@TCL987 witnessed the issue and mentioned the following to me:
There's a few concerning potential memory issues here. There is a bounds check here but it only checks that the current offset fits.
// the inner while loop runs once per bundle element
while (MessageOffset < byteLength && !recurse)
Immediately afterwards it reads four more bytes without checking that they're in bounds, and then passes the uint it read into parser.IsBundleTagAtIndex without checking that it's in bounds.
var messageSize = (int) parser.MessageValues.ReadUIntIndex(MessageOffset);
var contentIndex = MessageOffset + 4;
if (parser.IsBundleTagAtIndex(contentIndex))
{
// this bundle element's contents are a bundle, break out to the outer loop to scan it
MessageOffset = contentIndex;
recurse = true;
continue;
}
Parser.IsBundleTagAtIndex doesn't do any bounds checks, and the caller isn't doing any either so it goes out of range and crashes.
Something caused an access violation in the OscParser.IsBundleTagAtIndex method.
@TCL987 witnessed the issue and mentioned the following to me:
There's a few concerning potential memory issues here. There is a bounds check here but it only checks that the current offset fits.
Immediately afterwards it reads four more bytes without checking that they're in bounds, and then passes the uint it read into parser.IsBundleTagAtIndex without checking that it's in bounds.
Parser.IsBundleTagAtIndex doesn't do any bounds checks, and the caller isn't doing any either so it goes out of range and crashes.