rpms
/
gdcm
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'epel9'
${ noResults }
gdcm/TALOS-2024-1924.patch

64 lines
2.9 KiB
Raw Permalink Blame History

From 21a793095ab3aecb794c56439873e5b181ea9d91 Mon Sep 17 00:00:00 2001
From: Mathieu Malaterre <mathieu.malaterre@gmail.com>
Date: Wed, 21 Feb 2024 02:00:38 -0800
Subject: [PATCH] Remove symptoms of TALOS-2024-1924
diff --git a/Source/DataStructureAndEncodingDefinition/gdcmElement.h b/Source/DataStructureAndEncodingDefinition/gdcmElement.h
index b49b093dc..15fb3a117 100644
--- a/Source/DataStructureAndEncodingDefinition/gdcmElement.h
+++ b/Source/DataStructureAndEncodingDefinition/gdcmElement.h
@@ -473,7 +473,7 @@ public:
assert( _is ); // Is stream valid ?
_is.read( reinterpret_cast<char*>(data+0), type_size);
for(unsigned long i=1; i<length; ++i) {
- assert( _is );
+ if( _is )
_is.read( reinterpret_cast<char*>(data+i), type_size );
}
//ByteSwap<T>::SwapRangeFromSwapCodeIntoSystem(data,
@@ -489,7 +489,7 @@ public:
assert( _is ); // Is stream valid ?
_is.read( reinterpret_cast<char*>(data+0), type_size);
for(unsigned long i=1; i<length; ++i) {
- assert( _is );
+ if( _is )
_is.read( reinterpret_cast<char*>(data+i), type_size );
}
//ByteSwap<T>::SwapRangeFromSwapCodeIntoSystem(data,
diff --git a/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx b/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx
index 0d5a99c40..2c566923b 100644
--- a/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx
+++ b/Source/MediaStorageAndFileFormat/gdcmLookupTable.cxx
@@ -130,7 +130,10 @@ void LookupTable::SetLUT(LookupTableType type, const unsigned char *array,
if( !IncompleteLUT )
{
- assert( Internal->RGB.size() == 3*Internal->Length[type]*(BitSample/8) );
+ if( Internal->RGB.size() != 3*Internal->Length[type]*(BitSample/8) ) {
+ gdcmErrorMacro( "Invalid length for LUT data" );
+ return;
+ }
}
// Too funny: 05115014-mr-siemens-avanto-syngo-with-palette-icone.dcm
// There is pseudo PALETTE_COLOR LUT in the Icon, if one look carefully the LUT values
diff --git a/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx b/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx
index 9c30ff8b9..258a23c1f 100644
--- a/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx
+++ b/Source/MediaStorageAndFileFormat/gdcmPixmapReader.cxx
@@ -306,8 +306,12 @@ static void DoIconImage(const DataSet& rootds, Pixmap& image)
unsigned long check =
(el_us3.GetValue(0) ? el_us3.GetValue(0) : 65536)
* el_us3.GetValue(2) / 8;
- assert( check == lut_raw->GetLength() || 2 * check == lut_raw->GetLength()
- || check + 1 == lut_raw->GetLength() ); (void)check;
+ if(!( check == lut_raw->GetLength() || 2 * check == lut_raw->GetLength()
+ || check + 1 == lut_raw->GetLength() )) {
+ gdcmErrorMacro( "Icon Sequence is invalid. Giving up" );
+ pixeldata.Clear();
+ return;
+ }
}
else if( ds.FindDataElement( seglut ) )
{
Reference in new issue View Git Blame Copy Permalink