Package: release.debian.org Severity: normal Tags: bookworm X-Debbugs-Cc: dc...@packages.debian.org Control: affects -1 + src:dcmtk User: release.debian....@packages.debian.org Usertags: pu
Good day, [ Reason ] This update follows up on dcmtk/3.6.7-9~deb12u2 to include the missing fix for CVE-2024-28130, which constitutes a risk of execution of arbitrary code when handling a malformed file. [ Impact ] If the update is not granted, dcmtk in bookworm will remain exposed to CVE-2024-28130. Besides, the issue is already fixed in Debian LTS bullseye, so users upgrading from bullseye will experience a regression in the security support. [ Tests ] I have verified that the fix does not introduce regression in the 19 reverse dependencies autopkgtest, nor in the 34 reverse build dependencies' construction. I also have verified that the bug #1095072 was not affecting the package after applying the mitigation; besides Adrian Bunk, who worked on the bullsey port of the fix, reported in #1094991 that both the regression and the fix were introduced before dcmtk in bookwork, making it unaffected. [ Risks ] Changes introduced to fix the issue affect a high number of hunks dispatched in three patches. This may make for a more delicate review. In addition, I could not really test the security issue for myself and have to trust that the upstream patches are doing the right thing. On the other hand, the patchset applied with surprizingly little fuzz in comparison with the scale of the change. Most of the collisions were related to copyright year bumps in headers instead of real mismatches within the code. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] The new dcmtk package update introduces three patches: 0012-CVE-2024-28130_1.patch, 0013-CVE-2024-28130_2.patch and 0014-CVE-2024-28130_3.patch, corresponding to upstream commits dc6a2446dc03c9db90f82ce17a597f2cd53776c5, 601b227eecaab33a3a3a11dc256d84b1a62f63af and 7d54f8efec995e5601d089fa17b0625c2b41af23 respectively. All three patches are documented to be related to the CVE-2024-28130 in the security tracker. 0012-CVE-2024-28130_1.patch implements a couple of checks to guard against errors of segmentations. The checks are then scattered about everywhere needed throughout the source code. There are some copyright years updates scattered in the patch set. A couple of changes that were more or less mechanically applied have been amended in the last patch, see below. 0013-CVE-2024-28130_2.patch complements the first patch to add further check where they were missing, notably around LUT (look up tables) implementations. A medium sized hunk stands out at the end of the patch due to a rework of the indentation; not sure that was called for, but I didn't dare to touch it yet. 0014-CVE-2024-28130_3.patch amends some changes of the first patch to fix checks that were improperly introduced. [ Other info ] I have kept the three patches separate, so they can be easier to compare with the upstream changes, but if that makes for easier review, I'm also open to fold them in one patch. Have a nice day, :) -- .''`. Étienne Mollier <emoll...@debian.org> : :' : pgp: 8f91 b227 c7d6 f2b1 948c 8236 793c f67e 8f0d 11da `. `' sent from /dev/pts/2, please excuse my verbosity `-
diff -Nru dcmtk-3.6.7/debian/changelog dcmtk-3.6.7/debian/changelog
--- dcmtk-3.6.7/debian/changelog 2025-02-01 20:09:27.000000000 +0100
+++ dcmtk-3.6.7/debian/changelog 2025-02-10 22:31:31.000000000 +0100
@@ -1,3 +1,12 @@
+dcmtk (3.6.7-9~deb12u3) bookworm; urgency=medium
+
+ * Team upload.
+ * Introduce new patches to fix CVE-2024-28130. (Closes: #1070207)
+ These patches are 0012-CVE-2024-28130_1.patch,
+ 0013-CVE-2024-28130_2.patch and 0014-CVE-2024-28130_3.patch.
+
+ -- Étienne Mollier <emoll...@debian.org> Mon, 10 Feb 2025 22:31:31 +0100
+
dcmtk (3.6.7-9~deb12u2) bookworm; urgency=medium
* Team upload.
diff -Nru dcmtk-3.6.7/debian/patches/0012-CVE-2024-28130_1.patch
dcmtk-3.6.7/debian/patches/0012-CVE-2024-28130_1.patch
--- dcmtk-3.6.7/debian/patches/0012-CVE-2024-28130_1.patch 1970-01-01
01:00:00.000000000 +0100
+++ dcmtk-3.6.7/debian/patches/0012-CVE-2024-28130_1.patch 2025-02-10
22:17:58.000000000 +0100
@@ -0,0 +1,1474 @@
+commit dc6a2446dc03c9db90f82ce17a597f2cd53776c5
+Author: Marco Eichelberg <di...@offis.de>
+Date: Mon Apr 15 12:12:51 2024 +0200
+
+ Fixed unchecked typecasts of DcmItem::search results.
+
+ DcmItem::search() returns a stack of DcmObject pointers as search results.
+ These pointers in most instances need to be casted to DcmItem, DcmElement
+ or a subclass of these. In many cases, the type of the object was not
+ properly checked before the typecast. This could lead to segmentation
faults
+ when invalid DICOM datasets were processed where elements had the wrong
+ value representation.
+
+--- dcmtk.orig/dcmdata/include/dcmtk/dcmdata/dcelem.h
++++ dcmtk/dcmdata/include/dcmtk/dcmdata/dcelem.h
+@@ -143,6 +143,11 @@
+ */
+ virtual OFBool isLeaf() const { return OFTrue; }
+
++ /** check if this element can be safely casted to DcmElement
++ * @return true if DcmElement, false otherwise
++ */
++ virtual OFBool isElement() const { return OFTrue; }
++
+ /** check if value of this element is loaded into main memory
+ * @return true if value is present in memory, false if value still
resides in file
+ */
+--- dcmtk.orig/dcmdata/include/dcmtk/dcmdata/dcobject.h
++++ dcmtk/dcmdata/include/dcmtk/dcmdata/dcobject.h
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1994-2020, OFFIS e.V.
++ * Copyright (C) 1994-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -308,6 +308,11 @@
+ */
+ virtual OFBool isLeaf() const = 0;
+
++ /** check if this element can be safely casted to DcmElement
++ * @return true if DcmElement, false otherwise
++ */
++ virtual OFBool isElement() const { return OFFalse; }
++
+ /** check if this element is nested in a sequence of items, i.e.\ not a
+ * top-level or stand-alone element
+ * @return true if this element is nested, false otherwise
+--- dcmtk.orig/dcmdata/libsrc/dcddirif.cc
++++ dcmtk/dcmdata/libsrc/dcddirif.cc
+@@ -433,7 +433,7 @@
+ OFBool first = OFTrue;
+ DcmStack stack1, stack2;
+ /* check whether attributes are equal */
+- while (item1->nextObject(stack1, first).good() &&
item2->nextObject(stack2, first).good())
++ while (item1->nextObject(stack1, first).good() &&
item2->nextObject(stack2, first).good() && stack1.top()->isElement() &&
stack2.top()->isElement())
+ {
+ if (!compareAttributes(OFstatic_cast(DcmElement *,
stack1.top()), OFstatic_cast(DcmElement *, stack2.top()), fromSequence, i++,
reason))
+ break;
+@@ -5511,7 +5511,7 @@
+ OFBool first = OFTrue;
+ DcmElement *delem = NULL;
+ /* iterate over all record elements */
+- while (record->nextObject(stack, first).good() && (result ||
!abortCheck))
++ while (record->nextObject(stack, first).good() && (result ||
!abortCheck) && stack.top()->isElement())
+ {
+ delem = OFstatic_cast(DcmElement *, stack.top());
+ if ((delem != NULL) && (delem->getLength() > 0))
+--- dcmtk.orig/dcmdata/libsrc/dcdirrec.cc
++++ dcmtk/dcmdata/libsrc/dcdirrec.cc
+@@ -1004,7 +1004,7 @@
+ DCMDATA_ERROR("Internal ERROR in
DcmDirectoryRecord::fillElementsAndReadSOP()");
+ }
+ uiP = new DcmUniqueIdentifier(refSOPClassTag); // (0004,1510)
+- if (refFile->search(DCM_SOPClassUID, stack).good())
++ if (refFile->search(DCM_SOPClassUID, stack).good() &&
(stack.top()->ident() == EVR_UI))
+ {
+ char *uid = NULL;
+ OFstatic_cast(DcmUniqueIdentifier *, stack.top())->getString(uid);
+@@ -1017,7 +1017,7 @@
+ insert(uiP, OFTrue);
+
+ uiP = new DcmUniqueIdentifier(refSOPInstTag); // (0004,1511)
+- if (refFile->search(DCM_SOPInstanceUID, stack).good() ||
refFile->search(DCM_MediaStorageSOPInstanceUID, stack).good())
++ if ((refFile->search(DCM_SOPInstanceUID, stack).good() ||
refFile->search(DCM_MediaStorageSOPInstanceUID, stack).good()) &&
(stack.top()->ident() == EVR_UI))
+ {
+ char *uid = NULL;
+ OFstatic_cast(DcmUniqueIdentifier *, stack.top())->getString(uid);
+@@ -1030,7 +1030,7 @@
+ insert(uiP, OFTrue);
+
+ uiP = new DcmUniqueIdentifier(refFileXferTag); // (0004,1512)
+- if (refFile->search(DCM_TransferSyntaxUID, stack).good())
++ if (refFile->search(DCM_TransferSyntaxUID, stack).good() &&
(stack.top()->ident() == EVR_UI))
+ {
+ char *uid = NULL;
+ OFstatic_cast(DcmUniqueIdentifier *, stack.top())->getString(uid);
+--- dcmtk.orig/dcmdata/libsrc/dcfilefo.cc
++++ dcmtk/dcmdata/libsrc/dcfilefo.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1994-2022, OFFIS e.V.
++ * Copyright (C) 1994-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -363,7 +363,7 @@
+ {
+ if ((writeMode == EWM_updateMeta) || (elem->getLength() == 0))
+ {
+- if (dataset->search(DCM_SOPClassUID, stack).good())
++ if (dataset->search(DCM_SOPClassUID, stack).good() &&
(stack.top()->ident() == EVR_UI))
+ {
+ char *uid = NULL;
+ l_error = OFstatic_cast(DcmUniqueIdentifier *,
stack.top())->getString(uid);
+@@ -379,7 +379,7 @@
+ else if
(DCM_dcmdataLogger.isEnabledFor(OFLogger::WARN_LOG_LEVEL))
+ {
+ // check whether UID in meta-header is identical to the
one in the dataset
+- if (dataset->search(DCM_SOPClassUID, stack).good())
++ if (dataset->search(DCM_SOPClassUID, stack).good() &&
(stack.top()->ident() == EVR_UI))
+ {
+ OFString uidDataset, uidMetaHeader;
+ OFstatic_cast(DcmUniqueIdentifier *,
stack.top())->getOFStringArray(uidDataset);
+@@ -405,7 +405,7 @@
+ {
+ if ((writeMode == EWM_updateMeta) || (elem->getLength() == 0))
+ {
+- if (dataset->search(DCM_SOPInstanceUID, stack).good())
++ if (dataset->search(DCM_SOPInstanceUID, stack).good() &&
(stack.top()->ident() == EVR_UI))
+ {
+ char* uid = NULL;
+ l_error = OFstatic_cast(DcmUniqueIdentifier *,
stack.top())->getString(uid);
+@@ -423,7 +423,7 @@
+ else if
(DCM_dcmdataLogger.isEnabledFor(OFLogger::WARN_LOG_LEVEL))
+ {
+ // check whether UID in meta-header is identical to the
one in the dataset
+- if (dataset->search(DCM_SOPInstanceUID, stack).good())
++ if (dataset->search(DCM_SOPInstanceUID, stack).good() &&
(stack.top()->ident() == EVR_UI))
+ {
+ OFString uidDataset, uidMetaHeader;
+ OFstatic_cast(DcmUniqueIdentifier *,
stack.top())->getOFStringArray(uidDataset);
+@@ -634,7 +634,7 @@
+ /* check whether meta header is present (and non-empty, i.e. contains
elements) */
+ if (metainfo && !metainfo->isEmpty())
+ {
+- if (metainfo->search(DCM_TransferSyntaxUID, stack).good())
++ if (metainfo->search(DCM_TransferSyntaxUID, stack).good() &&
(stack.top()->ident() == EVR_UI))
+ {
+ DcmUniqueIdentifier *xferUI = OFstatic_cast(DcmUniqueIdentifier
*, stack.top());
+ if (xferUI->getTag().getXTag() == DCM_TransferSyntaxUID)
+--- dcmtk.orig/dcmdata/libsrc/dcitem.cc
++++ dcmtk/dcmdata/libsrc/dcitem.cc
+@@ -2322,7 +2322,7 @@
+ DcmStack stack;
+ OFBool result = OFFalse;
+
+- if (search(key, stack, ESM_fromHere, searchIntoSub).good())
++ if (search(key, stack, ESM_fromHere, searchIntoSub).good() &&
stack.top()->isElement())
+ {
+ DcmElement *elem = OFstatic_cast(DcmElement *, stack.top());
+ if (elem != NULL)
+@@ -2345,7 +2345,7 @@
+ DcmStack stack;
+ /* find the element */
+ OFCondition status = search(tagKey, stack, ESM_fromHere, searchIntoSub);
+- if (status.good())
++ if (status.good() && stack.top()->isElement())
+ {
+ element = OFstatic_cast(DcmElement *, stack.top());
+ /* should never happen but ... */
+@@ -2980,7 +2980,7 @@
+ DcmStack stack;
+ /* find the element */
+ OFCondition status = search(seqTagKey, stack, ESM_fromHere,
searchIntoSub);
+- if (status.good())
++ if (status.good() && stack.top()->isElement())
+ {
+ DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
+ /* should never happen but ... */
+@@ -3017,7 +3017,7 @@
+ DcmStack stack;
+ /* find sequence */
+ OFCondition status = search(seqTagKey, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+- if (status.good())
++ if (status.good() && stack.top()->isElement())
+ {
+ /* get element */
+ DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
+@@ -3079,7 +3079,7 @@
+ OFCondition status = search(seqTag, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+ DcmSequenceOfItems *sequence = NULL;
+ /* sequence found? */
+- if (status.good())
++ if (status.good() && stack.top()->isElement())
+ {
+ /* get element */
+ DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
+@@ -3213,7 +3213,7 @@
+ DcmStack stack;
+ /* find sequence */
+ OFCondition status = search(seqTagKey, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+- if (status.good())
++ if (status.good() && stack.top()->isElement())
+ {
+ /* get element */
+ DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
+@@ -4173,7 +4173,7 @@
+ status = search(seqTag, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+ DcmSequenceOfItems *sequence = NULL;
+ /* sequence found? */
+- if (status.good())
++ if (status.good() && stack.top()->isElement())
+ {
+ /* get element */
+ DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
+--- dcmtk.orig/dcmimgle/libsrc/didocu.cc
++++ dcmtk/dcmimgle/libsrc/didocu.cc
+@@ -218,7 +218,7 @@
+ obj = Object;
+ // only search on main dataset level
+ if ((obj != NULL) && (obj->search(tag, stack, ESM_fromHere, OFFalse /*
searchIntoSub */) == EC_Normal) &&
+- (stack.top()->getLength(Xfer) > 0))
++ (stack.top()->getLength(Xfer) > 0) && stack.top()->isElement())
+ {
+ return OFstatic_cast(DcmElement *, stack.top());
+ }
+--- dcmtk.orig/dcmiod/libsrc/iodutil.cc
++++ dcmtk/dcmiod/libsrc/iodutil.cc
+@@ -43,7 +43,7 @@
+ DcmStack stack;
+ const DcmTagKey tagKey = delem.getTag();
+ OFCondition result = dataset.search(tagKey, stack, ESM_fromHere,
OFFalse /*searchIntoSub*/);
+- if (result.good())
++ if (result.good() && stack.top()->isElement())
+ {
+ /* copy object from search stack */
+ result = delem.copyFrom(*stack.top());
+@@ -76,7 +76,7 @@
+
+ DcmStack stack;
+ OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+- if (result.good())
++ if (result.good() && stack.top()->isElement())
+ {
+ /* copy object from search stack */
+ delem = OFstatic_cast(DcmElement*, stack.top()->clone());
+--- dcmtk.orig/dcmjpeg/libsrc/djcodece.cc
++++ dcmtk/dcmjpeg/libsrc/djcodece.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 2001-2022, OFFIS e.V.
++ * Copyright (C) 2001-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -1397,17 +1397,17 @@
+ DcmElement *explanation = NULL;
+
+ DcmStack stack;
+- if ((dataset->search(DCM_WindowCenter, stack, ESM_fromHere,
OFFalse)).good())
++ if ((dataset->search(DCM_WindowCenter, stack, ESM_fromHere,
OFFalse)).good() && stack.top()->isElement())
+ {
+ center = OFreinterpret_cast(DcmElement*, stack.top());
+ }
+ stack.clear();
+- if ((dataset->search(DCM_WindowWidth, stack, ESM_fromHere, OFFalse)).good())
++ if ((dataset->search(DCM_WindowWidth, stack, ESM_fromHere, OFFalse)).good()
&& stack.top()->isElement())
+ {
+ width = OFreinterpret_cast(DcmElement*, stack.top());
+ }
+ stack.clear();
+- if ((dataset->search(DCM_WindowCenterWidthExplanation, stack, ESM_fromHere,
OFFalse)).good())
++ if ((dataset->search(DCM_WindowCenterWidthExplanation, stack, ESM_fromHere,
OFFalse)).good() && stack.top()->isElement())
+ {
+ explanation = OFreinterpret_cast(DcmElement*, stack.top());
+ }
+--- dcmtk.orig/dcmnet/apps/storescu.cc
++++ dcmtk/dcmnet/apps/storescu.cc
+@@ -1138,6 +1138,12 @@
+ return OFFalse;
+ }
+
++ if (! stack.top()->isElement())
++ {
++ OFLOG_ERROR(storescuLogger, "updateStringAttributeValue: not a
DcmElement: " << tag.getTagName() << " " << key);
++ return OFFalse;
++ }
++
+ DcmElement *elem = OFstatic_cast(DcmElement *, stack.top());
+
+ DcmVR vr(elem->ident());
+--- dcmtk.orig/dcmnet/libsrc/dimcmd.cc
++++ dcmtk/dcmnet/libsrc/dimcmd.cc
+@@ -191,14 +191,16 @@
+ static OFCondition
+ getString(DcmDataset *obj, DcmTagKey t, char *s, int maxlen, OFBool
*spacePadded)
+ {
+- DcmElement *elem;
++ DcmElement *elem = NULL;
+ DcmStack stack;
+ OFCondition ec = EC_Normal;
+ char* aString;
+
+ ec = obj->search(t, stack);
+- elem = (DcmElement*)stack.top();
+- if (ec == EC_Normal && elem != NULL) {
++ if (ec.good() && stack.top()->isElement())
++ elem = (DcmElement*)stack.top();
++
++ if (elem != NULL) {
+ if (elem->getLength() == 0) {
+ s[0] = '\0';
+ } else if (elem->getLength() > (Uint32)maxlen) {
+@@ -266,17 +268,19 @@
+ static OFCondition
+ getUS(DcmDataset *obj, DcmTagKey t, Uint16 *us)
+ {
+- DcmElement *elem;
++ DcmElement *elem = NULL;
+ DcmStack stack;
+ OFCondition ec = EC_Normal;
+
+ ec = obj->search(t, stack);
+- elem = (DcmElement*)stack.top();
+- if (ec == EC_Normal && elem != NULL) {
++ if (ec.good() && stack.top()->isElement())
++ elem = (DcmElement*)stack.top();
++
++ if (elem != NULL) {
+ ec = elem->getUint16(*us, 0);
+ }
+
+- return (ec == EC_Normal)?(EC_Normal):(DIMSE_PARSEFAILED);
++ return (ec.good())?(EC_Normal):(DIMSE_PARSEFAILED);
+ }
+
+ static OFCondition
+@@ -317,17 +321,19 @@
+ static OFCondition
+ getUL(DcmDataset *obj, DcmTagKey t, Uint32 *ul)
+ {
+- DcmElement *elem;
++ DcmElement *elem = NULL;
+ DcmStack stack;
+ OFCondition ec = EC_Normal;
+
+ ec = obj->search(t, stack);
+- elem = (DcmElement*)stack.top();
+- if (ec == EC_Normal && elem != NULL) {
++ if (ec.good() && stack.top()->isElement())
++ elem = (DcmElement*)stack.top();
++
++ if (elem != NULL) {
+ ec = elem->getUint32(*ul, 0);
+ }
+
+- return (ec == EC_Normal)?(EC_Normal):(DIMSE_PARSEFAILED);
++ return (ec.good())?(EC_Normal):(DIMSE_PARSEFAILED);
+ }
+
+ #if 0
+@@ -378,15 +384,17 @@
+ static OFCondition
+ getAttributeList(DcmDataset *obj, DcmTagKey t, Uint16 **lst, int *listCount)
+ {
+- DcmElement *elem;
++ DcmElement *elem = NULL;
+ DcmStack stack;
+ OFCondition ec = EC_Normal;
+ Uint16 *aList = NULL;
+ Uint32 nBytes = 0;
+
+ ec = obj->search(t, stack);
+- elem = (DcmElement*)stack.top();
+- if (ec == EC_Normal && elem != NULL) {
++ if (ec.good() && stack.top()->isElement())
++ elem = (DcmElement*)stack.top();
++
++ if (elem) {
+ nBytes = elem->getLength();
+ *listCount = (int)(nBytes / sizeof(Uint16));
+ if (*listCount > 0) {
+@@ -398,7 +406,7 @@
+ }
+ }
+
+- return (ec == EC_Normal)?(EC_Normal):(DIMSE_PARSEFAILED);
++ return (ec.good())?(EC_Normal):(DIMSE_PARSEFAILED);
+ }
+
+ /*
+--- dcmtk.orig/dcmnet/libsrc/diutil.cc
++++ dcmtk/dcmnet/libsrc/diutil.cc
+@@ -159,23 +159,21 @@
+ OFBool
+ DU_getStringDOElement(DcmItem *obj, DcmTagKey t, char *s, size_t bufsize)
+ {
+- DcmByteString *elem;
+ DcmStack stack;
+- OFCondition ec = EC_Normal;
+ char* aString;
+
+- ec = obj->search(t, stack);
+- elem = (DcmByteString*) stack.top();
+- if (ec == EC_Normal && elem != NULL) {
++ OFCondition ec = obj->search(t, stack);
++ if (ec.good() && (stack.top() != NULL) && stack.top()->isElement()) {
++ DcmElement *elem = (DcmElement *) stack.top();
+ if (elem->getLength() == 0) {
+ s[0] = '\0';
+ } else {
+ ec = elem->getString(aString);
+- if (ec == EC_Normal)
++ if (ec.good())
+ OFStandard::strlcpy(s, aString, bufsize);
+ }
+ }
+- return (ec == EC_Normal);
++ return (ec.good());
+ }
+
+ OFBool
+@@ -193,7 +191,7 @@
+ ec = obj->insert(e, OFTrue);
+ }
+
+- return (ec == EC_Normal);
++ return (ec.good());
+ }
+
+ OFBool
+@@ -201,15 +199,15 @@
+ {
+ DcmElement *elem;
+ DcmStack stack;
+- OFCondition ec = EC_Normal;
+
+- ec = obj->search(t, stack);
+- elem = (DcmElement*) stack.top();
+- if (ec == EC_Normal && elem != NULL) {
+- ec = elem->getUint16(*us, 0);
++ OFCondition ec = obj->search(t, stack);
++ if (ec.good() && stack.top()->isElement())
++ {
++ elem = (DcmElement*) stack.top();
++ if (elem) ec = elem->getUint16(*us, 0);
+ }
+
+- return (ec == EC_Normal);
++ return (ec.good());
+ }
+
+ OFBool
+@@ -226,7 +224,7 @@
+ if (ec == EC_Normal) {
+ ec = obj->insert(e, OFTrue);
+ }
+- return (ec == EC_Normal);
++ return (ec.good());
+ }
+
+ OFBool
+--- dcmtk.orig/dcmnet/libsrc/dstorscu.cc
++++ dcmtk/dcmnet/libsrc/dstorscu.cc
+@@ -484,7 +484,7 @@
+ OFFilename dirName;
+ OFStandard::getDirNameFromPath(dirName, filename, OFFalse /*
assumeDirName */);
+ // iterate over all items (directory records) where ReferencedFileID
is present
+- while (dataset->search(DCM_ReferencedFileID, stack,
ESM_afterStackTop, OFTrue).good())
++ while (dataset->search(DCM_ReferencedFileID, stack,
ESM_afterStackTop, OFTrue).good() && stack.top()->isElement())
+ {
+ // make sure that the dataset and element pointer are there
+ if (stack.card() > 1)
+--- dcmtk.orig/dcmpstat/apps/dcmmklut.cc
++++ dcmtk/dcmpstat/apps/dcmmklut.cc
+@@ -971,7 +971,7 @@
+ {
+ // search existing sequence
+ DcmStack stack;
+- if (EC_Normal ==
dataset->search(DCM_PresentationLUTSequence, stack, ESM_fromHere, OFFalse))
++ if (EC_Normal ==
dataset->search(DCM_PresentationLUTSequence, stack, ESM_fromHere, OFFalse) &&
(stack.top()->ident() == EVR_SQ))
+ dseq=(DcmSequenceOfItems *)stack.top();
+ }
+ if (dseq == NULL)
+@@ -992,7 +992,7 @@
+ {
+ // search existing sequence
+ DcmStack stack;
+- if (EC_Normal == dataset->search(DCM_VOILUTSequence,
stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dataset->search(DCM_VOILUTSequence,
stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ dseq=(DcmSequenceOfItems *)stack.top();
+ }
+ if (dseq == NULL)
+--- dcmtk.orig/dcmpstat/apps/dcmpschk.cc
++++ dcmtk/dcmpstat/apps/dcmpschk.cc
+@@ -652,7 +652,11 @@
+ OFOStringStream str;
+
+ ec = dset->search(key, stack, ESM_fromHere, OFFalse);
+- elem = (DcmElement*) stack.top();
++ if (ec.good() && stack.top()->isElement())
++ {
++ elem = (DcmElement*) stack.top();
++ }
++
+ if (elem)
+ elem->print(str, DCMTypes::PF_shortenLongTagValues);
+ else
+--- dcmtk.orig/dcmpstat/libsrc/dviface.cc
++++ dcmtk/dcmpstat/libsrc/dviface.cc
+@@ -1425,14 +1425,14 @@
+ if (reference
!= NULL)
+ {
+ DcmStack
stack;
+- if
(dataset->search(DCM_ContentDescription, stack, ESM_fromHere, OFFalse) ==
EC_Normal)
++ if
(dataset->search(DCM_ContentDescription, stack, ESM_fromHere, OFFalse) ==
EC_Normal && (stack.top()->ident() == EVR_LO))
+ {
+ char
*value = NULL;
+ if
((*OFstatic_cast(DcmLongString *, stack.top())).getString(value) == EC_Normal)
+
reference->Description = value;
+ }
+
stack.clear();
+- if
(dataset->search(DCM_ContentLabel, stack, ESM_fromHere, OFFalse) == EC_Normal)
++ if
(dataset->search(DCM_ContentLabel, stack, ESM_fromHere, OFFalse) == EC_Normal
&& (stack.top()->ident() == EVR_LO))
+ {
+ char
*value = NULL;
+ if
((*OFstatic_cast(DcmLongString *, stack.top())).getString(value) == EC_Normal)
+@@ -2843,12 +2843,12 @@
+ DcmDataset *dset = fileformat.getDataset();
+ if (dset)
+ {
+- if (EC_Normal == dset->search(DCM_SOPInstanceUID, stack, ESM_fromHere,
OFFalse))
++ if (EC_Normal == dset->search(DCM_SOPInstanceUID, stack, ESM_fromHere,
OFFalse) && stack.top()->isElement())
+ {
+ OFstatic_cast(DcmElement *, stack.top())->getString(instanceUID);
+ }
+ stack.clear();
+- if (EC_Normal == dset->search(DCM_SOPClassUID, stack, ESM_fromHere,
OFFalse))
++ if (EC_Normal == dset->search(DCM_SOPClassUID, stack, ESM_fromHere,
OFFalse) && stack.top()->isElement())
+ {
+ OFstatic_cast(DcmElement *, stack.top())->getString(classUID);
+ }
+@@ -3761,7 +3761,7 @@
+ DVPSPresentationLUT presentationLUT;
+ if (EC_Normal != presentationLUT.read(*dataset, OFFalse))
presentationLUT.setType(DVPSP_identity);
+ result = dataset->search(sopclassuid.getTag(), stack,
ESM_fromHere, OFFalse);
+- if (EC_Normal == result)
++ if (EC_Normal == result && (stack.top()->ident() == EVR_UI))
+ {
+ char *sopclass = NULL;
+ sopclassuid = *OFstatic_cast(DcmUniqueIdentifier *,
stack.top());
+--- dcmtk.orig/dcmpstat/libsrc/dvpsabl.cc
++++ dcmtk/dcmpstat/libsrc/dvpsabl.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1999-2010, OFFIS e.V.
++ * Copyright (C) 1999-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -69,7 +69,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_RETIRED_AnnotationContentSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_RETIRED_AnnotationContentSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmpstat/libsrc/dvpscu.cc
++++ dcmtk/dcmpstat/libsrc/dvpscu.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2020, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -80,14 +80,14 @@
+
+ /* first we look for the Curve Data */
+ DcmTagKey key(0x5000 + group,0x3000);
+- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) &&
stack.top()->isElement())
+ {
+ d_curveData = (DcmElement *)(stack.top());
+ } else return EC_IllegalCall;
+
+ key.setElement(0x0005); // Curve Dimensions
+ stack.clear();
+- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) &&
stack.top()->isElement())
+ {
+ d_curveDimensions = (DcmElement *)(stack.top());
+ } else return EC_IllegalCall;
+@@ -101,42 +101,42 @@
+
+ key.setElement(0x0010); // Number of Points
+ stack.clear();
+- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) &&
stack.top()->isElement())
+ {
+ d_numberOfPoints = (DcmElement *)(stack.top());
+ } else return EC_IllegalCall;
+
+ key.setElement(0x0020); // Type of Data
+ stack.clear();
+- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) &&
stack.top()->isElement())
+ {
+ d_typeOfData = (DcmElement *)(stack.top());
+ } else return EC_IllegalCall;
+
+ key.setElement(0x0103); // Data Value Representation
+ stack.clear();
+- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) &&
stack.top()->isElement())
+ {
+ d_dataVR = (DcmElement *)(stack.top());
+ } else return EC_IllegalCall;
+
+ key.setElement(0x0022); // Curve Description
+ stack.clear();
+- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) &&
stack.top()->isElement())
+ {
+ d_curveDescription = (DcmElement *)(stack.top());
+ }
+
+ key.setElement(0x0030); // Axis Units
+ stack.clear();
+- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) &&
stack.top()->isElement())
+ {
+ d_axisUnits = (DcmElement *)(stack.top());
+ }
+
+ key.setElement(0x2500); // Curve Label
+ stack.clear();
+- if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(key, stack, ESM_fromHere, OFFalse) &&
stack.top()->isElement())
+ {
+ d_curveLabel = (DcmElement *)(stack.top());
+ }
+--- dcmtk.orig/dcmpstat/libsrc/dvpsdal.cc
++++ dcmtk/dcmpstat/libsrc/dvpsdal.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1999-2010, OFFIS e.V.
++ * Copyright (C) 1999-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -67,7 +67,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_DisplayedAreaSelectionSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_DisplayedAreaSelectionSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmpstat/libsrc/dvpsfs.cc
++++ dcmtk/dcmpstat/libsrc/dvpsfs.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2021, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -280,7 +280,7 @@
+ {
+ stack.clear();
+
+- if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_ReferencedPresentationLUTSequence, stack, ESM_fromHere,
OFFalse)))
++ if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_ReferencedPresentationLUTSequence, stack, ESM_fromHere,
OFFalse)) && (stack.top()->ident() == EVR_SQ))
+ {
+ DcmSequenceOfItems *seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+@@ -480,7 +480,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)numberOfCopies.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)numberOfCopies.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_IS))
+ {
+ numberOfCopies = *((DcmIntegerString *)(stack.top()));
+ Sint32 numCopies=0;
+@@ -502,7 +502,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)printPriority.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)printPriority.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_CS))
+ {
+ printPriority = *((DcmCodeString *)(stack.top()));
+ OFString aString;
+@@ -523,7 +523,7 @@
+ {
+ Uint32 numMediumTypes = cfg.getTargetPrinterNumberOfMediumTypes(cfgname);
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)mediumType.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)mediumType.getTag(), stack, ESM_fromHere, OFFalse)) && (stack.top()->ident()
== EVR_CS))
+ {
+ mediumType = *((DcmCodeString *)(stack.top()));
+ OFString theMedium;
+@@ -555,7 +555,7 @@
+ {
+ Uint32 numFilmDestination =
cfg.getTargetPrinterNumberOfFilmDestinations(cfgname);
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)filmDestination.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)filmDestination.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_CS))
+ {
+ filmDestination = *((DcmCodeString *)(stack.top()));
+ OFString theDestination;
+@@ -586,7 +586,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)filmSessionLabel.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)filmSessionLabel.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_LO))
+ {
+ filmSessionLabel = *((DcmLongString *)(stack.top()));
+ ADD_TO_PDATASET(DcmLongString, filmSessionLabel)
+@@ -597,7 +597,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)ownerID.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)ownerID.getTag(), stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() ==
EVR_SH))
+ {
+ ownerID = *((DcmShortString *)(stack.top()));
+ ADD_TO_PDATASET(DcmShortString, ownerID)
+@@ -611,7 +611,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)illumination.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)illumination.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_US))
+ {
+ illumination = *((DcmUnsignedShort *)(stack.top()));
+ // we don't check illumination set by the user (for now)
+@@ -623,7 +623,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)reflectedAmbientLight.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)reflectedAmbientLight.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_US))
+ {
+ reflectedAmbientLight = *((DcmUnsignedShort *)(stack.top()));
+ // we don't check reflected ambient light set by the user (for now)
+@@ -636,7 +636,7 @@
+ {
+ stack.clear();
+
+- if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_ReferencedPresentationLUTSequence, stack, ESM_fromHere,
OFFalse)))
++ if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_ReferencedPresentationLUTSequence, stack, ESM_fromHere,
OFFalse)) && (stack.top()->ident() == EVR_SQ))
+ {
+ DcmSequenceOfItems *seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+--- dcmtk.orig/dcmpstat/libsrc/dvpsgal.cc
++++ dcmtk/dcmpstat/libsrc/dvpsgal.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2010, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -69,7 +69,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_GraphicAnnotationSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_GraphicAnnotationSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmpstat/libsrc/dvpsgll.cc
++++ dcmtk/dcmpstat/libsrc/dvpsgll.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2017, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -75,7 +75,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_GraphicLayerSequence, stack, ESM_fromHere,
OFFalse))
++ if (EC_Normal == dset.search(DCM_GraphicLayerSequence, stack, ESM_fromHere,
OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmpstat/libsrc/dvpsgrl.cc
++++ dcmtk/dcmpstat/libsrc/dvpsgrl.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2010, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -66,7 +66,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_GraphicObjectSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_GraphicObjectSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmpstat/libsrc/dvpshlp.cc
++++ dcmtk/dcmpstat/libsrc/dvpshlp.cc
+@@ -178,7 +178,7 @@
+ {
+ item = seq.getItem(i);
+ stack.clear();
+- if (EC_Normal == item->search(DCM_ReferencedSOPClassUID, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == item->search(DCM_ReferencedSOPClassUID, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_UI))
+ {
+ aString.clear();
+ refuid = (DcmUniqueIdentifier *)(stack.top());
+--- dcmtk.orig/dcmpstat/libsrc/dvpsib.cc
++++ dcmtk/dcmpstat/libsrc/dvpsib.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2018, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -153,7 +153,7 @@
+ if (result==EC_Normal)
+ {
+ stack.clear();
+- if (EC_Normal == dset.search(DCM_ReferencedImageSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_ReferencedImageSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+@@ -181,7 +181,7 @@
+ // check referenced presentation LUT sequence
+ // if there is any reference, it must refer to one of the presentation
LUTs we are managing.
+ stack.clear();
+- if (EC_Normal == dset.search(DCM_ReferencedPresentationLUTSequence,
stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_ReferencedPresentationLUTSequence,
stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+@@ -672,7 +672,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)imageBoxPosition.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)imageBoxPosition.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_US))
+ {
+ imageBoxPosition = *((DcmUnsignedShort *)(stack.top()));
+ // the image box position is checked elsewhere
+@@ -688,7 +688,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)magnificationType.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)magnificationType.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_CS))
+ {
+ magnificationType = *((DcmCodeString *)(stack.top()));
+ Uint32 numMagnifications =
cfg.getTargetPrinterNumberOfMagnificationTypes(cfgname);
+@@ -721,7 +721,7 @@
+ {
+
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)smoothingType.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)smoothingType.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_CS))
+ {
+ smoothingType = *((DcmCodeString *)(stack.top()));
+ Uint32 numSmoothings =
cfg.getTargetPrinterNumberOfSmoothingTypes(cfgname);
+@@ -761,7 +761,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)configurationInformation.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)configurationInformation.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_ST))
+ {
+ configurationInformation = *((DcmShortText *)(stack.top()));
+ Uint32 numConfigurationInformation =
cfg.getTargetPrinterNumberOfConfigurationSettings(cfgname);
+@@ -800,7 +800,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)polarity.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)polarity.getTag(), stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() ==
EVR_CS))
+ {
+ polarity = *((DcmCodeString *)(stack.top()));
+ OFString thePolarity;
+@@ -820,7 +820,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)requestedImageSize.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)requestedImageSize.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_DS))
+ {
+ if (! cfg.getTargetPrinterSupportsRequestedImageSize(cfgname))
+ {
+@@ -841,7 +841,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)requestedDecimateCropBehavior.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)requestedDecimateCropBehavior.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_CS))
+ {
+ if (! cfg.getTargetPrinterSupportsDecimateCrop(cfgname))
+ {
+@@ -871,7 +871,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_BasicGrayscaleImageSequence, stack, ESM_fromHere,
OFFalse)))
++ if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_BasicGrayscaleImageSequence, stack, ESM_fromHere,
OFFalse)) && (stack.top()->ident() == EVR_SQ))
+ {
+ DcmSequenceOfItems *seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+@@ -971,7 +971,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)samplesPerPixel.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)samplesPerPixel.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_US))
+ {
+ samplesPerPixel = *((DcmUnsignedShort *)(stack.top()));
+ val = 0;
+@@ -994,7 +994,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)rows.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)rows.getTag(), stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() ==
EVR_US))
+ {
+ rows = *((DcmUnsignedShort *)(stack.top()));
+ val = 0;
+@@ -1017,7 +1017,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)columns.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)columns.getTag(), stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() ==
EVR_US))
+ {
+ columns = *((DcmUnsignedShort *)(stack.top()));
+ val = 0;
+@@ -1042,7 +1042,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)bitsStored.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)bitsStored.getTag(), stack, ESM_fromHere, OFFalse)) && (stack.top()->ident()
== EVR_US))
+ {
+ bitsStored = *((DcmUnsignedShort *)(stack.top()));
+ val = 0;
+@@ -1082,7 +1082,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)bitsAllocated.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)bitsAllocated.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_US))
+ {
+ bitsAllocated = *((DcmUnsignedShort *)(stack.top()));
+ val = 0;
+@@ -1105,7 +1105,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)highBit.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)highBit.getTag(), stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() ==
EVR_US))
+ {
+ highBit = *((DcmUnsignedShort *)(stack.top()));
+ val = 0;
+@@ -1128,7 +1128,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)pixelRepresentation.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)pixelRepresentation.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_US))
+ {
+ pixelRepresentation = *((DcmUnsignedShort *)(stack.top()));
+ val = 0;
+@@ -1151,7 +1151,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)photometricInterpretation.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)photometricInterpretation.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_CS))
+ {
+ photometricInterpretation = *((DcmCodeString *)(stack.top()));
+ OFString theColorModel;
+@@ -1175,7 +1175,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)pixelAspectRatio.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)pixelAspectRatio.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_IS))
+ {
+ pixelAspectRatio = *((DcmIntegerString *)(stack.top()));
+ if (pixelAspectRatio.getVM() != 2)
+@@ -1193,7 +1193,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search(DCM_PixelData, stack,
ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search(DCM_PixelData, stack,
ESM_fromHere, OFFalse)) && stack.top()->isElement())
+ {
+ pixelData = new DcmPixelData(DCM_PixelData);
+ if (pixelData)
+--- dcmtk.orig/dcmpstat/libsrc/dvpsibl.cc
++++ dcmtk/dcmpstat/libsrc/dvpsibl.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1999-2010, OFFIS e.V.
++ * Copyright (C) 1999-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -68,7 +68,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_RETIRED_ImageBoxContentSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_RETIRED_ImageBoxContentSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmpstat/libsrc/dvpspll.cc
++++ dcmtk/dcmpstat/libsrc/dvpspll.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1999-2022, OFFIS e.V.
++ * Copyright (C) 1999-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -72,7 +72,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_RETIRED_PresentationLUTContentSequence,
stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_RETIRED_PresentationLUTContentSequence,
stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmpstat/libsrc/dvpsril.cc
++++ dcmtk/dcmpstat/libsrc/dvpsril.cc
+@@ -71,7 +71,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_ReferencedImageSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_ReferencedImageSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmpstat/libsrc/dvpsrsl.cc
++++ dcmtk/dcmpstat/libsrc/dvpsrsl.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2010, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -69,7 +69,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_ReferencedSeriesSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_ReferencedSeriesSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmpstat/libsrc/dvpssp.cc
++++ dcmtk/dcmpstat/libsrc/dvpssp.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2021, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -328,7 +328,7 @@
+ if (result==EC_Normal)
+ {
+ stack.clear();
+- if (EC_Normal == dset.search(DCM_RETIRED_FilmBoxContentSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_RETIRED_FilmBoxContentSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+@@ -362,7 +362,7 @@
+ // check referenced presentation LUT sequence
+ // if there is any reference, it must refer to one of the
presentation LUTs we are managing.
+ stack.clear();
+- if (EC_Normal == item->search(DCM_ReferencedPresentationLUTSequence,
stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == item->search(DCM_ReferencedPresentationLUTSequence,
stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+@@ -445,7 +445,7 @@
+ if (result==EC_Normal)
+ {
+ stack.clear();
+- if (EC_Normal ==
dset.search(DCM_RETIRED_PrintManagementCapabilitiesSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal ==
dset.search(DCM_RETIRED_PrintManagementCapabilitiesSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ OFBool haveFilmBox = OFFalse;
+ OFBool haveGrayscaleImageBox = OFFalse;
+@@ -511,7 +511,7 @@
+ destination.clear();
+ printerName.clear();
+ stack.clear();
+- if (EC_Normal == dset.search(DCM_RETIRED_PrinterCharacteristicsSequence,
stack, ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_RETIRED_PrinterCharacteristicsSequence,
stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ seq = (DcmSequenceOfItems *)stack.top();
+ if (seq->card() > 0)
+@@ -1536,7 +1536,7 @@
+ {
+ // N-CREATE was successful, now evaluate Referenced Image Box SQ
+ stack.clear();
+- if (EC_Normal ==
attributeListOut->search(DCM_ReferencedImageBoxSequence, stack, ESM_fromHere,
OFFalse))
++ if (EC_Normal ==
attributeListOut->search(DCM_ReferencedImageBoxSequence, stack, ESM_fromHere,
OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ seq=(DcmSequenceOfItems *)stack.top();
+ numItems = (size_t)seq->card();
+@@ -1559,7 +1559,7 @@
+ // evaluate Referenced Basic Annotation Box SQ if present
+ stack.clear();
+ annotationContentList.clearAnnotationSOPInstanceUIDs();
+- if (EC_Normal ==
attributeListOut->search(DCM_ReferencedBasicAnnotationBoxSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal ==
attributeListOut->search(DCM_ReferencedBasicAnnotationBoxSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ seq=(DcmSequenceOfItems *)stack.top();
+ numItems = (size_t)seq->card();
+@@ -2419,7 +2419,7 @@
+ {
+ stack.clear();
+
+- if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_ReferencedPresentationLUTSequence, stack, ESM_fromHere,
OFFalse)))
++ if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_ReferencedPresentationLUTSequence, stack, ESM_fromHere,
OFFalse)) && (stack.top()->ident() == EVR_SQ))
+ {
+ DcmSequenceOfItems *seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+@@ -2487,7 +2487,7 @@
+ {
+ stack.clear();
+
+- if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_ReferencedFilmSessionSequence, stack, ESM_fromHere,
OFFalse)))
++ if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_ReferencedFilmSessionSequence, stack, ESM_fromHere,
OFFalse)) && (stack.top()->ident() == EVR_SQ))
+ {
+ DcmUniqueIdentifier classUID(DCM_ReferencedSOPClassUID);
+ DcmUniqueIdentifier instanceUID(DCM_ReferencedSOPInstanceUID);
+@@ -2706,7 +2706,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)magnificationType.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)magnificationType.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_CS))
+ {
+ magnificationType = *((DcmCodeString *)(stack.top()));
+ Uint32 numMagnifications =
cfg.getTargetPrinterNumberOfMagnificationTypes(cfgname);
+@@ -2739,7 +2739,7 @@
+ {
+
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)smoothingType.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)smoothingType.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_CS))
+ {
+ smoothingType = *((DcmCodeString *)(stack.top()));
+ Uint32 numSmoothings =
cfg.getTargetPrinterNumberOfSmoothingTypes(cfgname);
+@@ -2781,7 +2781,7 @@
+ {
+
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)borderDensity.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)borderDensity.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_CS))
+ {
+ borderDensity = *((DcmCodeString *)(stack.top()));
+ Uint32 numBorderDensities =
cfg.getTargetPrinterNumberOfBorderDensities(cfgname);
+@@ -2832,7 +2832,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)emptyImageDensity.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)emptyImageDensity.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_CS))
+ {
+ emptyImageDensity = *((DcmCodeString *)(stack.top()));
+ Uint32 numEmptyImageDensities =
cfg.getTargetPrinterNumberOfEmptyImageDensities(cfgname);
+@@ -2883,7 +2883,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)maxDensity.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)maxDensity.getTag(), stack, ESM_fromHere, OFFalse)) && (stack.top()->ident()
== EVR_US))
+ {
+ maxDensity = *((DcmUnsignedShort *)(stack.top()));
+ // we don't check a max density set by the user (for now)
+@@ -2895,7 +2895,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)minDensity.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)minDensity.getTag(), stack, ESM_fromHere, OFFalse)) && (stack.top()->ident()
== EVR_US))
+ {
+ minDensity = *((DcmUnsignedShort *)(stack.top()));
+ Uint32 numMinDensities =
cfg.getTargetPrinterNumberOfMinDensities(cfgname);
+@@ -2917,7 +2917,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)trim.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)trim.getTag(), stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() ==
EVR_CS))
+ {
+ trim = *((DcmCodeString *)(stack.top()));
+
+@@ -2945,7 +2945,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)configurationInformation.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)configurationInformation.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_ST))
+ {
+ configurationInformation = *((DcmShortText *)(stack.top()));
+ Uint32 numConfigurationInformation =
cfg.getTargetPrinterNumberOfConfigurationSettings(cfgname);
+@@ -2987,7 +2987,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)illumination.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)illumination.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_US))
+ {
+ illumination = *((DcmUnsignedShort *)(stack.top()));
+ // we don't check illumination set by the user (for now)
+@@ -2999,7 +2999,7 @@
+ if (result)
+ {
+ stack.clear();
+- if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)reflectedAmbientLight.getTag(), stack, ESM_fromHere, OFFalse)))
++ if (rqDataset && (EC_Normal == rqDataset->search((DcmTagKey
&)reflectedAmbientLight.getTag(), stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_US))
+ {
+ reflectedAmbientLight = *((DcmUnsignedShort *)(stack.top()));
+ // we don't check reflected ambient light set by the user (for now)
+@@ -3012,7 +3012,7 @@
+ {
+ stack.clear();
+
+- if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_ReferencedPresentationLUTSequence, stack, ESM_fromHere,
OFFalse)))
++ if (rqDataset && (EC_Normal ==
rqDataset->search(DCM_ReferencedPresentationLUTSequence, stack, ESM_fromHere,
OFFalse)) && (stack.top()->ident() == EVR_SQ))
+ {
+ DcmSequenceOfItems *seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+--- dcmtk.orig/dcmpstat/libsrc/dvpstxl.cc
++++ dcmtk/dcmpstat/libsrc/dvpstxl.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2010, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -66,7 +66,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_TextObjectSequence, stack, ESM_fromHere,
OFFalse))
++ if (EC_Normal == dset.search(DCM_TextObjectSequence, stack, ESM_fromHere,
OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmpstat/libsrc/dvpsvll.cc
++++ dcmtk/dcmpstat/libsrc/dvpsvll.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2010, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -66,7 +66,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_VOILUTSequence, stack, ESM_fromHere,
OFFalse))
++ if (EC_Normal == dset.search(DCM_VOILUTSequence, stack, ESM_fromHere,
OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+--- dcmtk.orig/dcmrt/libsrc/drttypes.cc
++++ dcmtk/dcmrt/libsrc/drttypes.cc
+@@ -1,14 +1,12 @@
+ /*
+ *
+- * Copyright (c) 2008-2021, OFFIS e.V. and ICSMED AG, Oldenburg, Germany
+- * Copyright (C) 2013-2021, J. Riesmeier, Oldenburg, Germany
++ * Copyright (c) 2008-2024, OFFIS e.V. and ICSMED AG, Oldenburg, Germany
++ * Copyright (C) 2013-2024, J. Riesmeier, Oldenburg, Germany
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * Source file for class DRTTypes
+ *
+ * Generated manually based on dsrtypes.cc
+- * File created on 2008-12-05
+- * Last modified on 2016-02-12 by Riesmeier
+ *
+ */
+
+@@ -212,7 +210,7 @@
+ {
+ DcmStack stack;
+ OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+- if (result.good())
++ if (result.good() && stack.top()->isElement())
+ {
+ DcmElement *element = OFstatic_cast(DcmElement *, stack.top());
+ if (element != NULL)
+--- dcmtk.orig/dcmsign/libsrc/dcsignat.cc
++++ dcmtk/dcmsign/libsrc/dcsignat.cc
+@@ -102,7 +102,7 @@
+ macid = 0xFFFF;
+ DcmStack stack;
+ OFCondition result = item.search(DCM_MACIDNumber, stack, ESM_fromHere,
OFFalse);
+- if (result.good() && (stack.top()->isLeaf()))
++ if (result.good() && (stack.top()->isElement()))
+ {
+ result = ((DcmElement *)(stack.top()))->getUint16(macid);
+ }
+@@ -732,7 +732,7 @@
+ // read MAC Calculation Transfer Syntax UID
+ if (result.good())
+ {
+- if
((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
++ if
((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
+ {
+ char *uid = NULL;
+ if ((((DcmElement *)(stack.top()))->getString(uid)).good())
+@@ -748,7 +748,7 @@
+ if (result.good())
+ {
+ stack.clear();
+- if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
++ if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
+ {
+ OFString macidentifier;
+ if ((((DcmElement *)(stack.top()))->getOFString(macidentifier,
0)).good())
+@@ -781,7 +781,7 @@
+ if (result.good())
+ {
+ stack.clear();
+- if ((selectedSignatureItem->search(DCM_Signature, stack, ESM_fromHere,
OFFalse)).good() && (stack.top()->isLeaf()))
++ if ((selectedSignatureItem->search(DCM_Signature, stack, ESM_fromHere,
OFFalse)).good() && (stack.top()->ident() == EVR_OB))
+ {
+ signature = new DcmOtherByteOtherWord(*((DcmOtherByteOtherWord
*)(stack.top())));
+ if (signature == NULL) result = EC_MemoryExhausted;
+@@ -958,7 +958,7 @@
+ DcmStack stack;
+
+ // read MAC Calculation Transfer Syntax UID
+- if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID,
stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
++ if ((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID,
stack, ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
+ {
+ char *uid = NULL;
+ if ((((DcmElement *)(stack.top()))->getString(uid)).good() && uid)
+@@ -1003,7 +1003,7 @@
+ DcmStack stack;
+
+ // read MAC Algorithm
+- if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
++ if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
+ {
+ if ((((DcmElement *)(stack.top()))->getOFString(str, 0)).good()) result =
EC_Normal;
+ }
+@@ -1018,7 +1018,7 @@
+ DcmStack stack;
+
+ // read signature UID
+- if ((selectedSignatureItem->search(DCM_DigitalSignatureUID, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
++ if ((selectedSignatureItem->search(DCM_DigitalSignatureUID, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
+ {
+ if ((((DcmElement *)(stack.top()))->getOFString(str, 0)).good()) result =
EC_Normal;
+ }
+@@ -1046,7 +1046,7 @@
+ DcmStack stack;
+
+ // read signature date/time
+- if ((selectedSignatureItem->search(DCM_DigitalSignatureDateTime, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
++ if ((selectedSignatureItem->search(DCM_DigitalSignatureDateTime, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
+ {
+ if ((((DcmElement *)(stack.top()))->getOFString(str, 0)).good()) result =
EC_Normal;
+ }
+@@ -1117,7 +1117,7 @@
+ // check MAC Calculation Transfer Syntax UID
+ if (result.good())
+ {
+- if
((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
++ if
((selectedMacParametersItem->search(DCM_MACCalculationTransferSyntaxUID, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
+ {
+ char *uid = NULL;
+ if ((((DcmElement *)(stack.top()))->getString(uid)).good())
+@@ -1140,7 +1140,7 @@
+ {
+ E_MACType mac = EMT_RIPEMD160;
+ stack.clear();
+- if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isLeaf()))
++ if ((selectedMacParametersItem->search(DCM_MACAlgorithm, stack,
ESM_fromHere, OFFalse)).good() && (stack.top()->isElement()))
+ {
+ OFString macidentifier;
+ if ((((DcmElement *)(stack.top()))->getOFString(macidentifier,
0)).good())
+--- dcmtk.orig/dcmsign/libsrc/sicert.cc
++++ dcmtk/dcmsign/libsrc/sicert.cc
+@@ -147,7 +147,7 @@
+ OFString aString;
+ DcmStack stack;
+ result = item.search(DCM_CertificateType, stack, ESM_fromHere, OFFalse);
+- if (result.good())
++ if (result.good() && stack.top()->isElement())
+ {
+ result = ((DcmElement *)(stack.top()))->getOFString(aString, 0);
+ if (result.good())
+@@ -156,7 +156,7 @@
+ {
+ stack.clear();
+ result = item.search(DCM_CertificateOfSigner, stack, ESM_fromHere,
OFFalse);
+- if (result.good())
++ if (result.good() && stack.top()->isElement())
+ {
+ DcmElement *cert = (DcmElement *)stack.top();
+ Uint8 *data = NULL;
+--- dcmtk.orig/dcmsr/libsrc/dsrtypes.cc
++++ dcmtk/dcmsr/libsrc/dsrtypes.cc
+@@ -1176,7 +1176,7 @@
+ DcmStack stack;
+ const DcmTagKey tagKey = delem.getTag();
+ OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+- if (result.good())
++ if (result.good() && stack.top()->isElement())
+ {
+ /* copy object from search stack */
+ result = delem.copyFrom(*stack.top());
+@@ -1201,7 +1201,7 @@
+ {
+ DcmStack stack;
+ OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+- if (result.good())
++ if (result.good() && stack.top()->isElement())
+ {
+ DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
+ /* we need a reference to the original element in order to determine
the SpecificCharacterSet */
diff -Nru dcmtk-3.6.7/debian/patches/0013-CVE-2024-28130_2.patch
dcmtk-3.6.7/debian/patches/0013-CVE-2024-28130_2.patch
--- dcmtk-3.6.7/debian/patches/0013-CVE-2024-28130_2.patch 1970-01-01
01:00:00.000000000 +0100
+++ dcmtk-3.6.7/debian/patches/0013-CVE-2024-28130_2.patch 2025-02-10
22:22:10.000000000 +0100
@@ -0,0 +1,476 @@
+commit 601b227eecaab33a3a3a11dc256d84b1a62f63af
+Author: Marco Eichelberg <di...@offis.de>
+Date: Mon Apr 15 12:19:33 2024 +0200
+
+ Fixed unchecked typecasts and fixed LUT handling.
+
+ This commit adds further fixes for unchecked typecasts of DcmItem::search()
+ results (see description of previous commit). Furthermore, this commit
+ specifically addresses the handling of look-up tables (LUTs) in module
+ dcmpstat, where attribute (0028,3006) LUTData may use either US or OW
+ value representation, and (0028,3002) LUTDescriptor may be either US or SS.
+ The code should now properly handle all permitted value representations.
+ LUTData is now always written as OW in order to avoid the 64k size limit
+ for US in explicit VR encoding.
+
+ Thanks to Martin Zeiser from the Cisco Talos team
+ <vulndiscov...@external.cisco.com> for the bug report (TALOS-2024-1957).
+
+ Together with the previous commit, this closes DCMTK issue #1120.
+
+--- dcmtk.orig/dcmpstat/libsrc/dcmpstat.cc
++++ dcmtk/dcmpstat/libsrc/dcmpstat.cc
+@@ -384,12 +384,16 @@
+ {
+ item = seq->getItem(0);
+ stack.clear();
+- // LUTDescriptor can be US or SS. For now we only handle US.
++
++ // LUTDescriptor can be US or SS
+ if ((EC_Normal == item->search((DcmTagKey
&)modalityLUTDescriptor.getTag(),
+- stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US))
++ stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US
|| stack.top()->ident() == EVR_SS))
+ {
+- modalityLUTDescriptor = *((DcmUnsignedShort *)(stack.top()));
++ // We explicitly use DcmElement::operator=(), which works for US
and SS
++ DcmElement *mLUTDescriptor = &modalityLUTDescriptor;
++ mLUTDescriptor->operator=(* OFstatic_cast(DcmElement *,
stack.top()));
+ }
++
+ stack.clear();
+ if ((EC_Normal == item->search((DcmTagKey
&)modalityLUTExplanation.getTag(),
+ stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_LO))
+@@ -400,9 +404,11 @@
+
+ // LUTData can be OW, US or SS. For now we only handle US.
+ if ((EC_Normal == item->search((DcmTagKey &)modalityLUTData.getTag(),
+- stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US))
++ stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US
|| stack.top()->ident() == EVR_OW))
+ {
+- modalityLUTData = *((DcmUnsignedShort *)(stack.top()));
++ // we deliberately call DcmElement::operator=() here, which will
work for both DcmUnsignedShort and DcmOtherByteOtherWord parameters
++ DcmElement *mdata = &modalityLUTData;
++ mdata->operator=(*(DcmElement *)(stack.top()));
+ }
+ stack.clear();
+ if ((EC_Normal == item->search((DcmTagKey &)modalityLUTType.getTag(),
+@@ -879,11 +885,13 @@
+ {
+ item = seq->getItem(0);
+ stack.clear();
+- // LUTDescriptor can be US or SS. For now we only handle US.
++ // LUTDescriptor can be US or SS
+ if ((EC_Normal == item->search((DcmTagKey
&)modalityLUTDescriptor.getTag(),
+- stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US))
++ stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US
|| stack.top()->ident() == EVR_SS))
+ {
+- modalityLUTDescriptor = *((DcmUnsignedShort *)(stack.top()));
++ // We explicitly use DcmElement::operator=(), which works for US
and SS
++ DcmElement *mLUTDescriptor = &modalityLUTDescriptor;
++ mLUTDescriptor->operator=(* OFstatic_cast(DcmElement *,
stack.top()));
+ }
+ stack.clear();
+ if ((EC_Normal == item->search((DcmTagKey
&)modalityLUTExplanation.getTag(),
+@@ -895,9 +903,11 @@
+
+ // LUTData can be OW, US or SS. For now we only handle US.
+ if ((EC_Normal == item->search((DcmTagKey &)modalityLUTData.getTag(),
+- stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US))
++ stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US
|| stack.top()->ident() == EVR_OW))
+ {
+- modalityLUTData = *((DcmUnsignedShort *)(stack.top()));
++ // we deliberately call DcmElement::operator=() here, which will
work for both DcmUnsignedShort and DcmOtherByteOtherWord parameters
++ DcmElement *mdata = &modalityLUTData;
++ mdata->operator=(*(DcmElement *)(stack.top()));
+ }
+ stack.clear();
+ if ((EC_Normal == item->search((DcmTagKey &)modalityLUTType.getTag(),
+@@ -1247,10 +1257,16 @@
+ dseq = new DcmSequenceOfItems(DCM_ModalityLUTSequence);
+ if (dseq)
+ {
+- delem = new DcmUnsignedShort(modalityLUTDescriptor);
++ // we clone modalityLUTDescriptor in order to retain the VR (US or
SS)
++ delem = OFstatic_cast(DcmElement *, modalityLUTDescriptor.clone());
+ if (delem) ditem->insert(delem, OFTrue /*replaceOld*/); else
result=EC_MemoryExhausted;
+- delem = new DcmUnsignedShort(modalityLUTData);
++
++ // we write LUTData as OW in order to avoid the 64 kByte limit for
US
++ delem = new DcmOtherByteOtherWord(DCM_LUTData);
++ delem->operator=(modalityLUTData);
++ OFstatic_cast(DcmOtherByteOtherWord *, delem)->setVR(EVR_OW);
+ if (delem) ditem->insert(delem, OFTrue /*replaceOld*/); else
result=EC_MemoryExhausted;
++
+ delem = new DcmLongString(modalityLUTType);
+ if (delem) ditem->insert(delem, OFTrue /*replaceOld*/); else
result=EC_MemoryExhausted;
+ if (modalityLUTExplanation.getLength() >0)
+--- dcmtk.orig/dcmpstat/libsrc/dvpspl.cc
++++ dcmtk/dcmpstat/libsrc/dvpspl.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1999-2018, OFFIS e.V.
++ * Copyright (C) 1999-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -24,6 +24,7 @@
+ #include "dcmtk/dcmdata/dcdeftag.h"
+ #include "dcmtk/dcmdata/dcsequen.h"
+ #include "dcmtk/dcmdata/dcvrcs.h"
++#include "dcmtk/dcmdata/dcvrobow.h"
+ #include "dcmtk/dcmpstat/dvpspl.h"
+ #include "dcmtk/dcmpstat/dvpsdef.h" /* for constants and macros */
+ #include "dcmtk/dcmnet/dimse.h"
+@@ -79,29 +80,36 @@
+ if (result==EC_Normal)
+ {
+ stack.clear();
+- if (EC_Normal == dset.search(DCM_PresentationLUTSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_PresentationLUTSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+ {
+ item = seq->getItem(0);
+ stack.clear();
+- if (EC_Normal == item->search((DcmTagKey
&)presentationLUTDescriptor.getTag(),
+- stack, ESM_fromHere, OFFalse))
++
++ // LUTDescriptor can be US or SS
++ if ((EC_Normal == item->search((DcmTagKey
&)presentationLUTDescriptor.getTag(),
++ stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US
|| stack.top()->ident() == EVR_SS))
+ {
+- presentationLUTDescriptor = *((DcmUnsignedShort *)(stack.top()));
++ // We explicitly use DcmElement::operator=(), which works for US
and SS
++ DcmElement *pLUTDescriptor = &presentationLUTDescriptor;
++ pLUTDescriptor->operator=(* OFstatic_cast(DcmElement *,
stack.top()));
+ }
++
+ stack.clear();
+ if (EC_Normal == item->search((DcmTagKey
&)presentationLUTExplanation.getTag(),
+- stack, ESM_fromHere, OFFalse))
++ stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_LO))
+ {
+ presentationLUTExplanation = *((DcmLongString *)(stack.top()));
+ }
+ stack.clear();
+ if (EC_Normal == item->search((DcmTagKey
&)presentationLUTData.getTag(),
+- stack, ESM_fromHere, OFFalse))
++ stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_US
|| stack.top()->ident() == EVR_OW))
+ {
+- presentationLUTData = *((DcmUnsignedShort *)(stack.top()));
++ // we deliberately call DcmElement::operator=() here, which will
work for both DcmUnsignedShort and DcmOtherByteOtherWord parameters
++ DcmElement *pldata = &presentationLUTData;
++ pldata->operator=(*(DcmElement *)(stack.top()));
+ }
+ } else {
+ result=EC_TagNotFound;
+@@ -187,10 +195,16 @@
+ dseq = new DcmSequenceOfItems(DCM_PresentationLUTSequence);
+ if (dseq)
+ {
+- delem = new DcmUnsignedShort(presentationLUTDescriptor);
++ // we clone presentationLUTDescriptor in order to retain the VR (US
or SS)
++ delem = OFstatic_cast(DcmElement *,
presentationLUTDescriptor.clone());
+ if (delem) ditem->insert(delem, OFTrue /*replaceOld*/); else
result=EC_MemoryExhausted;
+- delem = new DcmUnsignedShort(presentationLUTData);
++
++ // we write LUTData as OW in order to avoid the 64 kByte limit for
US
++ delem = new DcmOtherByteOtherWord(DCM_LUTData);
++ delem->operator=(presentationLUTData);
++ OFstatic_cast(DcmOtherByteOtherWord *, delem)->setVR(EVR_OW);
+ if (delem) ditem->insert(delem, OFTrue /*replaceOld*/); else
result=EC_MemoryExhausted;
++
+ if (presentationLUTExplanation.getLength() >0)
+ {
+ delem = new DcmLongString(presentationLUTExplanation);
+--- dcmtk.orig/dcmpstat/libsrc/dvpssv.cc
++++ dcmtk/dcmpstat/libsrc/dvpssv.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2018, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -23,6 +23,7 @@
+ #include "dcmtk/config/osconfig.h" /* make sure OS specific configuration
is included first */
+ #include "dcmtk/dcmdata/dcdeftag.h"
+ #include "dcmtk/dcmdata/dcsequen.h"
++#include "dcmtk/dcmdata/dcvrobow.h"
+ #include "dcmtk/dcmpstat/dvpssv.h"
+ #include "dcmtk/dcmpstat/dvpsri.h" /* for DVPSReferencedImage */
+ #include "dcmtk/dcmpstat/dvpsrsl.h" /* DVPSReferencedSeries_PList */
+@@ -75,29 +76,36 @@
+ if (result==EC_Normal)
+ {
+ stack.clear();
+- if (EC_Normal == dset.search(DCM_VOILUTSequence, stack, ESM_fromHere,
OFFalse))
++ if (EC_Normal == dset.search(DCM_VOILUTSequence, stack, ESM_fromHere,
OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() ==1)
+ {
+ item = seq->getItem(0);
+ stack.clear();
+- if (EC_Normal == item->search((DcmTagKey
&)voiLUTDescriptor.getTag(),
+- stack, ESM_fromHere, OFFalse))
++
++ // LUTDescriptor can be US or SS
++ if ((EC_Normal == item->search((DcmTagKey
&)voiLUTDescriptor.getTag(),
++ stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US
|| stack.top()->ident() == EVR_SS))
+ {
+- voiLUTDescriptor = *((DcmUnsignedShort *)(stack.top()));
++ // We explicitly use DcmElement::operator=(), which works for US
and SS
++ DcmElement *vLUTDescriptor = &voiLUTDescriptor;
++ vLUTDescriptor->operator=(* OFstatic_cast(DcmElement *,
stack.top()));
+ }
++
+ stack.clear();
+ if (EC_Normal == item->search((DcmTagKey
&)voiLUTExplanation.getTag(),
+- stack, ESM_fromHere, OFFalse))
++ stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_LO))
+ {
+ voiLUTExplanation = *((DcmLongString *)(stack.top()));
+ }
+ stack.clear();
+ if (EC_Normal == item->search((DcmTagKey &)voiLUTData.getTag(),
+- stack, ESM_fromHere, OFFalse))
++ stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_US
|| stack.top()->ident() == EVR_OW))
+ {
+- voiLUTData = *((DcmUnsignedShort *)(stack.top()));
++ // we deliberately call DcmElement::operator=() here, which will
work for both DcmUnsignedShort and DcmOtherByteOtherWord parameters
++ DcmElement *vldata = &voiLUTData;
++ vldata->operator=(*(DcmElement *)(stack.top()));
+ }
+ } else {
+ result=EC_TagNotFound;
+@@ -177,10 +185,16 @@
+ dseq = new DcmSequenceOfItems(DCM_VOILUTSequence);
+ if (dseq)
+ {
+- delem = new DcmUnsignedShort(voiLUTDescriptor);
++ // we clone voiLUTDescriptor in order to retain the VR (US or SS)
++ delem = OFstatic_cast(DcmElement *, voiLUTDescriptor.clone());
+ if (delem) ditem->insert(delem, OFTrue /*replaceOld*/); else
result=EC_MemoryExhausted;
+- delem = new DcmUnsignedShort(voiLUTData);
++
++ // we write LUTData as OW in order to avoid the 64 kByte limit for US
++ delem = new DcmOtherByteOtherWord(DCM_LUTData);
++ delem->operator=(voiLUTData);
++ OFstatic_cast(DcmOtherByteOtherWord *, delem)->setVR(EVR_OW);
+ if (delem) ditem->insert(delem, OFTrue /*replaceOld*/); else
result=EC_MemoryExhausted;
++
+ if (voiLUTExplanation.getLength() >0)
+ {
+ delem = new DcmLongString(voiLUTExplanation);
+--- dcmtk.orig/dcmpstat/libsrc/dvpssvl.cc
++++ dcmtk/dcmpstat/libsrc/dvpssvl.cc
+@@ -72,7 +72,7 @@
+ DcmSequenceOfItems *dseq=NULL;
+ DcmItem *ditem=NULL;
+
+- if (EC_Normal == dset.search(DCM_SoftcopyVOILUTSequence, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dset.search(DCM_SoftcopyVOILUTSequence, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ dseq=(DcmSequenceOfItems *)stack.top();
+ if (dseq)
+@@ -248,29 +248,36 @@
+ if (result==EC_Normal)
+ {
+ stack.clear();
+- if (EC_Normal == dset.search(DCM_VOILUTSequence, stack, ESM_fromHere,
OFFalse))
++ if (EC_Normal == dset.search(DCM_VOILUTSequence, stack, ESM_fromHere,
OFFalse) && (stack.top()->ident() == EVR_SQ))
+ {
+ seq=(DcmSequenceOfItems *)stack.top();
+ if (seq->card() > 0)
+ {
+ item = seq->getItem(0);
+ stack.clear();
+- if (EC_Normal == item->search((DcmTagKey
&)voiLUTDescriptor.getTag(),
+- stack, ESM_fromHere, OFFalse))
++
++ // LUTDescriptor can be US or SS
++ if ((EC_Normal == item->search((DcmTagKey
&)voiLUTDescriptor.getTag(),
++ stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US
|| stack.top()->ident() == EVR_SS))
+ {
+- voiLUTDescriptor = *((DcmUnsignedShort *)(stack.top()));
++ // We explicitly use DcmElement::operator=(), which works for US
and SS
++ DcmElement *vLUTDescriptor = &voiLUTDescriptor;
++ vLUTDescriptor->operator=(* OFstatic_cast(DcmElement *,
stack.top()));
+ }
++
+ stack.clear();
+ if (EC_Normal == item->search((DcmTagKey
&)voiLUTExplanation.getTag(),
+- stack, ESM_fromHere, OFFalse))
++ stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_LO))
+ {
+ voiLUTExplanation = *((DcmLongString *)(stack.top()));
+ }
+ stack.clear();
+ if (EC_Normal == item->search((DcmTagKey &)voiLUTData.getTag(),
+- stack, ESM_fromHere, OFFalse))
++ stack, ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_US
|| stack.top()->ident() == EVR_OW))
+ {
+- voiLUTData = *((DcmUnsignedShort *)(stack.top()));
++ // we deliberately call DcmElement::operator=() here, which will
work for both DcmUnsignedShort and DcmOtherByteOtherWord parameters
++ DcmElement *vldata = &voiLUTData;
++ vldata->operator=(*(DcmElement *)(stack.top()));
+ }
+ } else result=EC_TagNotFound;
+ }
+--- dcmtk.orig/dcmpstat/libsrc/dvpstat.cc
++++ dcmtk/dcmpstat/libsrc/dvpstat.cc
+@@ -1,6 +1,6 @@
+ /*
+ *
+- * Copyright (C) 1998-2021, OFFIS e.V.
++ * Copyright (C) 1998-2024, OFFIS e.V.
+ * All rights reserved. See COPYRIGHT file for details.
+ *
+ * This software and supporting documentation were developed by
+@@ -578,14 +578,14 @@
+ currentImageSelectedFrame = 1; // default: first frame
+
+ // get Modality
+- if (EC_Normal == dataset->search(DCM_Modality, stack, ESM_fromHere,
OFFalse))
++ if (EC_Normal == dataset->search(DCM_Modality, stack, ESM_fromHere,
OFFalse) && (stack.top()->ident() == EVR_CS))
+ {
+ currentImageModality = *((DcmCodeString *)(stack.top()));
+ }
+ stack.clear();
+
+ // determine default Presentation LUT Shape
+- if (EC_Normal == dataset->search(DCM_PhotometricInterpretation, stack,
ESM_fromHere, OFFalse))
++ if (EC_Normal == dataset->search(DCM_PhotometricInterpretation, stack,
ESM_fromHere, OFFalse) && (stack.top()->ident() == EVR_CS))
+ {
+ DcmCodeString *photometricInterpretation = (DcmCodeString
*)(stack.top());
+ if (photometricInterpretation->getVM() == 1)
+@@ -598,12 +598,12 @@
+ stack.clear();
+
+ // get SOP class UID and SOP instance UID.
+- if ((EC_Normal == result)&&(EC_Normal ==
dataset->search(DCM_SOPClassUID, stack, ESM_fromHere, OFFalse)))
++ if ((EC_Normal == result)&&(EC_Normal ==
dataset->search(DCM_SOPClassUID, stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_UI))
+ {
+ result = ((DcmUniqueIdentifier
*)(stack.top()))->getString(currentImageSOPClassUID);
+ }
+ stack.clear();
+- if ((EC_Normal == result)&&(EC_Normal ==
dataset->search(DCM_SOPInstanceUID, stack, ESM_fromHere, OFFalse)))
++ if ((EC_Normal == result)&&(EC_Normal ==
dataset->search(DCM_SOPInstanceUID, stack, ESM_fromHere, OFFalse)) &&
(stack.top()->ident() == EVR_UI))
+ {
+ result = ((DcmUniqueIdentifier
*)(stack.top()))->getString(currentImageSOPInstanceUID);
+ }
+@@ -1124,40 +1124,36 @@
+ numEntries16 = (Uint16)numberOfEntries;
+
+ /* LUT Descriptor */
+- DcmElement *lutDescriptor = NULL;
+- if (firstMapped < 0)
++ DcmUnsignedShort *lutDescriptor = new
DcmUnsignedShort(DcmTag(DCM_LUTDescriptor, EVR_US));
++ if (lutDescriptor == NULL) status = EC_MemoryExhausted;
++ else
+ {
+- // LUT Descriptor is SS
+- lutDescriptor = new DcmSignedShort(DcmTag(DCM_LUTDescriptor, EVR_SS));
+- if (lutDescriptor != NULL)
++ if (firstMapped < 0)
+ {
+- status = lutDescriptor->putSint16((Sint16)numEntries16, 0);
+- if (EC_Normal == status)
+- status = lutDescriptor->putSint16((Sint16)firstMapped, 1);
+- if (EC_Normal == status)
+- status = lutDescriptor->putSint16((Sint16)numberOfBits, 2);
+- } else
+- status = EC_MemoryExhausted;
+- } else {
+- // LUT Descriptor is US
+- lutDescriptor = new DcmUnsignedShort(DcmTag(DCM_LUTDescriptor,
EVR_US));
+- if (lutDescriptor != NULL)
+- {
+- status = lutDescriptor->putUint16(numEntries16, 0);
+- if (EC_Normal == status)
+- status = lutDescriptor->putUint16((Uint16)firstMapped, 1);
+- if (EC_Normal == status)
+- status = lutDescriptor->putUint16((Uint16)numberOfBits, 2);
+- } else
+- status = EC_MemoryExhausted;
++ // LUT Descriptor is SS
++ DcmSignedShort ldesc(DcmTag(DCM_LUTDescriptor, EVR_SS));
++ status = ldesc.putSint16((Sint16)numEntries16, 0);
++ if (EC_Normal == status) status =
ldesc.putSint16((Sint16)firstMapped, 1);
++ if (EC_Normal == status) status =
ldesc.putSint16((Sint16)numberOfBits, 2);
++ if (EC_Normal == status)
++ {
++ // copy content of SS element into DcmUnsignedShort using
DcmElement::operator=
++ DcmElement *ld = lutDescriptor;
++ ld->operator=(ldesc);
++ }
++ } else {
++ // LUT Descriptor is US
++ status = lutDescriptor->putUint16(numEntries16, 0);
++ if (EC_Normal == status) status =
lutDescriptor->putUint16((Uint16)firstMapped, 1);
++ if (EC_Normal == status) status =
lutDescriptor->putUint16((Uint16)numberOfBits, 2);
++ }
+ }
+
+ /* LUT Data */
+- DcmElement *lutData = NULL;
++ DcmUnsignedShort *lutData = NULL;
+ if (status == EC_Normal)
+ {
+- // LUT Data as OW, because of max size = 64K
+- lutData = new DcmOtherByteOtherWord(DcmTag(DCM_LUTData, EVR_OW));
++ lutData = new DcmUnsignedShort(DcmTag(DCM_LUTData, EVR_US));
+ if (lutData != NULL)
+ status = lutData->putUint16Array(data, numberOfEntries);
+ else
+@@ -1186,15 +1182,14 @@
+ if (status == EC_Normal)
+ {
+ if ((lutDescriptor != NULL) && (lutData != NULL) && (lutExplanation
!= NULL))
+- status = setVOILUT(*(DcmUnsignedShort *)lutDescriptor,
*(DcmUnsignedShort *)lutData, *lutExplanation, applicability);
++ status = setVOILUT(*lutDescriptor, *lutData, *lutExplanation,
applicability);
+ }
+
+ /* delete temporary dcmtk structures */
+ delete lutDescriptor;
+ delete lutData;
+ delete lutExplanation;
+- } else
+- status = EC_MemoryExhausted;
++ } else status = EC_MemoryExhausted;
+ delete[] data;
+ }
+ return status;
+--- dcmtk.orig/dcmpstat/libsrc/dvpsvl.cc
++++ dcmtk/dcmpstat/libsrc/dvpsvl.cc
+@@ -59,9 +59,24 @@
+ OFCondition result = EC_Normal;
+ DcmStack stack;
+
+- READ_FROM_DATASET(DcmUnsignedShort, EVR_US, voiLUTDescriptor)
++ // LUTDescriptor can be US or SS
++ if ((EC_Normal == dset.search((DcmTagKey &)voiLUTDescriptor.getTag(),
++ stack, ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US ||
stack.top()->ident() == EVR_SS))
++ {
++ // We explicitly use DcmElement::operator=(), which works for US and SS
++ DcmElement *vLUTDescriptor = &voiLUTDescriptor;
++ vLUTDescriptor->operator=(* OFstatic_cast(DcmElement *, stack.top()));
++ }
++
+ READ_FROM_DATASET(DcmLongString, EVR_LO, voiLUTExplanation)
+- READ_FROM_DATASET(DcmUnsignedShort, EVR_US, voiLUTData)
++
++ stack.clear();
++ if ((EC_Normal == dset.search((DcmTagKey &)voiLUTData.getTag(), stack,
ESM_fromHere, OFFalse)) && (stack.top()->ident() == EVR_US ||
stack.top()->ident() == EVR_OW))
++ {
++ // we deliberately call DcmElement::operator=() here, which will work for
both DcmUnsignedShort and DcmOtherByteOtherWord parameters
++ DcmElement *vldata = &voiLUTData;
++ vldata->operator=(*(DcmElement *)(stack.top()));
++ }
+
+ if (EC_Normal == result)
+ {
diff -Nru dcmtk-3.6.7/debian/patches/0014-CVE-2024-28130_3.patch
dcmtk-3.6.7/debian/patches/0014-CVE-2024-28130_3.patch
--- dcmtk-3.6.7/debian/patches/0014-CVE-2024-28130_3.patch 1970-01-01
01:00:00.000000000 +0100
+++ dcmtk-3.6.7/debian/patches/0014-CVE-2024-28130_3.patch 2025-02-10
22:22:59.000000000 +0100
@@ -0,0 +1,75 @@
+commit 7d54f8efec995e5601d089fa17b0625c2b41af23
+Author: Joerg Riesmeier <di...@jriesmeier.com>
+Date: Mon Apr 22 12:11:11 2024 +0200
+
+ Fixed wrong error handling (previous commit).
+
+ Fixed wrong error handling introduced with the previous commit.
+
+--- dcmtk.orig/dcmrt/libsrc/drttypes.cc
++++ dcmtk/dcmrt/libsrc/drttypes.cc
+@@ -210,11 +210,11 @@
+ {
+ DcmStack stack;
+ OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+- if (result.good() && stack.top()->isElement())
++ if (result.good())
+ {
+- DcmElement *element = OFstatic_cast(DcmElement *, stack.top());
+- if (element != NULL)
++ if (stack.top()->isElement())
+ {
++ DcmElement *element = OFstatic_cast(DcmElement *, stack.top());
+ if (checkElementValue(*element, vm, type, result, moduleName))
+ result = element->getOFString(stringValue, 0);
+ else
+--- dcmtk.orig/dcmsr/libsrc/dsrtypes.cc
++++ dcmtk/dcmsr/libsrc/dsrtypes.cc
+@@ -1176,13 +1176,17 @@
+ DcmStack stack;
+ const DcmTagKey tagKey = delem.getTag();
+ OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+- if (result.good() && stack.top()->isElement())
++ if (result.good())
+ {
+- /* copy object from search stack */
+- result = delem.copyFrom(*stack.top());
+- /* we need a reference to the original element in order to determine
the SpecificCharacterSet */
+- if (!checkElementValue(OFstatic_cast(DcmElement *, stack.top()),
tagKey, vm, type, result, moduleName, acceptViolation))
+- result = SR_EC_InvalidValue;
++ if (stack.top()->isElement())
++ {
++ /* copy object from search stack */
++ result = delem.copyFrom(*stack.top());
++ /* we need a reference to the original element in order to
determine the SpecificCharacterSet */
++ if (!checkElementValue(OFstatic_cast(DcmElement *, stack.top()),
tagKey, vm, type, result, moduleName, acceptViolation))
++ result = SR_EC_InvalidValue;
++ } else
++ result = EC_CorruptedData;
+ }
+ /* the element could not be found in the dataset */
+ else if (!checkElementValue(delem, vm, type, result, moduleName,
acceptViolation))
+@@ -1201,13 +1205,17 @@
+ {
+ DcmStack stack;
+ OFCondition result = dataset.search(tagKey, stack, ESM_fromHere, OFFalse
/*searchIntoSub*/);
+- if (result.good() && stack.top()->isElement())
++ if (result.good())
+ {
+- DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
+- /* we need a reference to the original element in order to determine
the SpecificCharacterSet */
+- if (!checkElementValue(delem, tagKey, vm, type, result, moduleName,
acceptViolation))
+- result = SR_EC_InvalidValue;
+- delem->getOFString(stringValue, 0);
++ if (stack.top()->isElement())
++ {
++ DcmElement *delem = OFstatic_cast(DcmElement *, stack.top());
++ /* we need a reference to the original element in order to
determine the SpecificCharacterSet */
++ if (!checkElementValue(delem, tagKey, vm, type, result,
moduleName, acceptViolation))
++ result = SR_EC_InvalidValue;
++ delem->getOFString(stringValue, 0);
++ } else
++ result = EC_CorruptedData;
+ } else {
+ if ((type == "1") || (type == "2"))
+ {
diff -Nru dcmtk-3.6.7/debian/patches/series dcmtk-3.6.7/debian/patches/series
--- dcmtk-3.6.7/debian/patches/series 2025-02-01 20:09:27.000000000 +0100
+++ dcmtk-3.6.7/debian/patches/series 2025-02-10 22:22:55.000000000 +0100
@@ -15,3 +15,6 @@
0009-CVE-2024-27628.patch
0010-CVE-2024-34508-34509.patch
0011-CVE-2024-34508-34509_bis.patch
+0012-CVE-2024-28130_1.patch
+0013-CVE-2024-28130_2.patch
+0014-CVE-2024-28130_3.patch
signature.asc
Description: PGP signature
