Buffer overflow with string procedureStepDescription #883
Comments
manicombinostics
changed the title
neurolabusc
added a commit
that referenced
this issue
Oct 25, 2024
|
Well spotted. This is fixed in the development branch. I have extended the space allocated to procedureStepDescription as you suggest. In addition, I use strncat() rather than strcat(). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have a study scanned with GE scanner and we have been using latest released dcm2niix (20240202) for conversion. We noticed that the conversion was working fine on Windows, but consistently crashing on Linux. Also, we noticed that the previous version (20230411) was running fine. Latest development version is also crashing.
I started digging deeper into this. The code was crashing with GCC consistently, but with Clang it was working. At first, I tried running AddressSanitizer checks with clang, but obviously it didn't produce anything. With GCC + Valgrind I started getting more results.
The crash happens here when executing strcat:
dcm2niix/console/nii_dicom_batch.cpp
Lines 6863 to 6866 in 2ffaba7
The crash happens because there is a buffer overflow. In this case the strings are the following:
d->procedureStepDescription = "MRI BRAIN WITH/WITHOUT CONTRAST plus NEURO QUANTIFICATION" (length = 57)
seqName = "Cube T2 FLAIR" (length = 13)
Their total length is 70 bytes, which exceeds the length of procedureStepDescription[kDICOMStr], where kDICOMStr = 66.
The maximum length of procedureStepDescription itself is fine by the standard. I can see in the other issue (#790) why strcat has been added.
I propose to increase the length of procedureStepDescription to remedy this issue, maybe with kDICOMStrLarge. At least with this change the code is working fine, but I guess it is up to you to evaluate if this creates other issues.
The text was updated successfully, but these errors were encountered: