubSwTextShellExecute(class SfxShell * pShell =
0x0a2dc278, class SfxRequest * rReq = 0x0171f49c)+0xe
[c:\cygwin64\home\buildslave\r\workdir\sditarget\sw\sdi\swslots.hxx @ 2877]
17 0171f34c 63423d08 mergedlo!SfxDispatcher::Call_Impl(class SfxShell * rShell
= 0x0a2dc278, class SfxSlot * rSlot = 0x0001c800, class SfxRequest * rReq =
0x0171f49c, bool bRecord = true)+0x204
[c:\cygwin64\home\buildslave\source\libo-core\sfx2\source\control\dispatch.cxx
@ 376]
18 0171f380 63417af1 mergedlo!SfxDispatcher::Execute_(class SfxShell * rShell =
0x0a2dc278, class SfxSlot * rSlot = 0x60f00318, class SfxRequest * rReq =
0x0171f49c, SfxCallMode eCallMode = RECORD (0n4))+0x68
[c:\cygwin64\home\buildslave\source\libo-core\sfx2\source\control\dispatch.cxx
@ 944]
19 0171f3f0 63454610 mergedlo!SfxBindings::Execute_Impl(class SfxRequest * aReq
= 0x0171f49c, class SfxSlot * pSlot = 0x60f00318, class SfxShell * pShell =
0x0a2dc278)+0x2b1
[c:\cygwin64\home\buildslave\source\libo-core\sfx2\source\control\bindings.cxx
@ 1172]
1a 0171f504 6345499a mergedlo!SfxDispatchController_Impl::dispatch(struct
com::sun::star::util::URL * aURL = 0x0171f55c, class
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> * aArgs =
0x0171f5b8, class
com::sun::star::uno::Reference<com::sun::star::frame::XDispatchResultListener>
* rListener = 0x0171f540)+0x720
[c:\cygwin64\home\buildslave\source\libo-core\sfx2\source\control\unoctitm.cxx
@ 753]
1b 0171f538 631047c8 mergedlo!SfxOfficeDispatch::dispatch(struct
com::sun::star::util::URL * aURL = 0x0171f55c, class
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> * aArgs =
0x0171f5b8)+0x5a
[c:\cygwin64\home\buildslave\source\libo-core\sfx2\source\control\unoctitm.cxx
@ 231]
1c 0171f5c8 631034de mergedlo!framework::MenuBarManager::Select(class Menu *
pMenu = 0x00000001)+0x288
[c:\cygwin64\home\buildslave\source\libo-core\framework\source\uielement\menubarmanager.cxx
@ 1034]
1d 0171f5d4 64158579 mergedlo!framework::MenuBarManager::LinkStubSelect(void *
instance = 0x08d8f0e0, class Menu * data = 0x0a3cb1e0)+0xe
[c:\cygwin64\home\buildslave\source\libo-core\framework\source\uielement\menubarmanager.cxx
@ 969]
1e 0171f604 641bbf3e mergedlo!Menu::Select(void)+0x99
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\menu.cxx @ 305]
1f 0171f628 641bc486 mergedlo!ImplHandleUserEvent(struct ImplSVEvent * pSVEvent
= 0x0a726cd8)+0x3e
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\winproc.cxx @
1957]
20 0171f694 644b78aa mergedlo!ImplWindowFrameProc(class vcl::Window * _pWindow
= 0x0a04cc10, SalEvent nEvent = UserEvent (0n19), void * pEvent =
0x0a726cd8)+0x3c6
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\window\winproc.cxx @
2507]
21 0171f6f0 644b7ea0 mergedlo!SalFrameWndProc(struct HWND__ * hWnd =
0x000b05a4, unsigned int nMsg = 0x482, unsigned int wParam = 0, long lParam =
0n175271128, int * rDef = 0x0171f71c)+0x75a
[c:\cygwin64\home\buildslave\source\libo-core\vcl\win\window\salframe.cxx @
5771]
22 0171f73c 73cfafcb mergedlo!SalFrameWndProcW(struct HWND__ * hWnd =
0x000b05a4, unsigned int nMsg = 0x482, unsigned int wParam = 0, long lParam =
0n175271128)+0x60
[c:\cygwin64\home\buildslave\source\libo-core\vcl\win\window\salframe.cxx @
5905]
23 0171f768 73cec948 user32!AddClipboardFormatListener+0x11eb
24 0171f850 73cec1c7 user32!DispatchMessageW+0xc78
25 0171f8c4 73cebce0 user32!DispatchMessageW+0x4f7
26 0171f8d0 64482144 user32!DispatchMessageW+0x10
27 0171f904 64481f9a mergedlo!ImplSalYield(bool bWait = false, bool
bHandleAllCurrentEvents = false)+0x64
[c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 592]
28 0171f92c 643c6dd7 mergedlo!WinSalInstance::DoYield(bool bWait = false, bool
bHandleAllCurrentEvents = false, unsigned long nReleased = 0)+0xca
[c:\cygwin64\home\buildslave\source\libo-core\vcl\win\app\salinst.cxx @ 657]
29 0171f96c 63626939 mergedlo!Application::Execute(void)+0x177
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svapp.cxx @ 469]
2a 0171facc 643cdb7a mergedlo!desktop::Desktop::Main(void)+0xd59
[c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\app.cxx @
1683]
2b 0171faf4 643cdf39 mergedlo!ImplSVMain(void)+0x6a
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svmain.cxx @ 185]
2c 0171fb00 63640114 mergedlo!SVMain(void)+0x29
[c:\cygwin64\home\buildslave\source\libo-core\vcl\source\app\svmain.cxx @ 224]
2d 0171fc54 00ce101e mergedlo!soffice_main(void)+0x104
[c:\cygwin64\home\buildslave\source\libo-core\desktop\source\app\sofficemain.cxx
@ 166]
2e 0171fca8 74368724 soffice+0x101e
2f 0171fcbc 771d83c7 kernel32!BaseThreadInitThunk+0x24
30 0171fd04 771d8397 ntdll!ApiSetQueryApiSetPresence+0xd7
31 0171fd14 00000000 ntdll!ApiSetQueryApiSetPresence+0xa7

It would seem svx::SvxShowCharSetVirtualAcc::getAccessibleChild throws an
IndexOutOfBoundsException:
https://github.com/LibreOffice/core/blob/libreoffice-5.3.0.3/svx/source/accessibility/charmapacc.cxx#L131

-- 
You are receiving this mail because:
You are the assignee for the bug.

_______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 105712] With NVDA active launching Special Character dialog using Insert -> Special Character, or via F7 Spell check causes a fatal error. With using Standard Toolbar button it also hangs but without crash.

Reply via email to