Project

General

Profile

Actions

Bug #1228

closed

Heap overflow when computing PDU length + safety margin

Added by Michael Onken 14 days ago. Updated 7 days ago.

Status:
Closed
Priority:
High
Assignee:
Category:
-
Target version:
-
Start date:
2026-06-19
Due date:
% Done:

0%

Estimated time:
Module:
dcmnet
Operating System:
Compiler:

Description

Fix potential heap overflow that could occur if the safety margin of 100 bytes added to the expected PDU length goes beyond the size of int, leading (through the sign flipping) to very large allocations.

The fix ensures that the buffer length (including safety margin) works and if larger than max PDU size (~4 GB), rejects the PDU.

Thanks to Dominik Blain for the report.

Actions

Also available in: Atom PDF