Crash processing a simple vector of int [TS] v=2.0.4

Question

Crash processing a simple vector of int [TS] v=2.0.4

leanmendoza opened this issue 2 years ago · comments

Hey, I'm having a reproducible trouble when I build a vector of int and then I try to read it.
I don't understand if I'm doing something wrong of if it's a builder problem, because the the reader it seems to work fine with other buffer generated in C++.

   const fbb = builder()
    fbb.startVector()
    fbb.addInt(50)
    fbb.addInt(51)
    fbb.addInt(52)
    fbb.addInt(53)
    fbb.end()

    const serializedBuffer = fbb.finish()
// At this point serializedBuffer is Uint8Array(7) [50, 51, 52, 53, 4, 88, 1]

    const ref = toReference(serializedBuffer.buffer)
    console.log(ref.length()).toBe(4)
    console.log(ref.get(0).intValue()) // prints 50
    console.log(ref.get(1).intValue()) // prints 51
    console.log(ref.get(2).intValue()) // prints 52
    console.log(ref.get(3).intValue()) // CRASH HERE (should print 53)

The crash detail:

Trying a similar code in C++ it works fine

    flexbuffers::Builder fbb;

    fbb.Vector([&]() {

        fbb.Int(50);
        fbb.Int(51);
        fbb.Int(52);
        fbb.Int(53);
    });

    fbb.Finish();

    const std::vector<uint8_t> buffer = fbb.GetBuffer();
    print_buffer(buffer);
// This print the following vector: [4 50 51 52 53 4 4 4 4 8 40 1]

And if I try to parse this buffer it works fine in typescript

    const cppSerializedBuffer = new UInt8Array([4, 50, 51, 52, 53, 4, 4, 4, 4, 8, 40, 1])
    const ref = toReference(cppSerializedBuffer.buffer)
    console.log(ref.length()).toBe(4)
    console.log(ref.get(0).intValue()) // prints 50
    console.log(ref.get(1).intValue()) // prints 51
    console.log(ref.get(2).intValue()) // prints 52
    console.log(ref.get(3).intValue()) // prints 53
// works fine, and it doesn't crash

Derek Bailey · Answer 1 · Sat Feb 05 2022 07:37:59 GMT+0800 (China Standard Time)

Thanks for the report.

@bjornharrtell Can you take a look?

Gon Pombo · Answer 2 · Wed Mar 02 2022 02:33:57 GMT+0800 (China Standard Time)

any news on this ? @dbaileychess
Thanks in advance 😄

Gon Pombo · Answer 3 · Tue Mar 29 2022 02:47:58 GMT+0800 (China Standard Time)

😢 @bjornharrtell @dbaileychess

Björn Harrtell · Answer 4 · Tue Mar 29 2022 03:04:39 GMT+0800 (China Standard Time)

I don't think I've used the one element at a time API, perhaps that is why I've not been hit by this problem.

Derek Bailey · Answer 5 · Tue Mar 29 2022 03:14:14 GMT+0800 (China Standard Time)

Sorry, I haven't use TS or flexbuffers myself, so I didn't investigate this.

// At this point serializedBuffer is Uint8Array(7) [50, 51, 52, 53, 4, 88, 1]

Shouldn't there be a 4 as the first item in the TS case? And it is missing the rest of the type values (4) for items 51, 52 and 53. So there appears to be some issue with the flexbuffer builder addInt()

Björn Harrtell · Answer 6 · Tue Mar 29 2022 03:19:51 GMT+0800 (China Standard Time)

Ah didn't notice it was flexbuffers.. that is also a part I have never used. 😬

github-actions · Answer 7 · Sat Mar 04 2023 09:04:46 GMT+0800 (China Standard Time)

This issue is stale because it has been open 6 months with no activity. Please comment or label not-stale, or this will be closed in 14 days.

github-actions · Answer 8 · Sun Mar 19 2023 04:33:39 GMT+0800 (China Standard Time)

This issue was automatically closed due to no activity for 6 months plus the 14 day notice period.