D: $dcmtk: findscu v3.6.5 2019-10-28 $
D: 
W: no data dictionary loaded, check environment variable: DCMDICTPATH
D: Request Parameters:
D: ====================== BEGIN A-ASSOCIATE-RQ =====================
D: Our Implementation Class UID:      1.2.276.0.7230010.3.0.3.6.5
D: Our Implementation Version Name:   OFFIS_DCMTK_365
D: Their Implementation Class UID:    
D: Their Implementation Version Name: 
D: Application Context Name:    1.2.840.10008.3.1.1.1
D: Calling Application Name:    FINDSCU
D: Called Application Name:     ANY-SCP
D: Responding Application Name: ANY-SCP
D: Our Max PDU Receive Size:    16384
D: Their Max PDU Receive Size:  0
D: Presentation Contexts:
D:   Context ID:        1 (Proposed)
D:     Abstract Syntax: =FINDModalityWorklistInformationModel
D:     Proposed SCP/SCU Role: Default
D:     Proposed Transfer Syntax(es):
D:       =LittleEndianExplicit
D:       =BigEndianExplicit
D:       =LittleEndianImplicit
D: Requested Extended Negotiation: none
D: Accepted Extended Negotiation:  none
D: Requested User Identity Negotiation: none
D: User Identity Negotiation Response:  none
D: ======================= END A-ASSOCIATE-RQ ======================
I: Requesting Association
T: DUL  FSM Table: State: 1 Event: 0
T: DUL  Event:  A-ASSOCIATE request (local user)
T: DUL  Action: AE 1 Transport Connect
T: Receiving data via select()
D: setting network send timeout to 60 seconds
D: setting network receive timeout to 60 seconds
T: checking whether environment variable TCP_BUFFER_LENGTH is set
T:   environment variable TCP_BUFFER_LENGTH not set, using the system defaults
T: checking whether environment variable TCP_NODELAY is set
T:   environment variable TCP_NODELAY not set, using the default value (0)
T: DUL  FSM Table: State: 4 Event: 1
T: DUL  Event:  Transport conn confirmation (local)
T: DUL  Action: AE 2 Send Associate RQ PDU
D: Constructing Associate RQ PDU
T: setting timeout for first PDU to be read to 1 seconds
T: Read PDU HEAD TCP: 02 f7 00 00 00 a4
T: Read PDU HEAD TCP: type: 02, length: 164 (a4)
T: DUL  FSM Table: State: 5 Event: 2
T: DUL  Event:  A-ASSOCIATE-AC PDU (on transport)
T: DUL  Action: AE 3 Associate Confirmation Accept
D: PDU Type: Associate Accept, PDU Length: 164 + 6 bytes PDU header
D:   02  f7  00  00  00  a4  b6  cd  b6  b6  b6  20  01  00  00  00
D:   d0  b6  b6  b6  b6  b6  b6  b6  00  80  b6  b6  b6  b6  b6  00
D:   06  b6  b6  80  00  b6  b6  b6  ff  ff  ff  00  00  00  00  00
D:   00  00  00  00  00  00  00  00  23  00  00  00  00  f7  00  00
D:   00  00  00  00  00  00  00  f2  4f  30  50  50  00  10  54  00
D:   00  04  00  00  00  80  54  00  00  04  00  00  00  00  10  00
D:   00  04  01  02  46  50  20  00  00  04  01  19  b6  5c  20  00
D:   00  04  01  00  46  50  50  00  00  10  54  00  00  04  00  00
D:   00  50  54  00  00  04  00  00  46  50  50  50  50  50  50  50
D:   50  50  50  50  50  50  50  50  50  50  50  50  50  50  50  50
D:   50  50  50  50  50  50  50  50  50  50
D: Parsing an A-ASSOCIATE PDU
T: PDU type: 2 (A-ASSOCIATE AC), PDU Length: 164
T: DICOM Protocol: b6cd
T: Called AP Title:   
T: Calling AP Title: 
T: Parsing remaining 96 bytes of A-ASSOCIATE PDU
T: Next item type: 50
T: Parsing user info field (50), Length: 16
T: Parsing remaining 16 bytes of User Information
T: Next item type: 54
T: Subitem parse: Type 54, Length 0004, Content: SOP Class:  SCU: 0 SCP: 128
T: Parsing remaining 8 bytes of User Information
T: Next item type: 54
T: Subitem parse: Type 54, Length 0004, Content: SOP Class:  SCU: 0 SCP: 0
T: Successfully parsed User Information
T: Parsing remaining 76 bytes of A-ASSOCIATE PDU
T: Next item type: 10
T: Subitem parse: Type 10, Length 0004, Content: FP
T: Successfully parsed Application Context
T: Parsing remaining 68 bytes of A-ASSOCIATE PDU
T: Next item type: 20
T: Parsing Presentation Context: (20), Length: 4
T: Presentation Context ID: 01
T: Successfully parsed Presentation Context
T: Parsing remaining 60 bytes of A-ASSOCIATE PDU
T: Next item type: 20
T: Parsing Presentation Context: (20), Length: 4
T: Presentation Context ID: 01
T: Successfully parsed Presentation Context
T: Parsing remaining 52 bytes of A-ASSOCIATE PDU
T: Next item type: 50
T: Parsing user info field (50), Length: 16
T: Parsing remaining 16 bytes of User Information
T: Next item type: 54
T: Subitem parse: Type 54, Length 0004, Content: SOP Class:  SCU: 0 SCP: 80
T: Parsing remaining 8 bytes of User Information
T: Next item type: 54
=================================================================
==7400==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x612000002cc8 at pc 0x557c8b6eb510 bp 0x7ffc2463e120 sp 0x7ffc2463e110
READ of size 1 at 0x612000002cc8 thread T0
    #0 0x557c8b6eb50f in OFStandard::my_strlcpy(char*, char const*, unsigned long) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/ofstd/libsrc/ofstd.cc:223
    #1 0x557c8b0e1809 in OFStandard::strlcpy(char*, char const*, unsigned long) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/ofstd/include/dcmtk/ofstd/ofstd.h:117
    #2 0x557c8b119cba in parseSCUSCPRole /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dulparse.cc:739
    #3 0x557c8b1157e5 in parseUserInfo /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dulparse.cc:532
    #4 0x557c8b10d164 in parseAssociate(unsigned char*, unsigned long, dul_associatepdu*) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dulparse.cc:247
    #5 0x557c8b0e5f39 in AE_3_AssociateConfirmationAccept /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dulfsm.cc:941
    #6 0x557c8b0e49e6 in PRV_StateMachine(PRIVATE_NETWORKKEY**, PRIVATE_ASSOCIATIONKEY**, int, int, void*) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dulfsm.cc:786
    #7 0x557c8b0c4056 in DUL_RequestAssociation(void**, DUL_BLOCKOPTIONS, int, DUL_ASSOCIATESERVICEPARAMETERS*, void**, int) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dul.cc:600
    #8 0x557c8b16c0c6 in ASC_requestAssociation(T_ASC_Network*, T_ASC_Parameters*, T_ASC_Association**, void**, unsigned long*, DUL_BLOCKOPTIONS, int) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/assoc.cc:1908
    #9 0x557c8b12e849 in DcmFindSCU::performQuery(char const*, unsigned int, char const*, char const*, char const*, E_TransferSyntax, T_DIMSE_BlockingMode, int, unsigned int, bool, bool, unsigned int, DcmFindSCUExtractMode, int, OFList<OFString>*, DcmFindSCUCallback*, OFList<OFString>*, char const*, char const*) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dfindscu.cc:282
    #10 0x557c8b0b9925 in main /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/apps/findscu.cc:425
    #11 0x7f1f986e4b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #12 0x557c8b0aed19 in _start (/media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/bin/findscu+0x99ad19)

0x612000002cc8 is located 0 bytes to the right of 264-byte region [0x612000002bc0,0x612000002cc8)
allocated by thread T0 here:
    #0 0x7f1f9a073b40 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb40)
    #1 0x557c8b1000c2 in readPDU /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dulfsm.cc:3317
    #2 0x557c8b0e5429 in AE_3_AssociateConfirmationAccept /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dulfsm.cc:916
    #3 0x557c8b0e49e6 in PRV_StateMachine(PRIVATE_NETWORKKEY**, PRIVATE_ASSOCIATIONKEY**, int, int, void*) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dulfsm.cc:786
    #4 0x557c8b0c4056 in DUL_RequestAssociation(void**, DUL_BLOCKOPTIONS, int, DUL_ASSOCIATESERVICEPARAMETERS*, void**, int) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dul.cc:600
    #5 0x557c8b16c0c6 in ASC_requestAssociation(T_ASC_Network*, T_ASC_Parameters*, T_ASC_Association**, void**, unsigned long*, DUL_BLOCKOPTIONS, int) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/assoc.cc:1908
    #6 0x557c8b12e849 in DcmFindSCU::performQuery(char const*, unsigned int, char const*, char const*, char const*, E_TransferSyntax, T_DIMSE_BlockingMode, int, unsigned int, bool, bool, unsigned int, DcmFindSCUExtractMode, int, OFList<OFString>*, DcmFindSCUCallback*, OFList<OFString>*, char const*, char const*) /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/libsrc/dfindscu.cc:282
    #7 0x557c8b0b9925 in main /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/dcmnet/apps/findscu.cc:425
    #8 0x7f1f986e4b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

SUMMARY: AddressSanitizer: heap-buffer-overflow /media/sf_share/dicomfuzzing/dcmtk_debug_sanitizers/ofstd/libsrc/ofstd.cc:223 in OFStandard::my_strlcpy(char*, char const*, unsigned long)
Shadow bytes around the buggy address:
  0x0c247fff8540: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c247fff8550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c247fff8560: 00 00 00 00 00 00 00 00 00 00 00 00 07 fa fa fa
  0x0c247fff8570: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c247fff8580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c247fff8590: 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa fa
  0x0c247fff85a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c247fff85b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c247fff85c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c247fff85d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c247fff85e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==7400==ABORTING

