Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: P1: Critical
Fix Version/s: 6.5.5, 6.6.2, 6.6.3, 6.7.0 Beta2, 6.8.0 FF
Affects Version/s: 6.6.1
Component/s: GUI: Accessibility (a11y)
Labels:
None

Platform/s:

macOS
Commits:
75a918d48 (dev), 1e0a6b316 (6.7), b97d45c99 (6.6), 4b65b369c (tqtc/lts-6.5), aacf2ec03 (6.6.2)

Description

We observe occasional "index beyond bounds for empty array" crashes with accessibility functions at the top of the call stack:

1  __pthread_kill                                                  
2  pthread_kill                                                    
3  abort                                                           
4  abort_message                                                   
5  demangling_terminate_handler()                                  
6  _objc_terminate()                                               
7  std::__terminate(void ( *)())                                   
8  __cxa_rethrow                                                   
9  objc_exception_rethrow                                          
10 NSAccessibilityPerformEntryPointObject                          
11 _NSAccessibilityEntryPointValueForAttribute                     
12 -[QMacAccessibilityElement accessibilityFocusedUIElement]       
13 -[QNSView(Accessibility) accessibilityFocusedUIElement]         
14 -[NSWindow(NSWindowAccessibility) accessibilityFocusedUIElement]
15 NSAccessibilityHandleFocusChangedForce                          
16 -[NSWindow _realMakeFirstResponder:]                            
17 QCocoaWindow::~QCocoaWindow()                                   
18 QCocoaWindow::~QCocoaWindow()                                   
19 QCocoaWindow::~QCocoaWindow()                                   
20 QWindowPrivate::destroy()                                       
21 QWindow::destroy()                                              
22 QWidgetPrivate::deleteTLSysExtra()                              
23 QWidget::destroy(bool, bool)                                    
24 QWidget::~QWidget()                                             
25 QFrame::~QFrame()                                               
26 QComboBoxPrivateContainer::~QComboBoxPrivateContainer()         
27 QComboBoxPrivateContainer::~QComboBoxPrivateContainer()         
28 QComboBoxPrivateContainer::~QComboBoxPrivateContainer()         
29 QObjectPrivate::deleteChildren()                                
30 QWidget::~QWidget()                                             
...

For full call stacks see attachment. Qt Creator 12.0.1 sometimes crashes with similar call stacks. We've spent quite a lot of time trying to get this crash reproduced. Here's a sample app which crashes reliably:

QtAccessibilityCrash.zip

The app opens a dialog, there you have to select a combobox item with the mouse and click OK. The dialog is closed, and when the QComboBox is destroyed, the dtor of its QCocoaWindow base class calls [m_nsWindow makeFirstResponder:nil] which triggers the crash in [QMacAccessibilityElement accessibilityFocusedUIElement].

The crash occurs only if QAccessible::isActive() is false on startup (displayed as treeview item), and switches to true (why does that happen??) when the dialog is opened (see dialog title).

On most of our Macs this is the default behaviour (maybe because of some installed tools using accessibility API?), but on a clean installed macOS 14 you have to enable Accessibility -> VoiceControl, for example, to get this behaviour.

The bugfix for https://bugreports.qt.io/browse/QTBUG-120469 doesn't fix this crash,
we've tested with Qt libs built from the '6.6' branch (qtbase @ 4f57f76a96), it still crashes.

Tested with macOS 14 on M1 + Intel.