Apache OpenOffice (AOO) Bugzilla – Issue 114245
(potential) crash when opening the "Format" dialog for a database table column
Last modified: 2017-05-20 11:41:59 UTC
- open the attached database document - open the contained table by double-clicking it - open the context menu for the table column "n" - choose "Column Format" => in a non-product build on Windows, you get multiple error messages from the "Microsoft Visual C++ Debug Library", saying "HEAP CORRUPTION DETECTED" Ignoring all those messages, the "Field Format" dialog opens as expected. However, the messages indicate a serious problem, which can potentially lead to OOo crashing.
Created attachment 71515 [details] document to reproduce the bug case
will investigate whether this is worth fixing for 3.3 ...
fs->hdu: The problem originates from vcl/win/source/gdi/winlayout.cxx. line 2206 reads: mpLogClusters[ k ] = Now when you open the dialog as described above, then you'll reach this line multiple times, but at least once, k equals -1, so this statement writes to memory which it doesn't own ... The assertion from the MSVC runtime is then fired in ~UniscribeLayout, when mpLogClusters is deleted.
Note: Assertions with the same stack can be seen when choosing Tools => Options => Language Settings => Languages. So, the problem is not limited to the dialog invoked from within Base.
changing component to GSL
fs->pl: Since hdu is on vacation - any chance you look into this?
changing "Platform", since the bug is in Windows-specific code.
@fs: I know as much about that code as you. If you say there is a wrong index the fix I'd do is checking that index; however hdu would probably also be able to fix the root cause.
sad, I had hope you know this code ... well, fixing the crash would indeed be easy, however, it would indeed be fixing symptoms only ...
.
Excellent analysis, thanks! Fixed in CWS ooo33gsl08.
*** Issue 109681 has been marked as a duplicate of this issue. ***
@fs: please dev-verify in CWS ooo33gsl08
verified in CWS ooo33gsl08
*** Issue 113209 has been marked as a duplicate of this issue. ***