Hi again, Étienne Mollier, on 2025-03-22: > patch is in attachment in case someone from the LTS team wants > to take over.
I resend the patch for bookworm, and possibly bullseye, now with DEP3 header and no ftbfs in bookworm. Have a nice day, :) -- .''`. Étienne Mollier <emoll...@debian.org> : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/1, please excuse my verbosity `- on air: Turbulence - Inside the Gage
Description: Check for overflow between size_t and int64_t. Author: Erik Nolf Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100986 Applied-Upstream: e7a88836fc2277f8ab777f3ef24f917d08415559 Reviewed-by: Étienne Mollier <emoll...@debian.org> Last-Update: 2025-03-22 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- xmedcon.orig/libs/dicom/single.c +++ xmedcon/libs/dicom/single.c @@ -22,8 +22,9 @@ SINGLE *dicom_single(void) { ELEMENT *e; - S32 length; + S32 length, bytes; U32 i, f; + size_t size; char *interpretation[]= { "MONOCHROME2", @@ -265,7 +266,17 @@ /* eNlf: - allocate an extra 4 bytes, otherwise the bit.c */ /* eNlf: routines like source.u++ go beyond the boundaries */ /* eNlf: - memset the allocated buffer for sure */ - data = (U8*)malloc(width*height*pixel*frames+4); + bytes = (int64_t)width*height*pixel*frames+4; + + /* check for overflow */ + size = (size_t)bytes; + if ((int64_t)size != bytes) { + dicom_log(ERROR,"System size_t too small"); + return 0L; + } + + /* allocate memory */ + data = (U8*)malloc(bytes); if (!data) { dicom_log(ERROR,"Out of memory");
signature.asc
Description: PGP signature
