ReadRange bug when response contains a special log record

[thomasbertanier-prog]

Hello

When reading a TREND_LOG that contains a special log record (e.g. log-interrupted), records after it are silently missing from the result — no error, no warning.

I spent some time debugging this with Wireshark and found that the raw UDP packet is perfectly valid and complete. The issue is in decodeRange.

What's happening

Special log records don't have status flags. A normal record ends with:

1f 2a 04 00   ← closing tag 1, opening tag 2, BIT_STRING, closing tag 2

A special record ends with just:

1f            ← closing tag 1, nothing after

But decodeRange unconditionally consumes 2 tags after the datum value without validating their tag numbers. So it reads into the bytes of the next record, shifts the offset by an unpredictable amount (depends on the byte values that follow), and loses sync for everything after.

The behavior is non-deterministic — sometimes records after the special one are silently dropped, sometimes the buffer appears truncated. Took a while to figure out why the same code would behave differently depending on which records were in the response.

Reproduction

const response = await client.readRange(
    { address: '10.x.x.x:47808' },
    { type: bacnet.ObjectType.TREND_LOG, instance: 100101 },
    startIndex, 20,
    {}
);
// response contains fewer records than expected
// no error thrown
// Wireshark shows the full response is received correctly

Thanks so much for the patch ;-)

Thomas

[robertsLando]

Hi Thomas and thanks for your issue! WOuld you like to submit a PR?

[thomasbertanier-prog]

Hi roberts,

Thanks for the quick response!
Unfortunately I don't feel confident enough with the codebase to submit a PR without risking introducing other issues 🤔

[robertsLando]

@thomasbertanier-prog could you test #77 ?

[thomasbertanier-prog]

Hi @robertsLando ,

Thanks for the quick fix! Just wanted to flag that my original issue was actually triggered by a time-change record (context tag 9), not a log-status record (context tag 0).

Here's what the special record looks like in Wireshark:

time change: 0.075000 (Real)
    Context Tag: 9, Length/Value/Type: 4

And the raw bytes:

0e [date 4B] 09 01 b4 [time 4B] 0f 1e 9c [float 3B] 1f
                                              ^^
                                        context tag 9, no status flags after

So the time-change case (and probably the other unhandled CHOICE alternatives mentioned in the Copilot review comment) would still cause the same offset corruption. ASHRAE 135 §12.25 lists quite a few alternatives in the log-datum CHOICE — it might be worth handling all of them, or at least making the parser resilient when it encounters an unknown tag rather than losing sync on subsequent records.

[thomasbertanier-prog]

Hi @robertsLando,

Just checking in — any update on PR #77 and the broader log-datum CHOICE handling I mentioned in my last comment?

No rush, just wanted to make sure it's still on the radar.

Thanks!
Thomas

[robertsLando]

@thomasbertanier-prog Sorry, have been super busy lately!

[thomasbertanier-prog]

Hi @robertsLando,

Just wanted to say a big thank you! I tested the fix and everything works perfectly now. Really appreciate your help 🙏

Thanks again,
Thomas