https://bz.apache.org/ooo/show_bug.cgi?id=128310
dam...@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dam...@apache.org
--- Comment #5 from dam...@apache.org ---
(In reply to Matthias Seidel from comment #4)
> The crash occurs when Explorer wants to display the AOO Infotips for the
> file.
>
> Removing the Windows Explorer Extension is one workaround.
> Even opening the file with a double click anywhere else than on the filename
> in the File Open Dialog will work.
>
> Most likely the problem is in this code:
> https://github.com/apache/openoffice/blob/trunk/main/shell/source/win32/
> shlxthandler/infotips/infotips.cxx
>
> But at this point a developer must take over...
---snip---
std::wstring formatSizeOfFile( DWORD dwSize )
{
if ( dwSize < 1000 )
{
char buffer[3];
int dFileSize = dwSize;
_itoa( dFileSize, buffer, 10 );
---snip---
If 100 <= dwSize <= 999, that's a buffer overflow, as buffer has only 3 chars,
and we need a 4th char to store the terminating '\0'.
There could be other problems I don't immediately see. Is there a way to get a
stack trace when this error happens?
--
You are receiving this mail because:
You are the assignee for the issue.
