Crash in Qt5 on Ubuntu 16.04 in QAccessibleTableCell::state while in endResetModel() in a QAbstractTableModel

I have a QAbstractItemModel with an editable column, which executes "beginResetModel(); endResetModel();" on every setData() call to the Model.   (see example program attached).

When I run the program on Ubuntu 16.04 Linux with

QT_LINUX_ACCESSIBILITY_ALWAYS_ON=1
QT_ACCESSIBILITY=1

then it crashes inside QAccessibleTableCell::state, line 1029  (see stack trace) if I use "TAB" key to move to the next column. At this point QAccessibleTableCell::m_index's model is null, giving the crash.

I see no crash with accessibility disabled, nor if I use the mouse clicking to end editing the column.

This is observed with Qt-5.12, 5.9.6, 5.9.4 downloaded and with Qt-5.12 compiled from GIT source (this is how I got the stack trace). QtCreator's variable view shows that m_index.model() is nullptr and this gives the crash.

Line 1029 is (QAccessibleTableCell::state())

{{ if (m_index.model()->data(m_index, Qt::CheckStateRole).toInt() == Qt::Checked)}}
    st.checked = true;

I have attached a small example program, based on the QAbstractTableModel example on http://doc.qt.io/qt-5/qtwidgets-itemviews-addressbook-tablemodel-cpp.html which shows the crash on my Linux Ubuntu 16.04.

To reproduce:

1) Compile the program

2) Run the program

3) Edit a field, changing A1 to Hi. Use TAB key to move to next column.

Result: CRASH, if ACCESSIBILITY is enabled.

Expected: No crash

1 QAccessibleTableCell::state itemviews.cpp 1029 0x7ffff7aceec9
2 AtSpiAdaptor::notify atspiadaptor.cpp 1060 0x7ffff7f3663d
3 QSpiAccessibleBridge::notifyAccessibilityUpdate bridge.cpp 109 0x7ffff7f25048
4 QAccessible::updateAccessibility qaccessible.cpp 875 0x7ffff62a9625
5 QTableView::selectionChanged qtableview.cpp 3369 0x7ffff7b3a466
6 QAbstractItemView::qt_static_metacall moc_qabstractitemview.cpp 416 0x7ffff7add19d
7 QMetaObject::activate qobject.cpp 3778 0x7ffff73bd2c5
8 QMetaObject::activate qobject.cpp 3631 0x7ffff73bd5fd
9 QItemSelectionModel::selectionChanged moc_qitemselectionmodel.cpp 458 0x7ffff7347e60
10 QItemSelectionModel::emitSelectionChanged qitemselectionmodel.cpp 1871 0x7ffff734c581
11 QItemSelectionModel::select qitemselectionmodel.cpp 1338 0x7ffff734f490
12 QItemSelectionModel::select qitemselectionmodel.cpp 1188 0x7ffff734a216
13 QItemSelectionModel::setCurrentIndex qitemselectionmodel.cpp 1413 0x7ffff73481e2
14 QAbstractItemView::keyPressEvent qabstractitemview.cpp 2395 0x7ffff7adc278
15 QAbstractItemView::focusNextPrevChild qabstractitemview.cpp 1631 0x7ffff7ae2fdd
16 QWidget::focusNextPrevChild qwidget.cpp 6754 0x7ffff788b7e9
17 QWidget::focusNextPrevChild qwidget.cpp 6754 0x7ffff788b7e9
18 QWidgetPrivate::hide_helper qwidget.cpp 8175 0x7ffff788bc89
19 QWidget::setVisible qwidget.cpp 8357 0x7ffff7890bd6
20 QWidget::hide qwidget.cpp 8129 0x7ffff7878b27
21 QAbstractItemViewPrivate::releaseEditor qabstractitemview_p.h 216 0x7ffff7addefe
22 QAbstractItemView::reset qabstractitemview.cpp 1121 0x7ffff7addefe
23 QAbstractItemView::qt_static_metacall moc_qabstractitemview.cpp 402 0x7ffff7add081
24 QMetaObject::activate qobject.cpp 3778 0x7ffff73bd2c5
25 QMetaObject::activate qobject.cpp 3631 0x7ffff73bd5fd
26 QAbstractItemModel::modelReset moc_qabstractitemmodel.cpp 647 0x7ffff7338438
27 QAbstractItemModel::endResetModel qabstractitemmodel.cpp 3272 0x7ffff733a579
28 TableModel::setData tablemodel.cpp 60 0x405825
29 QStyledItemDelegate::setModelData qstyleditemdelegate.cpp 486 0x7ffff7b01978
30 QAbstractItemView::commitData qabstractitemview.cpp 2898 0x7ffff7adb50e
31 QAbstractItemView::qt_static_metacall moc_qabstractitemview.cpp 426 0x7ffff7add25d
32 QMetaObject::activate qobject.cpp 3778 0x7ffff73bd2c5
33 QMetaObject::activate qobject.cpp 3631 0x7ffff73bd5fd
34 QAbstractItemDelegate::commitData moc_qabstractitemdelegate.cpp 204 0x7ffff7af8c6e
35 QAbstractItemDelegatePrivate::editorEventFilter qabstractitemdelegate.cpp 487 0x7ffff7af9025
36 QStyledItemDelegate::eventFilter qstyleditemdelegate.cpp 588 0x7ffff7b0157b
37 QCoreApplicationPrivate::sendThroughObjectEventFilters qcoreapplication.cpp 1187 0x7ffff738b158
38 QApplicationPrivate::notify_helper qapplication.cpp 3744 0x7ffff78474b5
39 QApplication::notify qapplication.cpp 3131 0x7ffff784eee8
40 QCoreApplication::notifyInternal2 qcoreapplication.cpp 1061 0x7ffff738b352
41 QCoreApplication::forwardEvent qcoreapplication.cpp 1076 0x7ffff738b3da
42 QWidgetWindow::handleKeyEvent qwidgetwindow.cpp 701 0x7ffff78ab337
43 QWidgetWindow::event qwidgetwindow.cpp 274 0x7ffff78b02a4
44 QApplicationPrivate::notify_helper qapplication.cpp 3752 0x7ffff78474c8
45 QApplication::notify qapplication.cpp 3109 0x7ffff784ee0e
46 QCoreApplication::notifyInternal2 qcoreapplication.cpp 1061 0x7ffff738b352
47 QCoreApplication::sendSpontaneousEvent qcoreapplication.cpp 1463 0x7ffff738b5b0
48 QGuiApplicationPrivate::processKeyEvent qguiapplication.cpp 2227 0x7ffff62da49a
49 QGuiApplicationPrivate::processWindowSystemEvent qguiapplication.cpp 1842 0x7ffff62df208
50 QWindowSystemInterface::sendWindowSystemEvents qwindowsysteminterface.cpp 1068 0x7ffff62b67c0
51 xcbSourceDispatch qxcbeventdispatcher.cpp 105 0x7ffff7eb71e4
52 g_main_context_dispatch 0x7ffff4dac197
53 ?? 0x7ffff4dac3f0
54 g_main_context_iteration 0x7ffff4dac49c
55 QEventDispatcherGlib::processEvents qeventdispatcher_glib.cpp 422 0x7ffff73eb06f
56 QXcbGlibEventDispatcher::processEvents qxcbeventdispatcher.cpp 143 0x7ffff7eb7564
57 QEventLoop::processEvents qeventloop.cpp 138 0x7ffff7389289
58 QEventLoop::exec qeventloop.cpp 225 0x7ffff7389702
59 QCoreApplication::exec qcoreapplication.cpp 1364 0x7ffff7393328
60 QGuiApplication::exec qguiapplication.cpp 1778 0x7ffff62d42b8
61 QApplication::exec qapplication.cpp 2909 0x7ffff78473a3
62 main main.cpp 10 0x403ff0