Actions
Bug #1228
closedHeap overflow when computing PDU length + safety margin
Start date:
2026-06-19
Due date:
% Done:
0%
Estimated time:
Module:
dcmnet
Operating System:
Compiler:
Description
Fix potential heap overflow that could occur if the safety margin of 100 bytes added to the expected PDU length goes beyond the size of int, leading (through the sign flipping) to very large allocations.
The fix ensures that the buffer length (including safety margin) works and if larger than max PDU size (~4 GB), rejects the PDU.
Thanks to Dominik Blain for the report.
Actions