Project

General

Profile

Bug #797

DcmPixelItem::createOffsetTable() does not check for 32-bit integer overflows (and other issues)

Added by Jörg Riesmeier about 1 month ago. Updated 21 days ago.

Status:
Closed
Priority:
Normal
Category:
Library
Target version:
Start date:
2017-10-13
Due date:
% Done:

100%

Module:
dcmdata
Operating System:
Compiler:

Description

The implementation of DcmPixelItem::createOffsetTable() adds the size of the individual frames specified by the given "offsetList". However, it does not check whether there is an 32-bit integer overflow (Uint32), which could happen since the number of pixel items (frames) in the pixel sequence is not limited (when using undefined length encoding).

Also, the name of the parameter "offsetList" is misleading since it does not store the offsets (start of each frame) but their sizes. In fact, the description "list of size entries for each individual encoded frame provided by the compression codec" is misleading in another aspect: the entries do not store the size of "each individual encoded frame" but the size of the pixel items (which includes the so-called item header = 8 bytes). Documentation and parameter naming should be improved.

History

#1 Updated by Jörg Riesmeier about 1 month ago

  • Description updated (diff)

#2 Updated by Jörg Riesmeier 21 days ago

  • % Done changed from 0 to 100
  • Assignee set to Jörg Riesmeier
  • Status changed from New to Closed
  • Description updated (diff)

Fixed by commit 1a777f3 and 250cf6f.

Also available in: Atom PDF