[Mrtrix-discussion] buffer overflow for nifti files under
ubuntu 11.04
Parnesh.Raniga at csiro.au
Parnesh.Raniga at csiro.au
Tue Jul 19 01:01:35 PDT 2011
Hello Donald,
The buffer overflow does not cause a crash per say but the new compiler seems to include stack smash protection by default now and this causes the program to terminate. Your fix stops this.
Cheers,
Parnesh
From: Donald Tournier [mailto:d.tournier at brain.org.au]
Sent: Tuesday, 19 July 2011 5:29 PM
To: Raniga, Parnesh (ICT Centre, Herston - RBWH)
Cc: mrtrix-discussion at www.nitrc.org
Subject: Re: [Mrtrix-discussion] buffer overflow for nifti files under ubuntu 11.04
Hi Parnesh,
Thanks for hunting down the source of that warning. Just out of interest, did the buffer overflow cause the program to crash? I'd be surprised if it caused any issues, given that there is no chance for the overflow to have any associated effects (it just overwrites the adjacent byte in the header, which is not used by MRtrix anyway). In any case, this is probably a remnant of the days when MRtrix only supported Analyse, not NIfTI. The correct fix for this should be to change this line:
338 strncpy ((gchar*) &NH->regular, "r\0", 2);
to:
338 NH->regular = 'r';
339 NH->dim_info = 0;
At least I'm pretty sure that should work - please let me know if you still have issues with that fix.
I've already made these changes in the main code branch, so assuming there are no problems with them, they'll be included in the next release.
Cheers!
Donald.
On 19 July 2011 14:14, <Parnesh.Raniga at csiro.au> wrote:
Hello Donald,
I had a brief look at the archives and could not find any information on this so I am assuming it hasn’t been raised before. There is a buffer overflow occurring with mrtrix programs (e.g tracks2prob) when using nifti and analyse file formats as well as compile time warnings about it under ubuntu 11.04. I have traced this to lines 293 in nifti1.cpp and 338 in analyse.cpp.
These lines should be changed from
strncpy ((gchar*) &NH->regular, "r\0", 2);
to
strncpy ((gchar*) &NH->regular, "r\0", 1); or strncpy ((gchar*) &NH->regular, "r", 1);
Cheers,
Parnesh
_______________________________________________
Mrtrix-discussion mailing list
Mrtrix-discussion at www.nitrc.org<mailto:Mrtrix-discussion at www.nitrc.org>
http://www.nitrc.org/mailman/listinfo/mrtrix-discussion
--
Jacques-Donald Tournier (PhD)
Brain Research Institute, Melbourne, Australia
Tel: +61 (0)3 9035 7033
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nitrc.org/pipermail/mrtrix-discussion/attachments/20110719/c9fcb28d/attachment.html
More information about the Mrtrix-discussion
mailing list