From 20b5a25eaa61153b56142c690f7105c23fb39f35 Mon Sep 17 00:00:00 2001
From: Michael Weghorn <m.weghorn@posteo.de>
Date: Thu, 16 Nov 2023 13:46:04 +0100
Subject: [PATCH] a11y atspi: Add null checks in table iface methods
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add null checks to cover the cases where
QAccessibleTableInterface::cellAt returns
nullptr (which happens e.g. when called with
invalid indices via AT-SPI) or where the
cell object doesn't implement the
QAccessibleTableCellInterface, which
would previously result in crashes.

Fixes: QTBUG-119167
Change-Id: Ieb42617b32ca829af09ae1d54f5de9ec029e3ab2
Reviewed-by: Jan Arve Sæther <jan-arve.saether@qt.io>
(cherry picked from commit d91d53c951144255349e5d246353b598179ce967)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
(cherry picked from commit 10b480f1d8d2f08f2132d23f1325fa945ca71aad)
---
 src/gui/accessible/linux/atspiadaptor.cpp | 39 ++++++++++++++++-------
 1 file changed, 27 insertions(+), 12 deletions(-)

diff --git a/src/gui/accessible/linux/atspiadaptor.cpp b/src/gui/accessible/linux/atspiadaptor.cpp
index 5be7ec81768..5bcdf6a555e 100644
--- a/src/gui/accessible/linux/atspiadaptor.cpp
+++ b/src/gui/accessible/linux/atspiadaptor.cpp
@@ -2679,14 +2679,15 @@ bool AtSpiAdaptor::tableInterface(QAccessibleInterface *interface, const QString
         if (cols > 0) {
             row = index / cols;
             col = index % cols;
-            QAccessibleTableCellInterface *cell = interface->tableInterface()->cellAt(row, col)->tableCellInterface();
-            if (cell) {
-                row = cell->rowIndex();
-                col = cell->columnIndex();
-                rowExtents = cell->rowExtent();
-                colExtents = cell->columnExtent();
-                isSelected = cell->isSelected();
-                success = true;
+            if (QAccessibleInterface *cell = interface->tableInterface()->cellAt(row, col)) {
+                if (QAccessibleTableCellInterface *cellIface = cell->tableCellInterface()) {
+                    row = cellIface->rowIndex();
+                    col = cellIface->columnIndex();
+                    rowExtents = cellIface->rowExtent();
+                    colExtents = cellIface->columnExtent();
+                    isSelected = cellIface->isSelected();
+                    success = true;
+                }
             }
         }
         QVariantList list;
@@ -2696,12 +2697,22 @@ bool AtSpiAdaptor::tableInterface(QAccessibleInterface *interface, const QString
     } else if (function == "GetColumnExtentAt"_L1) {
         int row = message.arguments().at(0).toInt();
         int column = message.arguments().at(1).toInt();
-        connection.send(message.createReply(interface->tableInterface()->cellAt(row, column)->tableCellInterface()->columnExtent()));
+        int columnExtent = 0;
+        if (QAccessibleInterface *cell = interface->tableInterface()->cellAt(row, column)) {
+            if (QAccessibleTableCellInterface *cellIface = cell->tableCellInterface())
+                columnExtent = cellIface->columnExtent();
+        }
+        connection.send(message.createReply(columnExtent));
 
     } else if (function == "GetRowExtentAt"_L1) {
         int row = message.arguments().at(0).toInt();
         int column = message.arguments().at(1).toInt();
-        connection.send(message.createReply(interface->tableInterface()->cellAt(row, column)->tableCellInterface()->rowExtent()));
+        int rowExtent = 0;
+        if (QAccessibleInterface *cell = interface->tableInterface()->cellAt(row, column)) {
+            if (QAccessibleTableCellInterface *cellIface = cell->tableCellInterface())
+                rowExtent = cellIface->rowExtent();
+        }
+        connection.send(message.createReply(rowExtent));
 
     } else if (function == "GetColumnHeader"_L1) {
         int column = message.arguments().at(0).toInt();
@@ -2741,8 +2752,12 @@ bool AtSpiAdaptor::tableInterface(QAccessibleInterface *interface, const QString
     } else if (function == "IsSelected"_L1) {
         int row = message.arguments().at(0).toInt();
         int column = message.arguments().at(1).toInt();
-        QAccessibleTableCellInterface* cell = interface->tableInterface()->cellAt(row, column)->tableCellInterface();
-        connection.send(message.createReply(cell->isSelected()));
+        bool selected = false;
+        if (QAccessibleInterface* cell = interface->tableInterface()->cellAt(row, column)) {
+            if (QAccessibleTableCellInterface *cellIface = cell->tableCellInterface())
+                selected = cellIface->isSelected();
+        }
+        connection.send(message.createReply(selected));
     } else if (function == "AddColumnSelection"_L1) {
         int column = message.arguments().at(0).toInt();
         connection.send(message.createReply(interface->tableInterface()->selectColumn(column)));