Actions
Bug #1229
closedHeap Overflow in DB_DuplicateElement (dcmqrdb)
Start date:
2026-06-19
Due date:
% Done:
0%
Estimated time:
Module:
dcmqrdb
Operating System:
Compiler:
Description
Using an int instead of size_t for computing the size of a buffer can make the int overflow and therefore create a much smaller buffer than actually needed.
Fix: Use a size_t cast (not int) for the malloc size so large ValueLength values can no longer truncate/sign-flip into an undersized buffer. Also run memset/memcpy only after the NULL check, avoiding a crash when the allocation fails.
Thanks to Dominik Blain for the report.
Actions