RLECodec::Code(in, out) overruns the RLEHeader::Offset buffer. When I run gdcmMSFFTests.exe, TestImageChangeTransferSyntax3 (trunk revision 6408), Microsoft Visual C++ 2008 SP1 tells me: "Run-Time Check Failure #2 - Stack around the variable 'header' was corrupted"
The bug appears very trivial, as trunk/Source/MediaStorageAndFileFormat/gdcmRLECodec.cxx says:
> RLEHeader header;
> header.NumSegments = MaxNumSegments;
> for(int i = 0; i < 16;++i)
> header.Offset[i] = 0;
> header.Offset[0] = 64;
While RLEHeader::Offset only has 15 elements:
> class RLEHeader
> {
> public:
> uint32_t NumSegments;
> uint32_t Offset[15];
C++ allows initializing aggregates like RLEHeader by specifying a brace-enclosed initializer-list. So the following would correctly initialize the entire RLEHeader:
RLEHeader header = { MaxNumSegments, { 64 } };
Hereby header.Offset[0] is set to 64, and all the other elements of header.Offset are implicitly zero-initialized. So this one line can replace five lines currently in gdcmRLECodec.cxx.
Good catch !
Please commit proposed patch.
Thanks
Fixed at trunk/Source/MediaStorageAndFileFormat/gdcmRLECodec.cxx
http://gdcm.svn.sourceforge.net/viewvc/gdcm?view=rev&revision=6412
Closed by Niels