Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: dc...@packages.debian.org, ma...@debian.org Control: affects -1 + src:dcmtk User: release.debian....@packages.debian.org Usertags: pu
Hi stable release managers,
[ Reason ]
I would like to upload dcmtk version 3.6.7-9~deb12u2 in order to
fix a series of CVEs rated no-DSA affecting it. The precise
list of issues fixed is:
* CVE-2024-27628, or bug #1074483, which is about a risk of
buffer overflow;
* CVE-2024-34508 and CVE-2024-34509, which are both about a
segmentation fault, there are two references to the same
issue because one affects local I/O and the other network
I/O, I have not identified relevant bugs in the BTS;
* CVE-2024-47796, or bug #1093043, which is about an
out-of-bound write;
* CVE-2024-52333, or bug #1093047, which is another
out-of-bound write.
CVE-2024-28130 is notably /not/ fixed for now as I'm not that
comfortable with the codebase and changes were a bit involved.
I note that there has been a port of the fix for Debian LTS
bullseye, so I believe this should be manageable. There is
still room to amend the debdiff before upload, if someone comes
up with a fix, or to upload a later package version to fix that
last item.
[ Impact ]
Users of dcmtk and reverse dependencies in Debian bookworm will
remain affected by these multiple known issues if the package is
not updated. Also, users upgrading from Debian bullseye would
experience a regression in their security coverage, as all the
issues are already addressed in LTS.
[ Tests ]
dcmtk ships with extensive unit test, it also includes
autopkgtest, which I ran on amd64. In addition, I also made
sure that the set of changes did not introduce regressions in
reverse dependencies by running their autopkgtest when available
and by rebuilding reverse build-dependencies. I have seen no
regressions.
[ Risks ]
Except for CVE-2024-28130 which is left alone for now, the patch
set was not too involved: most upstream patches applied without
too much fuzz.
There may be a risk from 0011-CVE-2024-34508-34509_bis.patch as
it might be seen as hiding a problem by adjusting the test
suite after a regression from 0010-CVE-2024-34508-34509.patch,
and I'm not entirely confident about what happened for it to be
suddenly needed.
I identified 19 reverse dependencies and 34 reverse build
dependencies to dcmtk in bookworm, so an uncaught regression
could have some blast radius; I failed to identify anything
obvious by running autopkgtests and rebuilds though. All that
being said, dcmtk is not a key package.
[ Checklist ]
[*] *all* changes are documented in the d/changelog
[*] I reviewed all changes and I approve them
[*] attach debdiff against the package in (old)stable
[*] the issue is verified as fixed in unstable
[ Changes ]
This dcmtk package update introduces a number of patches to
address the vulnerability issues aforementioned.
0007-CVE-2024-47796.patch is an adjustment of upstream commit
89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6, commit which looks to
replace a default zero padding by another padding value that
ought to be valid and avoid the incident as far as I understood.
0008-CVE-2024-52333.patch is an adjustment of upstream commit
03e851b0586d05057c3268988e180ffb426b2e03 which looks to
introduce supplemental sanity checks to avoid the out-of-bound
write incident when handling malformed DICOM files.
0009-CVE-2024-27628.patch is an adjustment of upstream commit
ec52e99e1e33fc39810560421c0833b02da567b3 which looks to add
further sanity checks to issue errors instead of risking
overflows. It is worth noting that a good chunk of the changes
introduce an new set of unit tests to make sure the regression
is gone for good.
0010-CVE-2024-34508-34509.patch is an adjustment of upstream
commit c78e434c0c5f9d932874f0b17a8b4ce305ca01f5 which looks to
fix the segmentation fault by properly raising errors when DIMSE
messages are truncated instead of passing through. First hunk
defines the missing check and the second hunk injects the check
at the necessary location.
0011-CVE-2024-34508-34509_bis.patch is an adjustment of upstream
commit 66c317feae446deda1a389226aa24c95a0eeac4c. This commit
fixes test regressions which turn out to be introduced by
0010-CVE-2024-34508-34509.patch. I'm still somewhat wary that
this change is needed, because it feels like some API changed,
but I'm comforted by the fact that the two upstream commits have
been issued on 2024-03-13 and that there were no regressions in
build reverse-dependencies. Why the patch 0010 introduces such
regression in the first place still escapes my understanding.
[ Other info ]
As mentioned in the Reason paragraph, with only these changes,
CVE-2024-28130 would still affect dcmtk in bookworm. Also,
fixes exist for bullseye, so I guess something can be achieved
for bookworm too. The issue was tracked in #1070207 and history
suggests that given how involved the patch is, it has been
non-trivial to get the fixes applied to dcmtk in unstable before
availability of the newer upstream release; there was notably an
accidental ABI breakage.
Thank you for making it this far, this update felt more involved
than my average targeted fixes to bring to stable, so I thought
better to err on the side of caution and being explicit.
Have a nice day, :)
--
.''`. Étienne Mollier <emoll...@debian.org>
: :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da
`. `' sent from /dev/pts/1, please excuse my verbosity
`-
diff -Nru dcmtk-3.6.7/debian/changelog dcmtk-3.6.7/debian/changelog --- dcmtk-3.6.7/debian/changelog 2024-04-19 13:38:32.000000000 +0200 +++ dcmtk-3.6.7/debian/changelog 2025-02-01 20:09:27.000000000 +0100 @@ -1,3 +1,20 @@ +dcmtk (3.6.7-9~deb12u2) bookworm; urgency=medium + + * Team upload. + * 0007-CVE-2024-47796.patch: new. + This patch addresses CVE-2024-47796. (Closes: #1093043) + * 0008-CVE-2024-52333.patch: new. + This patch addresses CVE-2024-52333. (Closes: #1093047) + * 0009-CVE-2024-27628.patch: new. + This patch fixes CVE-2024-27628. (Closes: #1074483) + * 0010-CVE-2024-34508-34509.patch: new. + This patch fixes CVE-2024-34508 and CVE-2024-34509. + * 0011-CVE-2024-34508-34509_bis.patch: new. + This introduces upstream's fix to the test regression introduced by + the mitigation against CVE-2024-34508 and CVE-2024-34509. + + -- Étienne Mollier <emoll...@debian.org> Sat, 01 Feb 2025 20:09:27 +0100 + dcmtk (3.6.7-9~deb12u1) bookworm; urgency=medium * Team upload. diff -Nru dcmtk-3.6.7/debian/patches/0007-CVE-2024-47796.patch dcmtk-3.6.7/debian/patches/0007-CVE-2024-47796.patch --- dcmtk-3.6.7/debian/patches/0007-CVE-2024-47796.patch 1970-01-01 01:00:00.000000000 +0100 +++ dcmtk-3.6.7/debian/patches/0007-CVE-2024-47796.patch 2025-01-30 19:29:27.000000000 +0100 @@ -0,0 +1,33 @@ +Author: Joerg Riesmeier <di...@jriesmeier.com> +Forwarded: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=89a6e399f1e17d08a8bc8cdaa05b2ac9a50cd4f6 +Bug-Debian: https://bugs.debian.org/1093043 +Reviewed-By: Étienne Mollier <emoll...@debian.org> +Last-Update: 2025-01-18 +Description: Fixed issue rendering invalid monochrome image. + Fixed issue when rendering an invalid monochrome DICOM image where the + number of pixels stored does not match the expected number of pixels. + If the stored number is less than the expected number, the rest of the + pixel matrix for the intermediate representation was always filled with + the value 0. Under certain, very rare conditions, this could result in + memory problems reported by an Address Sanitizer (ASAN). Now, the rest + of the matrix is filled with the smallest possible value for the image. + . + Thanks to Emmanuel Tacheau from the Cisco Talos team + <vulndiscov...@external.cisco.com> for the original report, the sample + file (PoC) and further details. See TALOS-2024-2122 and CVE-2024-47796. + +diff --git a/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h b/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h +index e749a6b16e9f1af9a1459875aef5b7ab308c3987..50389a5407ec3e913446c2e6ba8c6c68047edaf8 100644 (file) +--- a/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h ++++ b/dcmimgle/include/dcmtk/dcmimgle/dimoipxt.h +@@ -72,9 +72,9 @@ class DiMonoInputPixelTemplate + rescale(pixel); // "copy" or reference pixel data + this->determineMinMax(OFstatic_cast(T3, this->Modality->getMinValue()), OFstatic_cast(T3, this->Modality->getMaxValue())); + } +- /* erase empty part of the buffer (= blacken the background) */ ++ /* erase empty part of the buffer (= fill the background with the smallest possible value) */ + if ((this->Data != NULL) && (this->InputCount < this->Count)) +- OFBitmanipTemplate<T3>::zeroMem(this->Data + this->InputCount, this->Count - this->InputCount); ++ OFBitmanipTemplate<T3>::setMem(this->Data + this->InputCount, OFstatic_cast(T3, this->Modality->getAbsMinimum()), this->Count - this->InputCount); + } + } diff -Nru dcmtk-3.6.7/debian/patches/0008-CVE-2024-52333.patch dcmtk-3.6.7/debian/patches/0008-CVE-2024-52333.patch --- dcmtk-3.6.7/debian/patches/0008-CVE-2024-52333.patch 1970-01-01 01:00:00.000000000 +0100 +++ dcmtk-3.6.7/debian/patches/0008-CVE-2024-52333.patch 2025-01-30 19:40:37.000000000 +0100 @@ -0,0 +1,48 @@ +Author: Joerg Riesmeier <di...@jriesmeier.com> +Forwarded: https://git.dcmtk.org/?p=dcmtk.git;a=commit;h=03e851b0586d05057c3268988e180ffb426b2e03 +Bug-Debian: https://bugs.debian.org/1093047 +Reviewed-By: Étienne Mollier <emoll...@debian.org> +Last-Update: 2025-01-18 +Description: Added check to make sure: HighBit < BitsAllocated. + Added check to the image preprocessing to make sure that the value of + HighBit is always less than the value of BitsAllocated. Before, this + missing check could lead to memory corruption if an invalid combination + of values was retrieved from a malformed DICOM dataset. + . + Thanks to Emmanuel Tacheau from the Cisco Talos team + <vulndiscov...@external.cisco.com> for the report, sample file (PoC) + and detailed analysis. See TALOS-2024-2121 and CVE-2024-52333. + +--- dcmtk.orig/dcmimgle/libsrc/diimage.cc ++++ dcmtk/dcmimgle/libsrc/diimage.cc +@@ -1,6 +1,6 @@ + /* + * +- * Copyright (C) 1996-2021, OFFIS e.V. ++ * Copyright (C) 1996-2025, OFFIS e.V. + * All rights reserved. See COPYRIGHT file for details. + * + * This software and supporting documentation were developed by +@@ -548,12 +548,18 @@ + { + const unsigned long fsize = OFstatic_cast(unsigned long, Rows) * OFstatic_cast(unsigned long, Columns) * + OFstatic_cast(unsigned long, SamplesPerPixel); +- if ((BitsAllocated < 1) || (BitsStored < 1) || (BitsAllocated < BitsStored) || +- (BitsStored > OFstatic_cast(Uint16, HighBit + 1))) ++ if ((BitsAllocated < 1) || (BitsStored < 1)) + { + ImageStatus = EIS_InvalidValue; +- DCMIMGLE_ERROR("invalid values for 'BitsAllocated' (" << BitsAllocated << "), " +- << "'BitsStored' (" << BitsStored << ") and/or 'HighBit' (" << HighBit << ")"); ++ DCMIMGLE_ERROR("invalid value(s) for 'BitsAllocated' (" << BitsAllocated << "), " ++ << "and/or 'BitsStored' (" << BitsStored << ")"); ++ return; ++ } ++ else if ((BitsAllocated < BitsStored) || (BitsAllocated <= HighBit) || ((BitsStored - 1) > HighBit)) ++ { ++ ImageStatus = EIS_InvalidValue; ++ DCMIMGLE_ERROR("invalid combination of values for 'BitsAllocated' (" << BitsAllocated << "), " ++ << "'BitsStored' (" << BitsStored << ") and 'HighBit' (" << HighBit << ")"); + return; + } + else if ((evr == EVR_OB) && (BitsStored <= 8)) diff -Nru dcmtk-3.6.7/debian/patches/0009-CVE-2024-27628.patch dcmtk-3.6.7/debian/patches/0009-CVE-2024-27628.patch --- dcmtk-3.6.7/debian/patches/0009-CVE-2024-27628.patch 1970-01-01 01:00:00.000000000 +0100 +++ dcmtk-3.6.7/debian/patches/0009-CVE-2024-27628.patch 2025-01-30 20:21:21.000000000 +0100 @@ -0,0 +1,607 @@ +Author: Michael Onken <on...@open-connections.de> +Forwarded: https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074483 +Reviewed-By: Étienne Mollier <emoll...@debian.org> +Last-Update: 2025-01-30 +Description: Fixed possible overflows when allocating memory. + Thanks to GitHub user "bananabr" (Daniel Berredo) for the report and + suggested patch. + +--- dcmtk.orig/dcmect/libsrc/enhanced_ct.cc ++++ dcmtk/dcmect/libsrc/enhanced_ct.cc +@@ -24,6 +24,7 @@ + #include "dcmtk/dcmect/types.h" + #include "dcmtk/dcmfg/concatenationcreator.h" + #include "dcmtk/dcmfg/concatenationloader.h" ++#include "dcmtk/dcmfg/fgtypes.h" + #include "dcmtk/dcmiod/iodutil.h" + #include "dcmtk/dcmiod/modimagepixel.h" + +@@ -100,8 +101,19 @@ + m_CT.getRows(rows); + m_CT.getColumns(cols); + const size_t numFrames = m_CT.m_Frames.size(); ++ if (numFrames > 2147483647) ++ { ++ DCMECT_ERROR("More than 2147483647 frames provided"); ++ return FG_EC_PixelDataTooLarge; ++ } ++ const size_t numPixelsFrame = OFstatic_cast(size_t, rows) * OFstatic_cast(size_t, cols); + const size_t numBytesFrame = m_CT.m_Frames[0]->length; +- const size_t numPixelsFrame = rows * cols; ++ if (numBytesFrame != numPixelsFrame * 2) ++ { ++ DCMECT_ERROR("Invalid number of bytes per frame: Expected " << numPixelsFrame * 2 << " but got " ++ << numBytesFrame << " frame pixel data"); ++ return ECT_InvalidPixelInfo; ++ } + // Creates the correct pixel data element, based on the image pixel module used. + DcmPixelData* pixData = new DcmPixelData(DCM_PixelData); + OFCondition result; +--- dcmtk.orig/dcmect/tests/CMakeLists.txt ++++ dcmtk/dcmect/tests/CMakeLists.txt +@@ -2,6 +2,7 @@ + DCMTK_ADD_EXECUTABLE(dcmect_tests + tests.cc + t_huge_concat.cc ++ t_overflow.cc + t_roundtrip.cc + ) + +--- dcmtk.orig/dcmect/tests/Makefile.dep ++++ dcmtk/dcmect/tests/Makefile.dep +@@ -188,6 +188,157 @@ + ../../dcmfg/include/dcmtk/dcmfg/fgrealworldvaluemapping.h \ + ../../dcmiod/include/dcmtk/dcmiod/iodcontentitemmacro.h \ + ../../dcmfg/include/dcmtk/dcmfg/fgtemporalposition.h ++t_overflow.o: t_overflow.cc ../../config/include/dcmtk/config/osconfig.h \ ++ ../include/dcmtk/dcmect/enhanced_ct.h ../include/dcmtk/dcmect/def.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofexport.h \ ++ ../include/dcmtk/dcmect/types.h ../../oflog/include/dcmtk/oflog/oflog.h \ ++ ../../oflog/include/dcmtk/oflog/logger.h \ ++ ../../oflog/include/dcmtk/oflog/config.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofdefine.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofcast.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofstdinc.h \ ++ ../../oflog/include/dcmtk/oflog/config/defines.h \ ++ ../../oflog/include/dcmtk/oflog/helpers/threadcf.h \ ++ ../../oflog/include/dcmtk/oflog/loglevel.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofvector.h \ ++ ../../ofstd/include/dcmtk/ofstd/oftypes.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofstream.h \ ++ ../../oflog/include/dcmtk/oflog/tstring.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofstring.h \ ++ ../../oflog/include/dcmtk/oflog/tchar.h \ ++ ../../oflog/include/dcmtk/oflog/spi/apndatch.h \ ++ ../../oflog/include/dcmtk/oflog/appender.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofmem.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofutil.h \ ++ ../../ofstd/include/dcmtk/ofstd/oftraits.h \ ++ ../../ofstd/include/dcmtk/ofstd/variadic/tuplefwd.h \ ++ ../../oflog/include/dcmtk/oflog/layout.h \ ++ ../../oflog/include/dcmtk/oflog/streams.h \ ++ ../../oflog/include/dcmtk/oflog/helpers/pointer.h \ ++ ../../oflog/include/dcmtk/oflog/thread/syncprim.h \ ++ ../../oflog/include/dcmtk/oflog/spi/filter.h \ ++ ../../oflog/include/dcmtk/oflog/helpers/lockfile.h \ ++ ../../oflog/include/dcmtk/oflog/spi/logfact.h \ ++ ../../oflog/include/dcmtk/oflog/logmacro.h \ ++ ../../oflog/include/dcmtk/oflog/helpers/snprintf.h \ ++ ../../oflog/include/dcmtk/oflog/tracelog.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofcond.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofdiag.h \ ++ ../../ofstd/include/dcmtk/ofstd/diag/push.def \ ++ ../../ofstd/include/dcmtk/ofstd/diag/useafree.def \ ++ ../../ofstd/include/dcmtk/ofstd/diag/pop.def \ ++ ../../dcmfg/include/dcmtk/dcmfg/fginterface.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fg.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgbase.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcitem.h \ ++ ../../ofstd/include/dcmtk/ofstd/offile.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofstd.h \ ++ ../../ofstd/include/dcmtk/ofstd/oflist.h \ ++ ../../ofstd/include/dcmtk/ofstd/oflimits.h \ ++ ../../config/include/dcmtk/config/arith.h \ ++ ../../ofstd/include/dcmtk/ofstd/oferror.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dctypes.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcdefine.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcobject.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofglobal.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofthread.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcerror.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcxfer.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvr.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dctag.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dctagkey.h \ ++ ../../ofstd/include/dcmtk/ofstd/diag/ignrattr.def \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcstack.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dclist.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcpcache.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgtypes.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgdefine.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofmap.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/iodimage.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/iodcommn.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/iodrules.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/iodtypes.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/ioddef.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modcommoninstanceref.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/iodmacro.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcdeftag.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrlo.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcchrstr.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcbytstr.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcelem.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvris.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrus.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrlt.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrcs.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrpn.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modbase.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/iodreferences.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modequipment.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modfor.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modgeneralseries.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modgeneralstudy.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modpatient.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modpatientstudy.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modsopcommon.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modgeneralimage.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modimagepixelvariant.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modimagepixelbase.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofvriant.h \ ++ ../../ofstd/include/dcmtk/ofstd/variadic/variant.h \ ++ ../../ofstd/include/dcmtk/ofstd/variadic/helpers.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofalign.h \ ++ ../../ofstd/include/dcmtk/ofstd/diag/cnvrsn.def \ ++ ../../ofstd/include/dcmtk/ofstd/diag/vsprfw.def \ ++ ../../ofstd/include/dcmtk/ofstd/diag/arrybnds.def \ ++ ../../ofstd/include/dcmtk/ofstd/diag/unrefprm.def \ ++ ../../dcmiod/include/dcmtk/dcmiod/modacquisitioncontext.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modenhequipment.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modimagepixel.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modmultiframedimension.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modmultiframefg.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/modsynchronisation.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrdt.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofdatime.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofdate.h \ ++ ../../ofstd/include/dcmtk/ofstd/oftime.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrds.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrfd.h \ ++ ../../ofstd/include/dcmtk/ofstd/oftempf.h \ ++ ../../ofstd/include/dcmtk/ofstd/oftest.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofconapp.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofcmdln.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofexbl.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofconsol.h \ ++ ../../ofstd/include/dcmtk/ofstd/ofexit.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcuid.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcdict.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dchashdi.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcfilefo.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcsequen.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcdatset.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgctacquisitiondetails.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgctacquisitiontype.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgctadditionalxraysource.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrfl.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrsh.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgctexposure.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgctgeometry.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgctimageframetype.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgctposition.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgctreconstruction.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgcttabledynamics.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgctxraydetails.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgfracon.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrul.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgframeanatomy.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgirradiationeventid.h \ ++ ../../dcmdata/include/dcmtk/dcmdata/dcvrui.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgpixeltransform.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgpixmsr.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgplanor.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgplanpo.h \ ++ ../../dcmfg/include/dcmtk/dcmfg/fgrealworldvaluemapping.h \ ++ ../../dcmiod/include/dcmtk/dcmiod/iodcontentitemmacro.h + t_roundtrip.o: t_roundtrip.cc \ + ../../config/include/dcmtk/config/osconfig.h \ + ../../ofstd/include/dcmtk/ofstd/ofmem.h \ +--- dcmtk.orig/dcmect/tests/Makefile.in ++++ dcmtk/dcmect/tests/Makefile.in +@@ -22,10 +22,10 @@ + -L$(dcmdatadir)/libsrc -L$(dcmioddir)/libsrc -L$(dcmfgdir)/libsrc + LOCALLIBS = -ldcmect -ldcmfg -ldcmiod -ldcmdata -loflog -lofstd $(ZLIBLIBS) \ + $(CHARCONVLIBS) $(MATHLIBS) +-LOCALINCLUDES = -I$(top_srcdir)/include -I$(ofstddir)/include -I$(oflogdir)/include \ ++LOCALINCLUDES = -I$(top_srcdir)/include -I$(configdir)/include -I$(ofstddir)/include -I$(oflogdir)/include \ + -I$(dcmdatadir)/include -I$(dcmioddir)/include -I$(dcmfgdir)/include + +-test_objs = tests.o t_huge_concat.o t_roundtrip.o ++test_objs = tests.o t_huge_concat.o t_overflow.cc t_roundtrip.o + objs = $(test_objs) + progs = tests + +--- /dev/null ++++ dcmtk/dcmect/tests/t_overflow.cc +@@ -0,0 +1,362 @@ ++/* ++ * ++ * Copyright (C) 2024, OFFIS e.V. ++ * All rights reserved. See COPYRIGHT file for details. ++ * ++ * This software and supporting documentation were developed by ++ * ++ * OFFIS e.V. ++ * R&D Division Health ++ * Escherweg 2 ++ * D-26121 Oldenburg, Germany ++ * ++ * ++ * Module: dcmect ++ * ++ * Author: Daniel Berredo / Michael Onken ++ * ++ * Purpose: Tests that check for pixel data overflow conditions ++ * ++ */ ++ ++ ++#include <dcmtk/config/osconfig.h> /* make sure OS specific configuration is included first */ ++ ++#include <dcmtk/dcmect/enhanced_ct.h> ++ ++#include <dcmtk/ofstd/oftempf.h> ++#include <dcmtk/ofstd/oftest.h> ++ ++#include <dcmtk/dcmdata/dcdict.h> ++#include <dcmtk/dcmdata/dcfilefo.h> ++ ++#include <dcmtk/dcmfg/fgctacquisitiondetails.h> ++#include <dcmtk/dcmfg/fgctacquisitiontype.h> ++#include <dcmtk/dcmfg/fgctadditionalxraysource.h> ++#include <dcmtk/dcmfg/fgctexposure.h> ++#include <dcmtk/dcmfg/fgctgeometry.h> ++#include <dcmtk/dcmfg/fgctimageframetype.h> ++#include <dcmtk/dcmfg/fgctposition.h> ++#include <dcmtk/dcmfg/fgctreconstruction.h> ++#include <dcmtk/dcmfg/fgcttabledynamics.h> ++#include <dcmtk/dcmfg/fgctxraydetails.h> ++#include <dcmtk/dcmfg/fgfracon.h> ++#include <dcmtk/dcmfg/fgframeanatomy.h> ++#include <dcmtk/dcmfg/fgirradiationeventid.h> ++#include <dcmtk/dcmfg/fgpixeltransform.h> ++#include <dcmtk/dcmfg/fgpixmsr.h> ++#include <dcmtk/dcmfg/fgplanor.h> ++#include <dcmtk/dcmfg/fgplanpo.h> ++#include <dcmtk/dcmfg/fgrealworldvaluemapping.h> ++ ++static const Uint16 NUM_ROWS = 1024; ++static const Uint16 NUM_COLS = 1; ++static const Uint16 NUM_FRAMES = 2; ++static const size_t NUM_PIXELS_PER_FRAME = 1; ++ ++static OFString EXPECTED_DUMP; ++ ++static EctEnhancedCT *create(); ++static void configureIOD(EctEnhancedCT *ct); ++static void setGenericValues(EctEnhancedCT *ct); ++static void addSharedFGs(EctEnhancedCT *ct); ++static void addFrames(EctEnhancedCT *ct); ++static void addDimensions(EctEnhancedCT *ct); ++ ++ ++OFTEST(dcmect_overflow) ++{ ++ /* make sure data dictionary is loaded */ ++ if (!dcmDataDict.isDictionaryLoaded()) ++ { ++ OFCHECK(dcmDataDict.isDictionaryLoaded()); ++ } ++ ++ // Creation ++ EctEnhancedCT *ct = create(); ++ configureIOD(ct); ++ setGenericValues(ct); ++ addSharedFGs(ct); ++ addFrames(ct); ++ addDimensions(ct); ++ ++ // Write to dataset and compare its dump with expected result ++ DcmFileFormat dcmff; ++ ++ OFTempFile tf(O_RDWR, "", "t_overflow", ".dcm"); ++ OFCondition result; ++ result = ct->saveFile("output.dcm", EXS_LittleEndianExplicit); ++ OFCHECK(result == ECT_InvalidPixelInfo); ++} ++ ++static EctEnhancedCT *create() ++{ ++ IODEnhGeneralEquipmentModule::EquipmentInfo eq("Open Connections", "OC CT", "4711", "0.1"); ++ EctEnhancedCT *ct = NULL; ++ OFCondition result; ++ result = EctEnhancedCT::create(ct, ++ NUM_ROWS, ++ NUM_COLS, ++ OFFalse, ++ EctTypes::E_ImageType1_Original, ++ EctTypes::DT_ImageType3_Volume, ++ EctTypes::DT_ImageType4_Maximum, ++ "1" /* instance number */, ++ EctTypes::E_ContQuali_Research, ++ EctTypes::E_PixelPres_Monochrome, ++ EctTypes::E_VolProps_Volume, ++ EctTypes::DT_VolBasedCalcTechnique_VolumeRender, ++ eq, ++ "20190801120000" /* acquisition date */, ++ 2.0 /* acquisition duration */); ++ ++ OFCHECK(result.good()); ++ OFCHECK(ct != OFnullptr); ++ return ct; ++} ++ ++static void configureIOD(EctEnhancedCT *ct) ++{ ++ if (!ct) ++ return; ++} ++ ++static void setGenericValues(EctEnhancedCT *ct) ++{ ++ if (!ct) ++ return; ++ OFCHECK(ct->getPatient().setPatientName("Bond^James").good()); ++ OFCHECK(ct->getPatient().setPatientID("007").good()); ++ OFCHECK(ct->getPatient().setPatientBirthDate("19771007").good()); ++ OFCHECK(ct->getStudy().setStudyDate("20190801").good()); ++ OFCHECK(ct->getStudy().setStudyTime("120000").good()); ++ OFCHECK(ct->getStudy().setStudyID("1").good()); ++ OFCHECK(ct->getPatientStudy().setPatientAge("040Y").good()); ++ OFCHECK(ct->getSeries().setSeriesDescription("Test Description").good()); ++ OFCHECK(ct->getSeries().setSeriesNumber("1").good()); ++ OFCHECK(ct->getSeries().setPatientPosition("HFS").good()); ++ ++ // Those values are usually computed automatically. UIDS are generated and date/times are set to current values. ++ // But in order to compare the "old" dump with the freshly created image attributes, we set some values manually, ++ // so that they are not overwritten with new, automatically created values later. ++ OFCHECK(ct->getStudy().setStudyInstanceUID("1.2.276.0.7230010.3.1.2.8323329.14863.1565940357.864811").good()); ++ OFCHECK(ct->getFrameOfReference().setFrameOfReferenceUID("2.25.30853397773651184949181049330553108086").good()); ++ OFCHECK(ct->getSeries().setSeriesInstanceUID("1.2.276.0.7230010.3.1.3.8323329.14863.1565940357.864812").good()); ++ OFCHECK(ct->getSOPCommon().setSOPInstanceUID("1.2.276.0.7230010.3.1.4.8323329.14863.1565940357.864813").good()); ++ ++ OFCHECK(ct->getIODMultiFrameFGModule().setContentTime("092557").good()); ++ OFCHECK(ct->getIODMultiFrameFGModule().setContentDate("20190816").good()); ++} ++ ++static void addSharedFGs(EctEnhancedCT *ct) ++{ ++ if (!ct) ++ return; ++ ++ FGPixelMeasures meas; ++ OFCHECK(meas.setPixelSpacing("0.1\\0.1").good()); ++ OFCHECK(meas.setSliceThickness("1.0").good()); ++ OFCHECK(meas.setSpacingBetweenSlices("0.05").good()); ++ ++ FGPlanePosPatient planpo; ++ OFCHECK(planpo.setImagePositionPatient("0.0", "0.0", "0.0").good()); ++ ++ FGPlaneOrientationPatient planor; ++ OFCHECK(planor.setImageOrientationPatient("1.0", "0.0", "0.0", "0.0", "1.0", "0.0").good()); ++ ++ FGFrameAnatomy ana; ++ OFCHECK(ana.setLaterality(FGFrameAnatomy::LATERALITY_BOTH).good()); ++ OFCHECK(ana.getAnatomy().getAnatomicRegion().set("12738006", "SCT", "Brain").good()); ++ ++ FGIrradiationEventIdentification irr; ++ OFCHECK(irr.setIrradiationEventUID("2.25.30853892236613436472911970638347155062").good()); ++ ++ FGCTImageFrameType itype; ++ OFCHECK(itype.setFrameType("ORIGINAL\\PRIMARY\\VOLUME\\MAXIMUM").good()); ++ OFCHECK(itype.setPixelPresentation(FGCTImageFrameType::E_PixelPres_Monochrome).good()); ++ OFCHECK(itype.setVolumetricProperties(FGCTImageFrameType::E_VolProp_Volume).good()); ++ OFCHECK(itype.setVolumeBasedCalculationTechnique(FGCTImageFrameType::DT_VolBasedCalcTechnique_VolumeRender).good()); ++ ++ FGCTAcquisitionType atype; ++ OFCHECK(atype.setAcquisitionType(FGCTAcquisitionType::DT_AcquisitionType_ConstantAngle).good()); ++ OFCHECK(atype.setTubeAngle(0.1).good()); ++ OFCHECK(atype.setConstantVolumeFlag(FGCTAcquisitionType::E_ConstVol_Yes).good()); ++ OFCHECK(atype.setFluoroscopyFlag(FGCTAcquisitionType::E_Fluoroscopy_No).good()); ++ ++ FGCTAcquisitionDetails adetails; ++ FGCTAcquisitionDetails::FGCTAcquisitionDetailsItem *item = new FGCTAcquisitionDetails::FGCTAcquisitionDetailsItem(); ++ OFCHECK(item->setRotationDirection(FGCTAcquisitionDetails::E_RotationDirection_CW).good()); ++ OFCHECK(item->setRevolutionTime(5).good()); ++ OFCHECK(item->setSingleCollimationWidth(1).good()); ++ OFCHECK(item->setTotalCollimationWidth(10).good()); ++ OFCHECK(item->setTableHeight(50).good()); ++ OFCHECK(item->setGantryDetectorTilt(5).good()); ++ OFCHECK(item->setDataCollectionDiameter(20).good()); ++ adetails.getCTAcquisitionDetailsItems().push_back(item); ++ ++ FGCTTableDynamics dyn; ++ FGCTTableDynamics::FGCTTableDynamicsItem *dyn_item = new FGCTTableDynamics::FGCTTableDynamicsItem; ++ OFCHECK(dyn_item); ++ if (dyn_item) ++ { ++ OFCHECK(dyn_item->setTableSpeed(1.0).good()); ++ OFCHECK(dyn_item->setTableFeedPerRotation(0.1).good()); ++ OFCHECK(dyn_item->setSpiralPitchFactor(0.2).good()); ++ dyn.getCTTableDynamicsItems().push_back(dyn_item); ++ } ++ ++ FGCTPosition pos; ++ OFCHECK(pos.setTablePosition(100.0).good()); ++ OFCHECK(pos.setReconstructionTargetCenterPatient(OFVector<Float64>(3, 1.0)).good()); ++ OFCHECK(pos.setDataCollectionCenterPatient(OFVector<Float64>(3, 2.0)).good()); ++ ++ FGCTGeometry geo; ++ FGCTGeometry::FGCTGeometryItem *geo_item = new FGCTGeometry::FGCTGeometryItem; ++ if (geo_item) ++ { ++ OFCHECK(geo_item->setDistanceSourceToDataCollectionCenter(5.0).good()); ++ OFCHECK(geo_item->setDistanceSourceToDetector(0.5).good()); ++ geo.getCTGeometryItems().push_back(geo_item); ++ } ++ ++ FGCTReconstruction rec; ++ OFCHECK(rec.setConvolutionKernel("DUMMY").good()); ++ OFCHECK(rec.setConvolutionKernelGroup("DUMMYGROUP").good()); ++ OFCHECK(rec.setImageFilter("FILTER").good()); ++ OFCHECK(rec.setReconstructionAlgorithm("ALGO").good()); ++ OFCHECK(rec.setReconstructionAngle(90.0).good()); ++ OFCHECK(rec.setReconstructionDiameter(100.0).good()); ++ // Not permitted if Reconstruction Diameter is provided instead ++ // OFCHECK(rec.setReconstructionFieldOfView(100.0, 100.0).good()); ++ OFCHECK(rec.setReconstructionPixelSpacing(0.1, 0.1).good()); ++ ++ FGCTExposure exp; ++ FGCTExposure::FGCTExposureItem *exp_item = new FGCTExposure::FGCTExposureItem; ++ if (exp_item) ++ { ++ OFCHECK(exp_item->setCTDIVol(0.1).good()); ++ CodeSequenceMacro *phantom_item = new CodeSequenceMacro("113682", "DCM", "ACR Accreditation Phantom - CT"); ++ exp_item->getCTDIPhantomTypeCodeSequence().push_back(phantom_item); ++ OFCHECK(exp_item->setExposureInMas(0.3).good()); ++ OFCHECK(exp_item->setExposureModulationType("WEIRD").good()); ++ OFCHECK(exp_item->setExposureTimeInMs(0.4).good()); ++ OFCHECK(exp_item->setImageAndFluoroscopyAreaDoseProduct(0.5).good()); ++ OFCHECK(exp_item->setWaterEquivalentDiameter(0.6).good()); ++ CodeSequenceMacro *water_code = new CodeSequenceMacro("113987", "DCM", "AAPM 220"); ++ exp_item->getWaterEquivalentDiameterCalculationMethodCodeSequence().push_back(water_code); ++ OFCHECK(exp_item->setXRayTubeCurrentInMa(0.7).good()); ++ exp.getCTExposureItems().push_back(exp_item); ++ } ++ ++ FGCTXRayDetails det; ++ FGCTXRayDetails::FGCTXRayDetailsItem *det_item = new FGCTXRayDetails::FGCTXRayDetailsItem; ++ if (det_item) ++ { ++ OFCHECK(det_item->setCalciumScoringMassFactorDevice(OFVector<Float32>(3, 1)).good()); ++ OFCHECK(det_item->setCalciumScoringMassFactorPatient(2).good()); ++ OFCHECK(det_item->setEnergyWeightingFactor(3).good()); ++ OFCHECK(det_item->setFilterMaterial("FILTER_MATERIAL").good()); ++ OFCHECK(det_item->setFilterType("FILTER_TYPE").good()); ++ OFCHECK(det_item->setFocalSpots(OFVector<Float64>(4, 4.4)).good()); ++ OFCHECK(det_item->setKVP(5.0).good()); ++ det.getCTXRayDetailsItems().push_back(det_item); ++ } ++ ++ FGPixelValueTransformation trans; ++ trans.setFGType(FGPixelValueTransformation::E_PixelValTrans_CT); ++ trans.setRescaleIntercept("0"); ++ trans.setRescaleSlope("1"); ++ trans.setRescaleType("HU"); ++ ++ FGCTAdditionalXRaySource asrc; ++ FGCTAdditionalXRaySource::FGCTAdditionalXRaySourceItem *asrc_item = new FGCTAdditionalXRaySource::FGCTAdditionalXRaySourceItem; ++ if (asrc_item) ++ { ++ OFCHECK(asrc_item->setDataCollectionDiameter(1.0).good()); ++ OFCHECK(asrc_item->setEnergyWeightingFactor(2.0).good()); ++ OFCHECK(asrc_item->setExposureInmAs(3.0).good()); ++ OFCHECK(asrc_item->setFilterMaterial("FILTER_MATERIAL").good()); ++ OFCHECK(asrc_item->setFilterType("FILTER_TYPE").good()); ++ OFCHECK(asrc_item->setFocalSpots(OFVector<Float64>(4, 4.4)).good()); ++ OFCHECK(asrc_item->setKVP(5).good()); ++ OFCHECK(asrc_item->setXRayTubeCurrentInmA(6).good()); ++ asrc.getCTAdditionalXRaySourceItems().push_back(asrc_item); ++ } ++ ++ OFCHECK(ct->addForAllFrames(meas).good()); ++ OFCHECK(ct->addForAllFrames(planpo).good()); ++ OFCHECK(ct->addForAllFrames(planor).good()); ++ OFCHECK(ct->addForAllFrames(ana).good()); ++ OFCHECK(ct->addForAllFrames(irr).good()); ++ OFCHECK(ct->addForAllFrames(itype).good()); ++ OFCHECK(ct->addForAllFrames(atype).good()); ++ OFCHECK(ct->addForAllFrames(adetails).good()); ++ OFCHECK(ct->addForAllFrames(dyn).good()); ++ OFCHECK(ct->addForAllFrames(pos).good()); ++ OFCHECK(ct->addForAllFrames(geo).good()); ++ OFCHECK(ct->addForAllFrames(rec).good()); ++ OFCHECK(ct->addForAllFrames(exp).good()); ++ OFCHECK(ct->addForAllFrames(det).good()); ++ OFCHECK(ct->addForAllFrames(trans).good()); ++ OFCHECK(ct->addForAllFrames(asrc).good()); ++} ++ ++static void addFrames(EctEnhancedCT *ct) ++{ ++ if (!ct) ++ return; ++ ++ FGFrameContent *fg = new FGFrameContent(); ++ fg->setStackID("1"); ++ OFCHECK(fg); ++ if (fg) ++ { ++ EctEnhancedCT::FramesType frames = ct->getFrames(); ++ for (Uint16 frameNo = 1; frameNo <= NUM_FRAMES; frameNo++) ++ { ++ OFCHECK(fg->setFrameAcquisitionNumber(frameNo).good()); ++ OFCHECK(fg->setFrameReferenceDateTime("20190816092557").good()); ++ OFCHECK(fg->setFrameAcquisitionDateTime("20190816092557").good()); ++ OFCHECK(fg->setFrameAcquisitionDuration(0.001).good()); ++ OFCHECK(fg->setInStackPositionNumber(frameNo).good()); ++ OFCHECK(fg->setDimensionIndexValues(1, 0).good()); ++ OFCHECK(fg->setDimensionIndexValues(frameNo, 1).good()); ++ OFVector<FGBase *> groups; ++ groups.push_back(fg); ++ ++ Uint16 *data = new Uint16[NUM_PIXELS_PER_FRAME]; ++ for (size_t i = 0; i < NUM_PIXELS_PER_FRAME; ++i) ++ { ++ data[i] = 0x4141; ++ } ++ OFCHECK( ++ OFget<EctEnhancedCT::Frames<Uint16>>(&frames)->addFrame(data, NUM_PIXELS_PER_FRAME, groups).good()); ++ delete[] data; ++ } ++ } ++ delete fg; ++} ++ ++static void addDimensions(EctEnhancedCT *ct) ++{ ++ if (!ct) ++ return; ++ IODMultiframeDimensionModule &dims = ct->getDimensions(); ++ OFCHECK(dims.addDimensionIndex( ++ DCM_StackID, "2.25.30855560781715986879861690673941231222", DCM_FrameContentSequence, "STACK_DIM") ++ .good()); ++ OFCHECK(dims.addDimensionIndex(DCM_InStackPositionNumber, ++ "2.25.30855560781715986879861690673941231222", ++ DCM_FrameContentSequence, ++ "STACK_DIM") ++ .good()); ++ OFunique_ptr<IODMultiframeDimensionModule::DimensionOrganizationItem> org( ++ new IODMultiframeDimensionModule::DimensionOrganizationItem); ++ if (org) ++ { ++ org->setDimensionOrganizationUID("2.25.30855560781715986879861690673941231222"); ++ dims.getDimensionOrganizationSequence().push_back(org.release()); ++ } ++} ++ ++ +--- dcmtk.orig/dcmect/tests/tests.cc ++++ dcmtk/dcmect/tests/tests.cc +@@ -1,6 +1,6 @@ + /* + * +- * Copyright (C) 2019, OFFIS e.V. ++ * Copyright (C) 2019-2024, OFFIS e.V. + * All rights reserved. See COPYRIGHT file for details. + * + * This software and supporting documentation were developed by +@@ -23,5 +23,6 @@ + #include "dcmtk/ofstd/oftest.h" + + OFTEST_REGISTER(dcmect_huge_concat); ++OFTEST_REGISTER(dcmect_overflow); + OFTEST_REGISTER(dcmect_roundtrip); + OFTEST_MAIN("dcmect") diff -Nru dcmtk-3.6.7/debian/patches/0010-CVE-2024-34508-34509.patch dcmtk-3.6.7/debian/patches/0010-CVE-2024-34508-34509.patch --- dcmtk-3.6.7/debian/patches/0010-CVE-2024-34508-34509.patch 1970-01-01 01:00:00.000000000 +0100 +++ dcmtk-3.6.7/debian/patches/0010-CVE-2024-34508-34509.patch 2025-02-01 14:47:36.000000000 +0100 @@ -0,0 +1,88 @@ +Applied-Upstream: c78e434c0c5f9d932874f0b17a8b4ce305ca01f5 +Author: Marco Eichelberg <di...@offis.de> +Bug: https://support.dcmtk.org/redmine/issues/1114 +Reviewed-By: Étienne Mollier <emoll...@debian.org> +Last-Update: 2025-02-01 +Description: Fixed two segmentation faults. + Fixed two segmentations faults that could occur while processing an + invalid incoming DIMSE message due to insufficient error handling + causing a de-referenced NULL pointer. + . + Thanks to Nils Bars <nils.b...@rub.de> for the bug report and sample files. + . + This closes DCMTK issue #1114. + +--- dcmtk.orig/dcmdata/libsrc/dcelem.cc ++++ dcmtk/dcmdata/libsrc/dcelem.cc +@@ -1,6 +1,6 @@ + /* + * +- * Copyright (C) 1994-2021, OFFIS e.V. ++ * Copyright (C) 1994-2024, OFFIS e.V. + * All rights reserved. See COPYRIGHT file for details. + * + * This software and supporting documentation were developed by +@@ -717,6 +717,13 @@ + if (isStreamNew) + delete readStream; + } ++ else ++ { ++ errorFlag = EC_InvalidStream; // incomplete dataset read from stream ++ DCMDATA_ERROR("DcmElement: " << getTagName() << " " << getTag() ++ << " larger (" << getLengthField() << ") than remaining bytes (" ++ << getTransferredBytes() << ") in file, premature end of stream"); ++ } + } + /* return result value */ + return errorFlag; +--- dcmtk.orig/dcmnet/libsrc/dimcmd.cc ++++ dcmtk/dcmnet/libsrc/dimcmd.cc +@@ -1,6 +1,6 @@ + /* + * +- * Copyright (C) 1994-2021, OFFIS e.V. ++ * Copyright (C) 1994-2024, OFFIS e.V. + * All rights reserved. See COPYRIGHT file for details. + * + * This software and supporting documentation were partly developed by +@@ -205,22 +205,25 @@ + return parseErrorWithMsg("dimcmd:getString: string too small", t); + } else { + ec = elem->getString(aString); +- strncpy(s, aString, maxlen); +- if (spacePadded) ++ if (ec.good()) + { +- /* before we remove leading and tailing spaces we want to know +- * whether the string is actually space padded. Required to communicate +- * with dumb peers which send space padded UIDs and fail if they +- * receive correct UIDs back. +- * +- * This test can only detect space padded strings if +- * dcmEnableAutomaticInputDataCorrection is false; otherwise the padding +- * has already been removed by dcmdata at this stage. +- */ +- size_t s_len = strlen(s); +- if ((s_len > 0)&&(s[s_len-1] == ' ')) *spacePadded = OFTrue; else *spacePadded = OFFalse; ++ strncpy(s, aString, maxlen); ++ if (spacePadded) ++ { ++ /* before we remove leading and tailing spaces we want to know ++ * whether the string is actually space padded. Required to communicate ++ * with dumb peers which send space padded UIDs and fail if they ++ * receive correct UIDs back. ++ * ++ * This test can only detect space padded strings if ++ * dcmEnableAutomaticInputDataCorrection is false; otherwise the padding ++ * has already been removed by dcmdata at this stage. ++ */ ++ size_t s_len = strlen(s); ++ if ((s_len > 0)&&(s[s_len-1] == ' ')) *spacePadded = OFTrue; else *spacePadded = OFFalse; ++ } ++ DU_stripLeadingAndTrailingSpaces(s); + } +- DU_stripLeadingAndTrailingSpaces(s); + } + } + return (ec.good())? ec : DIMSE_PARSEFAILED; diff -Nru dcmtk-3.6.7/debian/patches/0011-CVE-2024-34508-34509_bis.patch dcmtk-3.6.7/debian/patches/0011-CVE-2024-34508-34509_bis.patch --- dcmtk-3.6.7/debian/patches/0011-CVE-2024-34508-34509_bis.patch 1970-01-01 01:00:00.000000000 +0100 +++ dcmtk-3.6.7/debian/patches/0011-CVE-2024-34508-34509_bis.patch 2025-02-01 14:49:50.000000000 +0100 @@ -0,0 +1,63 @@ +Applied-Upstream: 66c317feae446deda1a389226aa24c95a0eeac4c +Author: Marco Eichelberg <di...@offis.de> +Reviewed-By: Étienne Mollier <emoll...@debian.org> +Last-Update: 2025-02-01 +Description: Fixed DcmDecimalString unit tests. + +diff --git a/dcmdata/tests/tvrds.cc b/dcmdata/tests/tvrds.cc +index a9132a341..0e929304d 100644 +--- a/dcmdata/tests/tvrds.cc ++++ b/dcmdata/tests/tvrds.cc +@@ -1,6 +1,6 @@ + /* + * +- * Copyright (C) 2011-2020, OFFIS e.V. ++ * Copyright (C) 2011-2024, OFFIS e.V. + * All rights reserved. See COPYRIGHT file for details. + * + * This software and supporting documentation were developed by +@@ -30,7 +30,7 @@ + + OFTEST(dcmdata_decimalString_1) + { +- DcmDecimalString decStr(DCM_ContourData, EVR_DS); ++ DcmDecimalString decStr(DCM_ContourData); + OFVector<Float64> doubleVals; + OFCHECK(decStr.putString("1\\2.0\\3.5\\-4.99\\+500.005\\6.66E-01").good()); + OFCHECK(decStr.getFloat64Vector(doubleVals).good()); +@@ -45,7 +45,7 @@ OFTEST(dcmdata_decimalString_1) + + OFTEST(dcmdata_decimalString_2) + { +- DcmDecimalString decStr(DCM_ContourData, EVR_DS); ++ DcmDecimalString decStr(DCM_ContourData); + OFVector<Float64> doubleVals; + /* insert a NULL byte into the string */ + OFCHECK(decStr.putString("1\\2.0\\3.5\\-4.99\0\\+500.005\\6.66E-01", 34).good()); +@@ -61,7 +61,7 @@ OFTEST(dcmdata_decimalString_2) + + OFTEST(dcmdata_decimalString_3) + { +- DcmDecimalString decStr(DCM_ContourData, EVR_DS); ++ DcmDecimalString decStr(DCM_ContourData); + OFVector<Float64> doubleVals; + /* insert a NULL byte into the string */ + OFCHECK(decStr.putOFStringArray(OFString("1\\2.0\\3.5\\-4.99\0\\+500.005\\6.66E-01", 34)).good()); +@@ -77,7 +77,7 @@ OFTEST(dcmdata_decimalString_3) + + OFTEST(dcmdata_decimalString_4) + { +- DcmDecimalString decStr(DCM_ContourData, EVR_DS); ++ DcmDecimalString decStr(DCM_ContourData); + OFVector<Float64> doubleVals; + OFCHECK(decStr.putString("1\\2.0\\3.5\\-4.99\\+500.005\\6.66E-01\\").good()); + OFCHECK_EQUAL(decStr.getVM(), 7); +@@ -96,7 +96,7 @@ OFTEST(dcmdata_decimalString_putFloat64) + { + // Test insertion in the beginning + OFString testStr; +- DcmDecimalString decStr(DCM_ContourData, EVR_DS); ++ DcmDecimalString decStr(DCM_ContourData); + OFCHECK(decStr.putFloat64(0, 0).good()); + decStr.getOFStringArray(testStr); + OFCHECK(testStr == "0"); diff -Nru dcmtk-3.6.7/debian/patches/series dcmtk-3.6.7/debian/patches/series --- dcmtk-3.6.7/debian/patches/series 2024-04-19 13:38:32.000000000 +0200 +++ dcmtk-3.6.7/debian/patches/series 2025-02-01 20:09:27.000000000 +0100 @@ -10,3 +10,8 @@ #1c8cca4bf6f7c92fc16f9e66faf49409c891a2b0.patch f06a867513524664a1b03dfcf812d8b60fdd02cc.patch c34f4e46e672ad21accf04da0dc085e43be6f5e1.patch +0007-CVE-2024-47796.patch +0008-CVE-2024-52333.patch +0009-CVE-2024-27628.patch +0010-CVE-2024-34508-34509.patch +0011-CVE-2024-34508-34509_bis.patch
signature.asc
Description: PGP signature
