I discovered a potential memory corruption when using Variant To Flattened String and Flattened String To Variant functions on Sets. Here is the test code:
In this example, the set is serialized and de-serialized without changing any data. The code runs in a loop to increase the chance of crashing LabVIEW.
Here is the type descriptor. If you are familiar with type descriptors, you'll notice that something is off:
Here is the translation:
0x0008 - Length of the type descriptor in bytes, including the length word (8 bytes) => OK 0x0073 - Data type (Set) => OK 0x0001 - Number of dimensions (a set is essentially an array with dimension size 1) => OK 0x0004 - Length of the type descriptor for the internal type in bytes, including the length word (4 bytes) => OK ???? - Type descriptor for the internal data type (should be 0x0008 for U64) => What is going on? It turns out that the last two bytes are truncated. The Flatten String To Variant function actually reports error 116, which makes sense because the type descriptor is incomplete, BUT it does not always return an error! In fact, half of the time, no error is reported and LabVIEW eventually crashes (most often after adding a label to the numeric type in the set constant). I believe that this corrupts memory, which eventually crashes LabVIEW. Here is a video that illustrates the behavior:
2021-02-06_13-43-58.mp4 Can somebody please confirm this issue?
LV2019SP1f3 (32-bit) Potential Memory Corruption when (de-)serializing Sets.vi
I need to pass some data to a DLL and need to pass the number of bytes I'm passing also.
I tried using 'cast' (should accept anything) for getting the memmap but this fails (polymorphic input cannot accept this datatype) due to an array inside the cluster.
Then I wanted to switch to 'flatten to string' for getting the same result and now the arraysize is prepended before the arraydata
I stripped down the code to the bare parts but I don't want to unbundle all elements from my original cluster, just for getting the size.
Attached you can find a LV8.5 version, the behaviour in LV 2010 SP1 is exactly the same.