vcl/qt5/QtAccessibleWidget.cxx | 36 ++++++++++++++++++++++++++++++++++++
1 file changed, 36 insertions(+)
New commits:
commit 5226e3889155ea22465d488174a6f8720085628a
Author: Michael Weghorn <m.wegh...@posteo.de>
AuthorDate: Fri Sep 2 08:03:03 2022 +0200
Commit: Michael Weghorn <m.wegh...@posteo.de>
CommitDate: Fri Sep 2 10:26:06 2022 +0200
tdf#150683 qt a11y: Add bound checks for table methods
Since the row/column indices come from outside
(usually from assistive technology like a screen reader),
validate them before using them when calling the
corresponding methods on the
XAccessibleTable{,Selection} interfaces.
Otherwise, calling the corresponding UNO methods will
result in a crash due to an `IndexOutOfBoundsException`
being thrown.
Change-Id: I4d018d16b99f1c2c7b88c1c9e03f16d40ec3345c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/139250
Tested-by: Jenkins
Reviewed-by: Michael Weghorn <m.wegh...@posteo.de>
diff --git a/vcl/qt5/QtAccessibleWidget.cxx b/vcl/qt5/QtAccessibleWidget.cxx
index e2e99e6de208..60d64fa98731 100644
--- a/vcl/qt5/QtAccessibleWidget.cxx
+++ b/vcl/qt5/QtAccessibleWidget.cxx
@@ -1484,6 +1484,15 @@ QAccessibleInterface* QtAccessibleWidget::cellAt(int
row, int column) const
Reference<XAccessibleTable> xTable(xAc, UNO_QUERY);
if (!xTable.is())
return nullptr;
+
+ if (row < 0 || row >= xTable->getAccessibleRowCount() || column < 0
+ || column >= xTable->getAccessibleColumnCount())
+ {
+ SAL_WARN("vcl.qt", "QtAccessibleWidget::cellAt called with invalid
row/column index ("
+ << row << ", " << column << ")");
+ return nullptr;
+ }
+
return QAccessible::queryAccessibleInterface(
QtAccessibleRegistry::getQObject(xTable->getAccessibleCellAt(row,
column)));
}
@@ -1522,6 +1531,13 @@ bool QtAccessibleWidget::isColumnSelected(int nColumn)
const
if (!xTable.is())
return false;
+ if (nColumn < 0 || nColumn >= xTable->getAccessibleColumnCount())
+ {
+ SAL_WARN("vcl.qt", "QtAccessibleWidget::isColumnSelected called with
invalid column index "
+ << nColumn);
+ return false;
+ }
+
return xTable->isAccessibleColumnSelected(nColumn);
}
@@ -1535,6 +1551,13 @@ bool QtAccessibleWidget::isRowSelected(int nRow) const
if (!xTable.is())
return false;
+ if (nRow < 0 || nRow >= xTable->getAccessibleRowCount())
+ {
+ SAL_WARN("vcl.qt",
+ "QtAccessibleWidget::isRowSelected called with invalid row
index " << nRow);
+ return false;
+ }
+
return xTable->isAccessibleRowSelected(nRow);
}
@@ -1570,6 +1593,13 @@ bool QtAccessibleWidget::selectColumn(int column)
if (!xAc.is())
return false;
+ if (column < 0 || column >= columnCount())
+ {
+ SAL_WARN("vcl.qt",
+ "QtAccessibleWidget::selectColumn called with invalid column
index " << column);
+ return false;
+ }
+
Reference<XAccessibleTableSelection> xTableSelection(xAc, UNO_QUERY);
if (!xTableSelection.is())
return false;
@@ -1582,6 +1612,12 @@ bool QtAccessibleWidget::selectRow(int row)
if (!xAc.is())
return false;
+ if (row < 0 || row >= rowCount())
+ {
+ SAL_WARN("vcl.qt", "QtAccessibleWidget::selectRow called with invalid
row index " << row);
+ return false;
+ }
+
Reference<XAccessibleTableSelection> xTableSelection(xAc, UNO_QUERY);
if (!xTableSelection.is())
return false;
