flatbuffers icon indicating copy to clipboard operation
flatbuffers copied to clipboard

Published 20 hours ago verified publisher icon google

Crash processing a simple vector of int [TS] v=2.0.4

Open leanmendoza opened this issue 3 years ago • 6 comments

Hey, I'm having a reproducible trouble when I build a vector of int and then I try to read it. I don't understand if I'm doing something wrong of if it's a builder problem, because the the reader it seems to work fine with other buffer generated in C++.

   const fbb = builder()
    fbb.startVector()
    fbb.addInt(50)
    fbb.addInt(51)
    fbb.addInt(52)
    fbb.addInt(53)
    fbb.end()

    const serializedBuffer = fbb.finish()
// At this point serializedBuffer is Uint8Array(7) [50, 51, 52, 53, 4, 88, 1]

    const ref = toReference(serializedBuffer.buffer)
    console.log(ref.length()).toBe(4)
    console.log(ref.get(0).intValue()) // prints 50
    console.log(ref.get(1).intValue()) // prints 51
    console.log(ref.get(2).intValue()) // prints 52
    console.log(ref.get(3).intValue()) // CRASH HERE (should print 53)

The crash detail: image

Trying a similar code in C++ it works fine

    flexbuffers::Builder fbb;

    fbb.Vector([&]() {

        fbb.Int(50);
        fbb.Int(51);
        fbb.Int(52);
        fbb.Int(53);
    });

    fbb.Finish();

    const std::vector<uint8_t> buffer = fbb.GetBuffer();
    print_buffer(buffer);
// This print the following vector: [4 50 51 52 53 4 4 4 4 8 40 1]

And if I try to parse this buffer it works fine in typescript

    const cppSerializedBuffer = new UInt8Array([4, 50, 51, 52, 53, 4, 4, 4, 4, 8, 40, 1])
    const ref = toReference(cppSerializedBuffer.buffer)
    console.log(ref.length()).toBe(4)
    console.log(ref.get(0).intValue()) // prints 50
    console.log(ref.get(1).intValue()) // prints 51
    console.log(ref.get(2).intValue()) // prints 52
    console.log(ref.get(3).intValue()) // prints 53
// works fine, and it doesn't crash

leanmendoza avatar Feb 03 '22 23:02 leanmendoza

Thanks for the report.

@bjornharrtell Can you take a look?

dbaileychess avatar Feb 04 '22 23:02 dbaileychess

any news on this ? @dbaileychess
Thanks in advance 😄

gonpombo8 avatar Mar 01 '22 18:03 gonpombo8

😢 @bjornharrtell @dbaileychess

gonpombo8 avatar Mar 28 '22 18:03 gonpombo8

I don't think I've used the one element at a time API, perhaps that is why I've not been hit by this problem.

bjornharrtell avatar Mar 28 '22 19:03 bjornharrtell

Sorry, I haven't use TS or flexbuffers myself, so I didn't investigate this.

// At this point serializedBuffer is Uint8Array(7) [50, 51, 52, 53, 4, 88, 1]

Shouldn't there be a 4 as the first item in the TS case? And it is missing the rest of the type values (4) for items 51, 52 and 53. So there appears to be some issue with the flexbuffer builder addInt()

dbaileychess avatar Mar 28 '22 19:03 dbaileychess

Ah didn't notice it was flexbuffers.. that is also a part I have never used. 😬

bjornharrtell avatar Mar 28 '22 19:03 bjornharrtell

This issue is stale because it has been open 6 months with no activity. Please comment or label not-stale, or this will be closed in 14 days.

github-actions[bot] avatar Mar 04 '23 01:03 github-actions[bot]

This issue was automatically closed due to no activity for 6 months plus the 14 day notice period.

github-actions[bot] avatar Mar 18 '23 20:03 github-actions[bot]