[Debian-med-packaging] Bug#715011: #6 DcmQueryRetrieveIndexDatabaseHandle::checkupinStudyDesc (this=this at entry=0x7ad950, pStudyDesc=pStudyDesc at entry=0x7bb9b0,
Mathieu Malaterre
malat at debian.org
Fri Jul 5 12:21:47 UTC 2013
Package: dcmtk
Version: 3.5.4-4+b1
Severity: important
dcmqrscp segfault sometimes (need to reduce test case). Backtrace is:
*** buffer overflow detected ***: /usr/bin/dcmqrscp terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7ffff636fd67]
/lib/x86_64-linux-gnu/libc.so.6(+0xfbd20)[0x7ffff636ed20]
/usr/lib/libdcmqrdb.so.3(_ZN35DcmQueryRetrieveIndexDatabaseHandle18checkupinStudyDescEP15StudyDescRecordPcl+0xa3)[0x7ffff7b9ea43]
/usr/lib/libdcmqrdb.so.3(_ZN35DcmQueryRetrieveIndexDatabaseHandle12storeRequestEPKcS1_S1_P30DcmQueryRetrieveDatabaseStatusb+0x5b9)[0x7ffff7ba42d9]
/usr/lib/libdcmqrdb.so.3(_ZN28DcmQueryRetrieveStoreContext13saveImageToDBEP17T_DIMSE_C_StoreRQPKcP18T_DIMSE_C_StoreRSPPP10DcmDataset+0xcc)[0x7ffff7b8f1bc]
/usr/lib/libdcmqrdb.so.3(_ZN28DcmQueryRetrieveStoreContext15callbackHandlerEP21T_DIMSE_StoreProgressP17T_DIMSE_C_StoreRQPcPP10DcmDatasetP18T_DIMSE_C_StoreRSPS7_+0x7e2)[0x7ffff7b90df2]
/usr/lib/libdcmnet.so.3(_Z19DIMSE_storeProviderP17T_ASC_AssociationhP17T_DIMSE_C_StoreRQPKciPP10DcmDatasetPFvPvP21T_DIMSE_StoreProgressS2_PcS7_P18T_DIMSE_C_StoreRSPS7_ES8_20T_DIMSE_BlockingModei+0x520)[0x7ffff78cbda0]
/usr/lib/libdcmqrdb.so.3(_ZN19DcmQueryRetrieveSCP8storeSCPEP17T_ASC_AssociationP17T_DIMSE_C_StoreRQhR30DcmQueryRetrieveDatabaseHandleb+0xb8d)[0x7ffff7bb0a4d]
/usr/lib/libdcmqrdb.so.3(_ZN19DcmQueryRetrieveSCP8dispatchEP17T_ASC_Associationb+0x6a9)[0x7ffff7bb2219]
/usr/lib/libdcmqrdb.so.3(_ZN19DcmQueryRetrieveSCP17handleAssociationEP17T_ASC_Associationb+0xde)[0x7ffff7bb362e]
/usr/lib/libdcmqrdb.so.3(_ZN19DcmQueryRetrieveSCP18waitForAssociationEP13T_ASC_Network+0x1333)[0x7ffff7bb68a3]
/usr/bin/dcmqrscp[0x406d9e]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7ffff6294a55]
/usr/bin/dcmqrscp[0x4078cd]
======= Memory map: ========
00400000-0040b000 r-xp 00000000 00:10 53950247 /usr/bin/dcmqrscp
0060a000-0060b000 r--p 0000a000 00:10 53950247 /usr/bin/dcmqrscp
0060b000-0060c000 rw-p 0000b000 00:10 53950247 /usr/bin/dcmqrscp
0060c000-007d9000 rw-p 00000000 00:00 0 [heap]
7ffff5d68000-7ffff5d74000 r-xp 00000000 00:10 52480454 /lib/x86_64-linux-gnu/libnss_files-2.17.so
7ffff5d74000-7ffff5f73000 ---p 0000c000 00:10 52480454 /lib/x86_64-linux-gnu/libnss_files-2.17.so
7ffff5f73000-7ffff5f74000 r--p 0000b000 00:10 52480454 /lib/x86_64-linux-gnu/libnss_files-2.17.so
7ffff5f74000-7ffff5f75000 rw-p 0000c000 00:10 52480454 /lib/x86_64-linux-gnu/libnss_files-2.17.so
7ffff5f75000-7ffff6072000 r-xp 00000000 00:10 52480437 /lib/x86_64-linux-gnu/libm-2.17.so
7ffff6072000-7ffff6271000 ---p 000fd000 00:10 52480437 /lib/x86_64-linux-gnu/libm-2.17.so
7ffff6271000-7ffff6272000 r--p 000fc000 00:10 52480437 /lib/x86_64-linux-gnu/libm-2.17.so
7ffff6272000-7ffff6273000 rw-p 000fd000 00:10 52480437 /lib/x86_64-linux-gnu/libm-2.17.so
7ffff6273000-7ffff6417000 r-xp 00000000 00:10 52480458 /lib/x86_64-linux-gnu/libc-2.17.so
7ffff6417000-7ffff6616000 ---p 001a4000 00:10 52480458 /lib/x86_64-linux-gnu/libc-2.17.so
7ffff6616000-7ffff661a000 r--p 001a3000 00:10 52480458 /lib/x86_64-linux-gnu/libc-2.17.so
7ffff661a000-7ffff661c000 rw-p 001a7000 00:10 52480458 /lib/x86_64-linux-gnu/libc-2.17.so
7ffff661c000-7ffff6620000 rw-p 00000000 00:00 0
7ffff6620000-7ffff6636000 r-xp 00000000 00:10 52862577 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff6636000-7ffff6835000 ---p 00016000 00:10 52862577 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff6835000-7ffff6836000 rw-p 00015000 00:10 52862577 /lib/x86_64-linux-gnu/libgcc_s.so.1
7ffff6836000-7ffff6920000 r-xp 00000000 00:10 52862686 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.18
7ffff6920000-7ffff6b1f000 ---p 000ea000 00:10 52862686 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.18
7ffff6b1f000-7ffff6b27000 r--p 000e9000 00:10 52862686 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.18
7ffff6b27000-7ffff6b29000 rw-p 000f1000 00:10 52862686 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.18
7ffff6b29000-7ffff6b3e000 rw-p 00000000 00:00 0
7ffff6b3e000-7ffff6b55000 r-xp 00000000 00:10 52480444 /lib/x86_64-linux-gnu/libpthread-2.17.so
7ffff6b55000-7ffff6d54000 ---p 00017000 00:10 52480444 /lib/x86_64-linux-gnu/libpthread-2.17.so
7ffff6d54000-7ffff6d55000 r--p 00016000 00:10 52480444 /lib/x86_64-linux-gnu/libpthread-2.17.so
7ffff6d55000-7ffff6d56000 rw-p 00017000 00:10 52480444 /lib/x86_64-linux-gnu/libpthread-2.17.so
7ffff6d56000-7ffff6d5a000 rw-p 00000000 00:00 0
7ffff6d5a000-7ffff6d71000 r-xp 00000000 00:10 44122422 /lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff6d71000-7ffff6f70000 ---p 00017000 00:10 44122422 /lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff6f70000-7ffff6f71000 r--p 00016000 00:10 44122422 /lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff6f71000-7ffff6f72000 rw-p 00017000 00:10 44122422 /lib/x86_64-linux-gnu/libz.so.1.2.8
7ffff6f72000-7ffff6fac000 r-xp 00000000 00:10 53940760 /usr/lib/libofstd.so.3.6.1
7ffff6fac000-7ffff71ac000 ---p 0003a000 00:10 53940760 /usr/lib/libofstd.so.3.6.1
7ffff71ac000-7ffff71ad000 r--p 0003a000 00:10 53940760 /usr/lib/libofstd.so.3.6.1
7ffff71ad000-7ffff71ae000 rw-p 0003b000 00:10 53940760 /usr/lib/libofstd.so.3.6.1
7ffff71ae000-7ffff7203000 r-xp 00000000 00:10 53940759 /usr/lib/liboflog.so.3.6.1
7ffff7203000-7ffff7403000 ---p 00055000 00:10 53940759 /usr/lib/liboflog.so.3.6.1
7ffff7403000-7ffff7407000 r--p 00055000 00:10 53940759 /usr/lib/liboflog.so.3.6.1
7ffff7407000-7ffff7408000 rw-p 00059000 00:10 53940759 /usr/lib/liboflog.so.3.6.1
7ffff7408000-7ffff7409000 rw-p 00000000 00:00 0
7ffff7409000-7ffff7605000 r-xp 00000000 00:10 53940742 /usr/lib/libdcmdata.so.3.6.1
7ffff7605000-7ffff7805000 ---p 001fc000 00:10 53940742 /usr/lib/libdcmdata.so.3.6.1
7ffff7805000-7ffff786b000 r--p 001fc000 00:10 53940742 /usr/lib/libdcmdata.so.3.6.1
7ffff786b000-7ffff786e000 rw-p 00262000 00:10 53940742 /usr/lib/libdcmdata.so.3.6.1
7ffff786e000-7ffff795c000 r-xp 00000000 00:10 53940748 /usr/lib/libdcmnet.so.3.6.1
7ffff795c000-7ffff7b5c000 ---p 000ee000 00:10 53940748 /usr/lib/libdcmnet.so.3.6.1
7ffff7b5c000-7ffff7b5e000 r--p 000ee000 00:10 53940748 /usr/lib/libdcmnet.so.3.6.1
7ffff7b5e000-7ffff7b69000 rw-p 000f0000 00:10 53940748 /usr/lib/libdcmnet.so.3.6.1
7ffff7b69000-7ffff7bda000 r-xp 00000000 00:10 53940750 /usr/lib/libdcmqrdb.so.3.6.1
7ffff7bda000-7ffff7dd9000 ---p 00071000 00:10 53940750 /usr/lib/libdcmqrdb.so.3.6.1
7ffff7dd9000-7ffff7dda000 r--p 00070000 00:10 53940750 /usr/lib/libdcmqrdb.so.3.6.1
7ffff7dda000-7ffff7ddb000 rw-p 00071000 00:10 53940750 /usr/lib/libdcmqrdb.so.3.6.1
7ffff7ddb000-7ffff7dfc000 r-xp 00000000 00:10 52480451 /lib/x86_64-linux-gnu/ld-2.17.so
7ffff7fb9000-7ffff7fc1000 rw-p 00000000 00:00 0
7ffff7fd7000-7ffff7ffb000 rw-p 00000000 00:00 0
7ffff7ffb000-7ffff7ffc000 r-xp 00000000 00:00 0 [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00021000 00:10 52480451 /lib/x86_64-linux-gnu/ld-2.17.so
7ffff7ffd000-7ffff7ffe000 rw-p 00022000 00:10 52480451 /lib/x86_64-linux-gnu/ld-2.17.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0 [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Program received signal SIGABRT, Aborted.
0x00007ffff62a8295 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0 0x00007ffff62a8295 in __GI_raise (sig=sig at entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007ffff62ab438 in __GI_abort () at abort.c:90
#2 0x00007ffff62e386b in __libc_message (do_abort=do_abort at entry=2, fmt=fmt at entry=0x7ffff63dd9d5 "*** %s ***: %s terminated\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:199
#3 0x00007ffff636fd67 in __GI___fortify_fail (msg=msg at entry=0x7ffff63dd96c "buffer overflow detected") at fortify_fail.c:31
#4 0x00007ffff636ed20 in __GI___chk_fail () at chk_fail.c:28
#5 0x00007ffff7b9ea43 in strcpy (__src=0x7fffffff7cdc "1.2.826.0.1.3680043.2.1125.3031783122242282653526003804395449135",
__dest=0x7bbb68 "1.2.826.0.1.3680043.2.1125.3031783122242282653526003804395449135\342\004\002") at /usr/include/x86_64-linux-gnu/bits/string3.h:104
#6 DcmQueryRetrieveIndexDatabaseHandle::checkupinStudyDesc (this=this at entry=0x7ad950, pStudyDesc=pStudyDesc at entry=0x7bb9b0,
StudyUID=StudyUID at entry=0x7fffffff7cdc "1.2.826.0.1.3680043.2.1125.3031783122242282653526003804395449135", imageSize=132322)
at /tmp/buildd/dcmtk-3.6.1~20121102/dcmqrdb/libsrc/dcmqrdbi.cc:2805
#7 0x00007ffff7ba42d9 in DcmQueryRetrieveIndexDatabaseHandle::storeRequest (this=0x7ad950, SOPClassUID=<optimized out>,
imageFileName=0x7fffffffa320 "/home/mathieu/Perso/gdcm-gcc/Testing/Temporary/GDCM_STORE/MR_51d6b9aa6bbb8138.dcm", status=0x7fffffff98e0, isNew=true)
at /tmp/buildd/dcmtk-3.6.1~20121102/dcmqrdb/libsrc/dcmqrdbi.cc:3051
#8 0x00007ffff7b8f1bc in DcmQueryRetrieveStoreContext::saveImageToDB (this=this at entry=0x7fffffffa0e0, req=req at entry=0x7fffffffb618,
imageFileName=0x7fffffffa320 "/home/mathieu/Perso/gdcm-gcc/Testing/Temporary/GDCM_STORE/MR_51d6b9aa6bbb8138.dcm", rsp=rsp at entry=0x7fffffff9ea0,
stDetail=stDetail at entry=0x7fffffff9d78) at /tmp/buildd/dcmtk-3.6.1~20121102/dcmqrdb/libsrc/dcmqrcbs.cc:79
#9 0x00007ffff7b90df2 in DcmQueryRetrieveStoreContext::callbackHandler (this=0x7fffffffa0e0, progress=0x7fffffff9e40, req=0x7fffffffb618,
imageFileName=0x0, imageDataSet=0x7fffffffa018, rsp=0x7fffffff9ea0, stDetail=0x7fffffff9d78)
at /tmp/buildd/dcmtk-3.6.1~20121102/dcmqrdb/libsrc/dcmqrcbs.cc:172
#10 0x00007ffff78cbda0 in DIMSE_storeProvider (assoc=assoc at entry=0x7a4be0, presIdCmd=presIdCmd at entry=1 '\001', request=request at entry=0x7fffffffb618,
imageFileName=<optimized out>, imageFileName at entry=0x0, writeMetaheader=<optimized out>, imageDataSet=imageDataSet at entry=0x7fffffffa018,
callback=callback at entry=0x7ffff7ba8a80 <storeCallback(void*, T_DIMSE_StoreProgress*, T_DIMSE_C_StoreRQ*, char*, DcmDataset**, T_DIMSE_C_StoreRSP*, DcmDataset**)>, callbackData=callbackData at entry=0x7fffffffa0e0, blockMode=DIMSE_BLOCKING, timeout=0)
at /tmp/buildd/dcmtk-3.6.1~20121102/dcmnet/libsrc/dimstore.cc:511
#11 0x00007ffff7bb0a4d in DcmQueryRetrieveSCP::storeSCP (this=this at entry=0x7fffffffe0f0, assoc=assoc at entry=0x7a4be0, request=request at entry=0x7fffffffb618,
presId=<optimized out>, dbHandle=..., correctUIDPadding=correctUIDPadding at entry=false)
at /tmp/buildd/dcmtk-3.6.1~20121102/dcmqrdb/libsrc/dcmqrsrv.cc:410
#12 0x00007ffff7bb2219 in DcmQueryRetrieveSCP::dispatch (this=this at entry=0x7fffffffe0f0, assoc=0x7a4be0, correctUIDPadding=correctUIDPadding at entry=false)
at /tmp/buildd/dcmtk-3.6.1~20121102/dcmqrdb/libsrc/dcmqrsrv.cc:164
#13 0x00007ffff7bb362e in DcmQueryRetrieveSCP::handleAssociation (this=this at entry=0x7fffffffe0f0, assoc=0x7a4be0, correctUIDPadding=<optimized out>)
at /tmp/buildd/dcmtk-3.6.1~20121102/dcmqrdb/libsrc/dcmqrsrv.cc:218
#14 0x00007ffff7bb68a3 in DcmQueryRetrieveSCP::waitForAssociation (this=this at entry=0x7fffffffe0f0, theNet=<optimized out>)
at /tmp/buildd/dcmtk-3.6.1~20121102/dcmqrdb/libsrc/dcmqrsrv.cc:1035
#15 0x0000000000406d9e in main (argc=6, argv=<optimized out>) at /tmp/buildd/dcmtk-3.6.1~20121102/dcmqrdb/apps/dcmqrscp.cc:735
(gdb) up
#1 0x00007ffff62ab438 in __GI_abort () at abort.c:90
90 abort.c: No such file or directory.
(gdb)
#2 0x00007ffff62e386b in __libc_message (do_abort=do_abort at entry=2, fmt=fmt at entry=0x7ffff63dd9d5 "*** %s ***: %s terminated\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:199
199 ../sysdeps/unix/sysv/linux/libc_fatal.c: No such file or directory.
(gdb)
#3 0x00007ffff636fd67 in __GI___fortify_fail (msg=msg at entry=0x7ffff63dd96c "buffer overflow detected") at fortify_fail.c:31
31 fortify_fail.c: No such file or directory.
(gdb)
#4 0x00007ffff636ed20 in __GI___chk_fail () at chk_fail.c:28
28 chk_fail.c: No such file or directory.
(gdb)
#5 0x00007ffff7b9ea43 in strcpy (__src=0x7fffffff7cdc "1.2.826.0.1.3680043.2.1125.3031783122242282653526003804395449135",
__dest=0x7bbb68 "1.2.826.0.1.3680043.2.1125.3031783122242282653526003804395449135\342\004\002") at /usr/include/x86_64-linux-gnu/bits/string3.h:104
104 return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
(gdb)
#6 DcmQueryRetrieveIndexDatabaseHandle::checkupinStudyDesc (this=this at entry=0x7ad950, pStudyDesc=pStudyDesc at entry=0x7bb9b0,
StudyUID=StudyUID at entry=0x7fffffff7cdc "1.2.826.0.1.3680043.2.1125.3031783122242282653526003804395449135", imageSize=132322)
at /tmp/buildd/dcmtk-3.6.1~20121102/dcmqrdb/libsrc/dcmqrdbi.cc:2805
2805 strcpy(pStudyDesc[s].StudyInstanceUID,StudyUID) ;
(gdb) p pStudyDesc[s].StudyInstanceUID
value has been optimized out
(gdb) p StudyUID
$1 = 0x7fffffff7cdc "1.2.826.0.1.3680043.2.1125.3031783122242282653526003804395449135"
(gdb) p s
$2 = <optimized out>
(gdb) p pStudyDesc[s]
value has been optimized out
(gdb)
More information about the Debian-med-packaging
mailing list