Project

General

Profile

Actions

Bug #1228

closed

Heap overflow when computing PDU length + safety margin

Added by Michael Onken 14 days ago. Updated 7 days ago.

Status:
Closed
Priority:
High
Assignee:
Category:
-
Target version:
-
Start date:
2026-06-19
Due date:
% Done:

0%

Estimated time:
Module:
dcmnet
Operating System:
Compiler:

Description

Fix potential heap overflow that could occur if the safety margin of 100 bytes added to the expected PDU length goes beyond the size of int, leading (through the sign flipping) to very large allocations.

The fix ensures that the buffer length (including safety margin) works and if larger than max PDU size (~4 GB), rejects the PDU.

Thanks to Dominik Blain for the report.

Actions #1

Updated by Michael Onken 14 days ago

Fixed with commit 537815.

Actions #2

Updated by Michael Onken 7 days ago

  • Status changed from New to Closed
  • Private changed from Yes to No
Actions

Also available in: Atom PDF