I want to use CTT in a CI environment for automatic testing. This bug makes this difficult to do.

Please send the dump to compliance@opcfoundation.org and we'll see if we find something. But I suspect we will need a chance to reproduce the issue by receiving the user defined script and probably even the test target.

During contact with Mr. Allmendinger who provided a exe with debug symbols I have now found the cause of the error:

I accidentally passed a too short array in UaVariant.setStringMatrix() (See Script).
UaVariant.setStringMatrix() does not check this. As a result, the internal array in UaVariant is too small. (1 string instead of 2 strings).

Write assumes that the array in the UaVariant is long enough and probably accesses heap memory that comes after the first string.
Depending on what is at this place in memory this works without error (this is the dynamic part).

On the server side this was not noticed because the corresponding test sub writes string ranges and the server detects this with
BadIndexRangeNoData (because not allowed). Thus the content of the array was not checked by the client.

UaVariant.setStringMatrix() should therefore check if the array has the correct size.

Script to reproduce. Tested with the demo server of the Unified Automation C++ SDK:

<code>
function test_write_matrix()
{
var node_id="ns=2;s=Demo.Static.Matrix.String"

//Vereinfachter Test (Zeigt auch den Fehler)
var index_range= '1,1,0:1' //Schreibt [1][1][0]="a", [1][1][1]="b": Good erwartet
//Dies entspricht dem Test bei der real Fehler auftrat: //Sub String ranges schrieben: BadIndexRangeNoData erwartet
//var index_range= '1,1,1,0:1'

var monitored_item= MonitoredItem.fromNodeIds(UaNodeId.fromString(node_id), undefined, index_range)[0];

var dimensions = new UaInt32s();
dimensions[0]=1;
dimensions[1]=1;
dimensions[2]=2;

var write_values = new UaStrings();
write_values[0]="a"
//write_values[1]="b" //ausversehen nur ein String Array mit einem Element angelegt

monitored_item.Value.Value.setStringMatrix( dimensions, write_values);

var res=WriteHelper.Execute( { NodesToWrite: monitored_item,
ServiceResults: new ExpectedAndAcceptedResults(StatusCode.Good),
OperationResults: new ExpectedAndAcceptedResults(StatusCode.Good),
ReadVerification: false });

if (!res)
{
addError( "Test write start value() failed" );
return false;
}

return true;
}
</code>

Test.Execute( { Procedure: test_write_matrix } );

You may have to run it a few times until it occurs. It occurs faster in the debugger.

We should ensure it does not crash (try/catch)

Will address this in a future release - not a high priority since script fixes can work around the problem