Jump to content

Potential memory corruption when (de-)serializing Sets in LabVIEW 2019 SP1 f3 (32-bit)

LogMAN

By LogMAN
in LabVIEW Bugs

Recommended Posts

LogMAN Collaborator

LogMAN

Posted
Posted (edited)

I discovered a potential memory corruption when using Variant To Flattened String and Flattened String To Variant functions on Sets. Here is the test code:

2053102155_LV2019SP1f3(32-bit)PotentialMemoryCorruptionwhen(de-)serializingSets.png.e31ac61a8ef3ee1d71ad471d67565015.png

In this example, the set is serialized and de-serialized without changing any data. The code runs in a loop to increase the chance of crashing LabVIEW.

Here is the type descriptor. If you are familiar with type descriptors, you'll notice that something is off:

image.png.36fcb733de6a787b78776e473e0540d9.png

Here is the translation:

  • 0x0008 - Length of the type descriptor in bytes, including the length word (8 bytes) => OK
  • 0x0073 - Data type (Set) => OK
  • 0x0001 - Number of dimensions (a set is essentially an array with dimension size 1) => OK
  • 0x0004 - Length of the type descriptor for the internal type in bytes, including the length word (4 bytes) => OK
  • ???? - Type descriptor for the internal data type (should be 0x0008 for U64) => What is going on?

It turns out that the last two bytes are truncated. The Flatten String To Variant function actually reports error 116, which makes sense because the type descriptor is incomplete, BUT it does not always return an error! In fact, half of the time, no error is reported and LabVIEW eventually crashes (most often after adding a label to the numeric type in the set constant). I believe that this corrupts memory, which eventually crashes LabVIEW. Here is a video that illustrates the behavior:

Can somebody please confirm this issue?

LV2019SP1f3 (32-bit) Potential Memory Corruption when (de-)serializing Sets.vi

Edited by LogMAN
TD length is in Bytes
dadreamer Community Regular

dadreamer

Posted
Posted
Just now, LogMAN said:

Can somebody please confirm this issue?

I confirm that in LabVIEW 2020 (both 32- and 64-bit) on Windows. 32-bit LabVIEW dies silently in case of the error, whereas 64-bit LabVIEW shows the following report.

2021-02-06_18-36-55.jpg.ebb457b71304b51a07040dadd746625d.jpg

  • Thanks 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept