114245 – (potential) crash when opening the "Format" dialog for a database table column

Issue 114245 - (potential) crash when opening the "Format" dialog for a database table column

Summary: (potential) crash when opening the "Format" dialog for a database table column

Status:	CLOSED FIXED

Alias:	None

Product:	gsl
Classification:	Code
Component:	code (show other issues)
Version:	OOO330m6
Hardware:	PC Windows, all

Importance:	P3 Trivial (vote)
Target Milestone:	OOo 3.3
Assignee:	Frank Schönheit
QA Contact:	issues@gsl

URL:
Keywords:

Duplicates (2):	109681 113209 (view as issue list)
Depends on:
Blocks:	111112
	Show dependency tree

Reported:	2010-09-01 08:27 UTC by Frank Schönheit
Modified:	2017-05-20 11:41 UTC (History)
CC List:	4 users (show)

See Also:
Issue Type:	DEFECT
Latest Confirmation in:	---
Developer Difficulty:	---

Attachments
document to reproduce the bug case (3.29 KB, application/vnd.sun.xml.base) 2010-09-01 08:28 UTC, Frank Schönheit	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description Frank Schönheit 2010-09-01 08:27:25 UTC

- open the attached database document
- open the contained table by double-clicking it
- open the context menu for the table column "n"
- choose "Column Format"
=> in a non-product build on Windows, you get multiple error messages from
   the "Microsoft Visual C++ Debug Library", saying "HEAP CORRUPTION DETECTED"

Ignoring all those messages, the "Field Format" dialog opens as expected.
However, the messages indicate a serious problem, which can potentially lead to
OOo crashing.

Comment 1 Frank Schönheit 2010-09-01 08:28:04 UTC

Created attachment 71515 [details]
document to reproduce the bug case

Comment 2 Frank Schönheit 2010-09-01 14:16:51 UTC

will investigate whether this is worth fixing for 3.3 ...

Comment 3 Frank Schönheit 2010-09-01 21:21:42 UTC

fs->hdu: The problem originates from vcl/win/source/gdi/winlayout.cxx. line 2206
reads:
  mpLogClusters[ k ] =
Now when you open the dialog as described above, then you'll reach this line
multiple times, but at least once, k equals -1, so this statement writes to
memory which it doesn't own ... The assertion from the MSVC runtime is then
fired in ~UniscribeLayout, when mpLogClusters is deleted.

Comment 4 Frank Schönheit 2010-09-01 21:25:32 UTC

Note: Assertions with the same stack can be seen when choosing Tools => Options
=> Language Settings => Languages. So, the problem is not limited to the dialog
invoked from within Base.

Comment 5 Frank Schönheit 2010-09-01 21:26:55 UTC

changing component to GSL

Comment 6 Frank Schönheit 2010-09-01 21:27:26 UTC

fs->pl: Since hdu is on vacation - any chance you look into this?

Comment 7 Frank Schönheit 2010-09-01 21:29:47 UTC

changing "Platform", since the bug is in Windows-specific code.

Comment 8 philipp.lohmann 2010-09-02 10:28:31 UTC

@fs: I know as much about that code as you. If you say there is a wrong index
the fix I'd do is checking that index; however hdu would probably also be able
to fix the root cause.

Comment 9 Frank Schönheit 2010-09-02 10:29:37 UTC

sad, I had hope you know this code ...
well, fixing the crash would indeed be easy, however, it would indeed be fixing
symptoms only ...

Comment 10 hdu@apache.org 2010-09-07 11:15:50 UTC

Comment 11 hdu@apache.org 2010-09-08 10:12:57 UTC

Excellent analysis, thanks!
Fixed in CWS ooo33gsl08.

Comment 12 hdu@apache.org 2010-09-08 10:51:00 UTC

*** Issue 109681 has been marked as a duplicate of this issue. ***

Comment 13 hdu@apache.org 2010-09-09 14:45:43 UTC

@fs: please dev-verify in CWS ooo33gsl08

Comment 14 Frank Schönheit 2010-09-13 15:20:59 UTC

verified in CWS ooo33gsl08

Comment 15 Edwin Sharp 2013-07-06 18:22:40 UTC

*** Issue 113209 has been marked as a duplicate of this issue. ***