32 bit unsigned overflow in dcmjpeg/libsrc/djcodecd.cc

All other questions regarding DCMTK

Moderator: Moderator Team

Post Reply
Message
Author
Shaeto
Posts: 147
Joined: Tue, 2009-01-20, 17:50
Location: CA, USA
Contact:
Contact Shaeto

32 bit unsigned overflow in dcmjpeg/libsrc/djcodecd.cc

#1 Post by Shaeto »

dcmtk 3.6.7/3.6.8

file dcmjpeg/libsrc/djcodecd.cc

line 169:

result = uncompressedPixelData.createUint16Array(OFstatic_cast(Uint32, totalSize / sizeof(Uint16)), imageData16);
if (result.good())
{
....
}

in my example i have dicom containing 9825 8bit jpeg frames 1024x1024 frameSize=1048576
totalSize=10302259200, static cast produces value 856162304, so, result of createUint16Array is good() but decoder fails (of course) in line 190: jpeg->decode(..)

i _understand_ that this dicom can't be represented as an uncompressed little endian explicit but decoder shouldn't produce sigsegv anyway and return something like EC_MemoryExhausted
Top
J. Riesmeier
DCMTK Developer
Posts: 2506
Joined: Tue, 2011-05-03, 14:38
Location: Oldenburg, Germany
Contact:
Contact J. Riesmeier

Re: 32 bit unsigned overflow in dcmjpeg/libsrc/djcodecd.cc

#2 Post by J. Riesmeier »

Thank you for your report. In fact, this issue has been fixed only recently (i.e. after the release of DCMTK 3.6.8 ). See this commit: https://git.dcmtk.org/?p=dcmtk.git;a=co ... 4a6cce06dd
Top
Shaeto
Posts: 147
Joined: Tue, 2009-01-20, 17:50
Location: CA, USA
Contact:
Contact Shaeto

Re: 32 bit unsigned overflow in dcmjpeg/libsrc/djcodecd.cc

#3 Post by Shaeto »

Thank you! will try to cherry-pick this fix to 3.6.8
Top
Post Reply

Return to “DCMTK - General”

Who is online

Users browsing this forum: Baidu [Spider] and 1 guest