View Issue Details [ Jump to Notes ]

[ Print ]

Project

Category

View Status

Date Submitted

Last Update

0010529

ITK

public

2010-04-09 10:30

2010-10-21 12:31

Reporter

Nicolas Savoire

Assigned To

Bradley Lowekamp

Priority

normal

Severity

crash

Reproducibility

always

Status

closed

Resolution

fixed

Platform

Linux

Ubuntu

OS Version

9.10

Product Version

ITK-3-16

Target Version

Fixed in Version

ITK-3-18

Summary

0010529: Reading a 2D image from a 3D leads to a crash

Description

When reading a 2D image from a 3D file sometimes leads to a crash depending on the ImageIO used. It happens when the requested image pixel type differs from the file pixel type and when using an ImageIO that use the default GenerateStreamableReadRegionFromRequestedRegion implementation or returns its largest possible region in GenerateStreamableReadRegionFromRequestedRegion.
The culprit is most probably itkImageFileReader.txx:414:
this->DoConvertBuffer(static_cast< void *>(loadBuffer), m_ActualIORegion.GetNumberOfPixels() );
When a type conversion is needed, the number of pixels of the actual IO region is used instead of number of pixels of the requested region, as a result a buffer overflow happens when the actual image io is larger than the requested region.

Steps To Reproduce

Attached is a test file that triggers the crash.

Tags

No tags attached.

Resolution Date

Sprint

Sprint Status

Attached Files

itkImageFileReaderBug.cxx [^] (775 bytes) 2010-04-09 10:30

itkImageFileReader.patch [^] (665 bytes) 2010-04-09 10:37 [Show Content] [Hide Content]

--- InsightToolkit-3.16.0/Code/IO/itkImageFileReader.txx	2009-08-11 14:45:07.000000000 +0200
+++ InsightToolkit-3.16.0-patched/Code/IO/itkImageFileReader.txx	2010-04-09 16:35:45.000000000 +0200
@@ -411,7 +411,7 @@
       loadBuffer = new char[ sizeOfActualIORegion ];
       m_ImageIO->Read( static_cast< void *>(loadBuffer) );
       
-      this->DoConvertBuffer(static_cast< void *>(loadBuffer), m_ActualIORegion.GetNumberOfPixels() );
+      this->DoConvertBuffer(static_cast< void *>(loadBuffer), output->GetBufferedRegion().GetNumberOfPixels() );
       }
     else if ( m_ActualIORegion.GetNumberOfPixels() != requestedRegion.GetNumberOfPixels() ) 
       {

Relationships

Notes
(0020110) Nicolas Savoire (reporter) 2010-04-09 10:37	Proposed patch to fix the issue.

(0020111) Luis Ibanez (manager) 2010-04-09 10:48	Nicolas, Could you please indicate with what image file formats you observe this problem ? and also, it will be great if you could provide a minimal image that will allow us to replicate the problem. Thanks Luis

(0020112) Nicolas Savoire (reporter) 2010-04-09 10:57	Luis, The file itkImageFileReaderBug.cxx attached to this issue writes a vtk file and tries to read it to trigger the bug. I managed to trigger the bug with the vtk file format and the meta file format if I disable the use of streaming. Nicolas

(0020113) Bradley Lowekamp (developer) 2010-04-09 11:04	Nicolas, This looks like a nice find! The comments in the code look like they were helpful to tracking this down: loadBuffer = new char[ sizeOfActualIORegion ]; m_ImageIO->Read( static_cast< void >(loadBuffer) ); this->DoConvertBuffer(static_cast< void >(loadBuffer), m_ActualIORegion.GetNumberOfPixels() ); } else if ( m_ActualIORegion.GetNumberOfPixels() != requestedRegion.GetNumberOfPixels() ) { // for the number of pixels read and the number of pixels // requested to not match, the dimensions of the two regions may // be different, therefore we buffer and copy the pixels itkDebugMacro(<< "Buffer required because file dimension is greater then image dimension"); OutputImagePixelType outputBuffer = output->GetPixelContainer()->GetBufferPointer(); loadBuffer = new char[ sizeOfActualIORegion ]; m_ImageIO->Read( static_cast< void >(loadBuffer) ); Essentially the combination of convert buffer with dimension reduction is not implemented correctly ( that is when conversion in needed and ActualIORegion != requestedRegion). The fix looks correct to me. I really thought I over tested some of this type of functionality... Brad

(0021137) Bradley Lowekamp (developer) 2010-06-22 15:27	Patch was committed a while ago: http://public.kitware.com/cgi-bin/viewcvs.cgi/Code/IO/itkImageFileReader.txx?root=Insight&r1=1.89&r2=1.90 [^]

(0021138) Bradley Lowekamp (developer) 2010-06-22 15:28	The patch appears to have solved the issue

Issue History
Date Modified	Username	Field	Change
2010-04-09 10:30	Nicolas Savoire	New Issue
2010-04-09 10:30	Nicolas Savoire	File Added: itkImageFileReaderBug.cxx
2010-04-09 10:37	Nicolas Savoire	File Added: itkImageFileReader.patch
2010-04-09 10:37	Nicolas Savoire	Note Added: 0020110
2010-04-09 10:47	Luis Ibanez	Status	new => assigned
2010-04-09 10:47	Luis Ibanez	Assigned To	=> Bradley Lowekamp
2010-04-09 10:48	Luis Ibanez	Note Added: 0020111
2010-04-09 10:57	Nicolas Savoire	Note Added: 0020112
2010-04-09 11:04	Bradley Lowekamp	Note Added: 0020113
2010-06-22 15:27	Bradley Lowekamp	Note Added: 0021137
2010-06-22 15:28	Bradley Lowekamp	Note Added: 0021138
2010-06-22 15:28	Bradley Lowekamp	Status	assigned => resolved
2010-06-22 15:28	Bradley Lowekamp	Fixed in Version	=> ITK-3-18
2010-06-22 15:28	Bradley Lowekamp	Resolution	open => fixed
2010-10-21 12:31	Gabe Hart	Status	resolved => closed