[Pkg-virtualbox-devel] Bug#842862: virtualbox-qt: Crashes if screen reader enabled
Samuel Thibault
sthibault at debian.org
Sun Nov 27 18:04:09 UTC 2016
Control: reassign -1 libqt5widgets5
Control: affects -1 virtualbox-qt
Hello,
Samuel Thibault, on Sun 27 Nov 2016 18:29:07 +0100, wrote:
> > On a Debian testing with upstream repo's package:
> >
> > 1. Install qt-at-spi
> > 2. Enable accessibility in the Desktop.
> > 3. Run VirtualBox.
> > 4. Arrow keys, opening dialogs, crash the graphical interface.
> > 5. Run without Orca running.
> > 6. Arrow keys work. Run again screen reader, it crashes as soon as you press an arrow key..
>
> More precisely, I had to enter File->Preferences a couple of times to
> get the segfault.
Here is the corresponding backtrace. This is running version
5.7.1~20161021-dfsg-6 of qtbase.
The segfault is on the callq assembly instruction:
0x00007f8317db0bf1 <+65>: callq *0x18(%r8)
(gdb) p/x ($r8+0x18)
0x20002c003e0085
(gdb) p/x *(unsigned long*)($r8+0x18)
Cannot access memory at address 0x20002c003e0085
(gdb) p index
<optimized out>
(gdb) p role
11
(gdb) up
(gdb) p/x m_index
{r = 0xd, c = 0, i = 0x556f56c43340, m = 0x556f56c2c770}
(gdb) p/x *((QTreeWidgetItem*) (m_index->i))
{_vptr.QTreeWidgetItem = 0x20002c003e006d, rtti = 0x61004d, values = {d = 0x20006f006c0065}, view = 0x6c0065006f0043,
d = 0x3c0020006f0068, par = 0x6300720061006d, children = {<QListSpecialMethods<QTreeWidgetItem*>> = {<No data fields>}, {
p = {static shared_null = {ref = {atomic = {_q_value = {<std::__atomic_base<int>> = {static _S_alignment = 0x4,
_M_i = 0xffffffff}, <No data fields>}}}, alloc = 0x0, begin = 0x0, end = 0x0, array = {0x0}},
d = 0x63006f006c0065}, d = 0x63006f006c0065}}, itemFlags = {i = 0x65006f}}
that looks a very bogus object to me indeed. From the backtrace, it
looks like it was obtained in AtSpiAdaptor::handleMessage by calling
AtSpiAdaptor::interfaceFromPath, i.e. using
QAccessible::accessibleInterface, i.e. using
QAccessibleCache::interfaceForId, i.e. using the
QAccessibleCache::idToInterface hashtable.
It should be noted that virtualbox uses threads. It could be that there
is a race in qaccessiblecache.cpp between a thread that is trying to
remove a widget, and a thread which is trying to access it as requested
by the screen reader. Is that handled somehow in the accessibility layer
of Qt5?
Samuel
-------------- next part --------------
(gdb) bt
#0 0x00007f8317db0bf1 in QTreeModel::data (this=<optimized out>, index=..., role=11) at itemviews/qtreewidget.cpp:371
#1 0x00007f8317d2e235 in QAccessibleTableCell::text (this=0x556f56c6e370, t=<optimized out>)
at accessible/itemviews.cpp:1078
#2 0x00007f8314b05bcb in AtSpiAdaptor::accessibleInterface (this=this at entry=0x556f56913c50, interface=interface at entry=
0x556f56c6e370, function=..., message=..., connection=...) at linuxaccessibility/atspiadaptor.cpp:1414
#3 0x00007f8314b06919 in AtSpiAdaptor::accessibleInterface (this=0x556f56913c50, interface=0x556f56c6e370, function=...,
message=..., connection=...) at linuxaccessibility/atspiadaptor.cpp:1368
#4 0x00007f8314b0ad2c in AtSpiAdaptor::handleMessage (this=0x556f56913c50, message=..., connection=...)
at linuxaccessibility/atspiadaptor.cpp:1282
#5 0x00007f831c07be88 in QDBusConnectionPrivate::activateObject (this=0x7f82f800fc20, node=..., msg=..., pathStartPos=27)
at qdbusintegrator.cpp:1449
#6 0x00007f831c07e8ee in QDBusActivateObjectEvent::placeMetaCall (this=0x7f82f80139c0) at qdbusintegrator.cpp:1608
#7 0x00007f831cba1b39 in QObject::event (this=0x556f56913c50, e=<optimized out>) at kernel/qobject.cpp:1263
#8 0x00007f8317af6b2c in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x556f56913c50,
e=0x7f82f80139c0) at kernel/qapplication.cpp:3799
#9 0x00007f8317afe2e1 in QApplication::notify (this=0x7ffedd52b320, receiver=0x556f56913c50, e=0x7f82f80139c0)
at kernel/qapplication.cpp:3556
#10 0x00007f831cb75090 in QCoreApplication::notifyInternal2 (receiver=0x556f56913c50, event=event at entry=0x7f82f80139c0)
at kernel/qcoreapplication.cpp:988
#11 0x00007f831cb7781d in QCoreApplication::sendEvent (event=0x7f82f80139c0, receiver=<optimized out>)
at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#12 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver at entry=0x0, event_type=event_type at entry=0,
data=0x556f564f0640) at kernel/qcoreapplication.cpp:1649
#13 0x00007f831cb77c88 in QCoreApplication::sendPostedEvents (receiver=receiver at entry=0x0, event_type=event_type at entry=0)
at kernel/qcoreapplication.cpp:1503
#14 0x00007f831cbc92d3 in postEventSourceDispatch (s=0x556f565b1ef0) at kernel/qeventdispatcher_glib.cpp:276
#15 0x00007f83157bc7f7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007f83157bca60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007f83157bcb0c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007f831cbc96df in QEventDispatcherGlib::processEvents (this=0x556f565b1e20, flags=...)
at kernel/qeventdispatcher_glib.cpp:423
#19 0x00007f831cb7307a in QEventLoop::exec (this=this at entry=0x7ffedd52a6e0, flags=..., flags at entry=...)
at kernel/qeventloop.cpp:212
#20 0x00007f831e0102c7 in QIMainDialog::exec (this=this at entry=0x7ffedd52a750,
fApplicationModal=fApplicationModal at entry=true)
at /build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/src/VBox/Frontends/VirtualBox/src/extensions/QIMainDialog.cpp:86
#21 0x00007f831e14e14b in UISettingsDialog::execute (this=this at entry=0x7ffedd52a750)
at /build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/src/VBox/Frontends/VirtualBox/src/settings/UISettingsDialog.cpp:171
#22 0x00007f831e108b76 in UISelectorWindow::sltOpenPreferencesDialog (this=0x556f56915fe0)
at /build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/src/VBox/Frontends/VirtualBox/src/selector/UISelectorWindow.cpp:483
#23 0x00007f831e34dcd5 in UISelectorWindow::qt_static_metacall (_o=0x556f56915fe0, _c=<optimized out>, _id=<optimized out>,
_a=<optimized out>) at /build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/out/obj/VirtualBox/qtmoc/UISelectorWindow.cpp:246
#24 0x00007f831cba0c89 in QMetaObject::activate (sender=sender at entry=0x556f569d8c00, signalOffset=<optimized out>,
local_signal_index=local_signal_index at entry=1, argv=argv at entry=0x7ffedd52a9f0) at kernel/qobject.cpp:3740
#25 0x00007f831cba15a7 in QMetaObject::activate (sender=sender at entry=0x556f569d8c00,
m=m at entry=0x7f8317fcff60 <QAction::staticMetaObject>, local_signal_index=local_signal_index at entry=1,
argv=argv at entry=0x7ffedd52a9f0) at kernel/qobject.cpp:3602
#26 0x00007f8317af0162 in QAction::triggered (this=this at entry=0x556f569d8c00, _t1=<optimized out>)
at .moc/moc_qaction.cpp:369
#27 0x00007f8317af2b50 in QAction::activate (this=0x556f569d8c00, event=<optimized out>) at kernel/qaction.cpp:1170
#28 0x00007f8317c61eaa in QMenuPrivate::activateCausedStack (this=this at entry=0x556f56983480, causedStack=...,
action=action at entry=0x556f569d8c00, action_e=action_e at entry=QAction::Trigger, self=self at entry=true)
at widgets/qmenu.cpp:1140
#29 0x00007f8317c6950c in QMenuPrivate::activateAction (this=0x556f56983480, action=0x556f569d8c00,
action_e=QAction::Trigger, self=<optimized out>) at widgets/qmenu.cpp:1217
#30 0x00007f8317c6bfd3 in QMenu::keyPressEvent (this=<optimized out>, e=<optimized out>) at widgets/qmenu.cpp:3145
#31 0x00007f8317b3e8d7 in QWidget::event (this=this at entry=0x556f56917320, event=event at entry=0x556f56b7f0f0)
at kernel/qwidget.cpp:8815
#32 0x00007f8317c6c833 in QMenu::event (this=this at entry=0x556f56917320, e=e at entry=0x556f56b7f0f0) at widgets/qmenu.cpp:2799
#33 0x00007f831e02df60 in UIMenu::event (this=0x556f56917320, pEvent=0x556f56b7f0f0)
at /build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/src/VBox/Frontends/VirtualBox/src/globals/UIActionPool.cpp:96
#34 0x00007f8317af6b2c in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x556f56917320,
e=0x556f56b7f0f0) at kernel/qapplication.cpp:3799
#35 0x00007f8317affcb6 in QApplication::notify (this=<optimized out>, receiver=0x556f56917320, e=0x556f56b7f0f0)
at kernel/qapplication.cpp:3181
#36 0x00007f831cb75090 in QCoreApplication::notifyInternal2 (receiver=0x556f56917320, event=event at entry=0x556f56b7f0f0)
at kernel/qcoreapplication.cpp:988
#37 0x00007f831cb7781d in QCoreApplication::sendEvent (event=0x556f56b7f0f0, receiver=<optimized out>)
at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#38 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver at entry=0x0, event_type=event_type at entry=0,
data=0x556f564f0640) at kernel/qcoreapplication.cpp:1649
#39 0x00007f831cb77c88 in QCoreApplication::sendPostedEvents (receiver=receiver at entry=0x0, event_type=event_type at entry=0)
at kernel/qcoreapplication.cpp:1503
#40 0x00007f831cbc92d3 in postEventSourceDispatch (s=0x556f565b1ef0) at kernel/qeventdispatcher_glib.cpp:276
#41 0x00007f83157bc7f7 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#42 0x00007f83157bca60 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#43 0x00007f83157bcb0c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#44 0x00007f831cbc96df in QEventDispatcherGlib::processEvents (this=0x556f565b1e20, flags=...)
at kernel/qeventdispatcher_glib.cpp:423
#45 0x00007f831cb7307a in QEventLoop::exec (this=this at entry=0x7ffedd52b200, flags=..., flags at entry=...)
at kernel/qeventloop.cpp:212
#46 0x00007f831cb7b7ec in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1261
#47 0x00007f831c4a12dc in QGuiApplication::exec () at kernel/qguiapplication.cpp:1633
#48 0x00007f8317af6a85 in QApplication::exec () at kernel/qapplication.cpp:2975
#49 0x00007f831dfdbddb in TrustedMain (argc=<optimized out>, argv=<optimized out>)
at /build/virtualbox-suc2Rj/virtualbox-5.1.8-dfsg/src/VBox/Frontends/VirtualBox/src/main.cpp:547
#50 0x00007f83274c42b1 in __libc_start_main (main=0x556f55aee520 <main(int, char**, char**)>, argc=1, argv=0x7ffedd52b468,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffedd52b458)
at ../csu/libc-start.c:291
#51 0x0000556f55aee68a in _start ()
More information about the Pkg-virtualbox-devel
mailing list