From 8fcf171b421cb71f97589e19b548a5eaa996cf72 Mon Sep 17 00:00:00 2001 From: Frederik Gladhorn Date: Fri, 29 Sep 2017 10:52:36 +0200 Subject: Android Accessibility: protect from accessing invalid interfaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I am not sure if this is going to help, but it is required that the bridge checks that the interfaces it accesses are valid, since that protects from accessing them when they are in the destructor. This should be done, whether it fixes the issue or not. Task-number: QTBUG-45855 Change-Id: I2b96999ca4043f8b33607c864d1d178695d03192 Reviewed-by: Jan Arve Sæther --- .../platforms/android/androidjniaccessibility.cpp | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/plugins/platforms/android/androidjniaccessibility.cpp b/src/plugins/platforms/android/androidjniaccessibility.cpp index 06624415d3..e4d670239f 100644 --- a/src/plugins/platforms/android/androidjniaccessibility.cpp +++ b/src/plugins/platforms/android/androidjniaccessibility.cpp @@ -104,11 +104,11 @@ namespace QtAndroidAccessibility static jintArray childIdListForAccessibleObject(JNIEnv *env, jobject /*thiz*/, jint objectId) { QAccessibleInterface *iface = interfaceFromId(objectId); - if (iface) { + if (iface && iface->isValid()) { jintArray jArray = env->NewIntArray(jsize(iface->childCount())); for (int i = 0; i < iface->childCount(); ++i) { QAccessibleInterface *child = iface->child(i); - if (child) { + if (child && child->isValid()) { QAccessible::Id ifaceId = QAccessible::uniqueId(child); jint jid = ifaceId; env->SetIntArrayRegion(jArray, i, 1, &jid); @@ -123,9 +123,9 @@ namespace QtAndroidAccessibility static jint parentId(JNIEnv */*env*/, jobject /*thiz*/, jint objectId) { QAccessibleInterface *iface = interfaceFromId(objectId); - if (iface) { + if (iface && iface->isValid()) { QAccessibleInterface *parent = iface->parent(); - if (parent) { + if (parent && parent->isValid()) { if (parent->role() == QAccessible::Application) return -1; return QAccessible::uniqueId(parent); @@ -151,7 +151,7 @@ namespace QtAndroidAccessibility static jint hitTest(JNIEnv */*env*/, jobject /*thiz*/, jfloat x, jfloat y) { QAccessibleInterface *root = interfaceFromId(-1); - if (root) { + if (root && root->isValid()) { QPoint pos = QHighDpi::fromNativePixels(QPoint(int(x), int(y)), root->window()); QAccessibleInterface *child = root->childAt(pos.x(), pos.y()); @@ -170,7 +170,7 @@ namespace QtAndroidAccessibility { // qDebug() << "A11Y: CLICK: " << objectId; QAccessibleInterface *iface = interfaceFromId(objectId); - if (iface && iface->actionInterface()) { + if (iface && iface->isValid() && iface->actionInterface()) { if (iface->actionInterface()->actionNames().contains(QAccessibleActionInterface::pressAction())) iface->actionInterface()->doAction(QAccessibleActionInterface::pressAction()); else @@ -182,13 +182,17 @@ namespace QtAndroidAccessibility static jboolean scrollForward(JNIEnv */*env*/, jobject /*thiz*/, jint objectId) { QAccessibleInterface *iface = interfaceFromId(objectId); - return QAccessibleBridgeUtils::performEffectiveAction(iface, QAccessibleActionInterface::increaseAction()); + if (iface && iface->isValid()) + return QAccessibleBridgeUtils::performEffectiveAction(iface, QAccessibleActionInterface::increaseAction()); + return false; } static jboolean scrollBackward(JNIEnv */*env*/, jobject /*thiz*/, jint objectId) { QAccessibleInterface *iface = interfaceFromId(objectId); - return QAccessibleBridgeUtils::performEffectiveAction(iface, QAccessibleActionInterface::decreaseAction()); + if (iface && iface->isValid()) + return QAccessibleBridgeUtils::performEffectiveAction(iface, QAccessibleActionInterface::decreaseAction()); + return false; } -- cgit v1.2.3