MantisBT - ITK |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0010529 | ITK | | public | 2010-04-09 10:30 | 2010-10-21 12:31 |
|
| Reporter | Nicolas Savoire | |
| Assigned To | Bradley Lowekamp | |
| Priority | normal | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | Linux | OS | Ubuntu | OS Version | 9.10 |
| Product Version | ITK-3-16 | |
| Target Version | | Fixed in Version | ITK-3-18 | |
| Resolution Date | |
| Sprint | |
| Sprint Status | |
|
| Summary | 0010529: Reading a 2D image from a 3D leads to a crash |
| Description | When reading a 2D image from a 3D file sometimes leads to a crash depending on the ImageIO used. It happens when the requested image pixel type differs from the file pixel type and when using an ImageIO that use the default GenerateStreamableReadRegionFromRequestedRegion implementation or returns its largest possible region in GenerateStreamableReadRegionFromRequestedRegion.
The culprit is most probably itkImageFileReader.txx:414:
this->DoConvertBuffer(static_cast< void *>(loadBuffer), m_ActualIORegion.GetNumberOfPixels() );
When a type conversion is needed, the number of pixels of the actual IO region is used instead of number of pixels of the requested region, as a result a buffer overflow happens when the actual image io is larger than the requested region.
|
| Steps To Reproduce | Attached is a test file that triggers the crash. |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files |  itkImageFileReaderBug.cxx (775) 2010-04-09 10:30
https://public.kitware.com/Bug/file/3017/itkImageFileReaderBug.cxx
 itkImageFileReader.patch (665) 2010-04-09 10:37
https://public.kitware.com/Bug/file/3018/itkImageFileReader.patch |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2010-04-09 10:30 | Nicolas Savoire | New Issue | |
| 2010-04-09 10:30 | Nicolas Savoire | File Added: itkImageFileReaderBug.cxx | |
| 2010-04-09 10:37 | Nicolas Savoire | File Added: itkImageFileReader.patch | |
| 2010-04-09 10:37 | Nicolas Savoire | Note Added: 0020110 | |
| 2010-04-09 10:47 | Luis Ibanez | Status | new => assigned |
| 2010-04-09 10:47 | Luis Ibanez | Assigned To | => Bradley Lowekamp |
| 2010-04-09 10:48 | Luis Ibanez | Note Added: 0020111 | |
| 2010-04-09 10:57 | Nicolas Savoire | Note Added: 0020112 | |
| 2010-04-09 11:04 | Bradley Lowekamp | Note Added: 0020113 | |
| 2010-06-22 15:27 | Bradley Lowekamp | Note Added: 0021137 | |
| 2010-06-22 15:28 | Bradley Lowekamp | Note Added: 0021138 | |
| 2010-06-22 15:28 | Bradley Lowekamp | Status | assigned => resolved |
| 2010-06-22 15:28 | Bradley Lowekamp | Fixed in Version | => ITK-3-18 |
| 2010-06-22 15:28 | Bradley Lowekamp | Resolution | open => fixed |
| 2010-10-21 12:31 | Gabe Hart | Status | resolved => closed |
|
Notes |
|
|
(0020110)
|
|
Nicolas Savoire
|
|
2010-04-09 10:37
|
|
|
Proposed patch to fix the issue. |
|
|
|
(0020111)
|
|
Luis Ibanez
|
|
2010-04-09 10:48
|
|
Nicolas,
Could you please indicate with what image file formats you observe this problem ?
and also, it will be great if you could provide a minimal image that will allow us to replicate the problem.
Thanks
Luis |
|
|
|
(0020112)
|
|
Nicolas Savoire
|
|
2010-04-09 10:57
|
|
Luis,
The file itkImageFileReaderBug.cxx attached to this issue writes a vtk file and tries to read it to trigger the bug.
I managed to trigger the bug with the vtk file format and the meta file format if I disable the use of streaming.
Nicolas |
|
|
|
(0020113)
|
|
Bradley Lowekamp
|
|
2010-04-09 11:04
|
|
Nicolas,
This looks like a nice find!
The comments in the code look like they were helpful to tracking this down:
loadBuffer = new char[ sizeOfActualIORegion ];
m_ImageIO->Read( static_cast< void *>(loadBuffer) );
this->DoConvertBuffer(static_cast< void *>(loadBuffer), m_ActualIORegion.GetNumberOfPixels() );
}
else if ( m_ActualIORegion.GetNumberOfPixels() != requestedRegion.GetNumberOfPixels() )
{
// for the number of pixels read and the number of pixels
// requested to not match, the dimensions of the two regions may
// be different, therefore we buffer and copy the pixels
itkDebugMacro(<< "Buffer required because file dimension is greater then image dimension");
OutputImagePixelType *outputBuffer = output->GetPixelContainer()->GetBufferPointer();
loadBuffer = new char[ sizeOfActualIORegion ];
m_ImageIO->Read( static_cast< void *>(loadBuffer) );
Essentially the combination of convert buffer with dimension reduction is not implemented correctly ( that is when conversion in needed and ActualIORegion != requestedRegion).
The fix looks correct to me.
I really thought I over tested some of this type of functionality...
Brad |
|
|
|
(0021137)
|
|
Bradley Lowekamp
|
|
2010-06-22 15:27
|
|
|
|
|
(0021138)
|
|
Bradley Lowekamp
|
|
2010-06-22 15:28
|
|
|
The patch appears to have solved the issue |
|