Public bug reported:
When a DcmFileFormat is copied in a thread, there is a possible race
condition that may lead to SIGSEGV because of a null pointer
dereference.
A test case is attached. It creates an empty DcmFileFormat, then spawns
12 threads that will copy the DcmFileFormat 1000 times. In my
experiments, in about 75% of the runs, it crashes with a segmentation
fault with the following stack trace:
-----8<-----
* thread #4: tid = 21848, 0x00007f7275242b33
libdcmdata.so.2`DcmSequenceOfItems::DcmSequenceOfItems(DcmSequenceOfItems
const&) + 131, name = 'testcase', stop reason = invalid address (fault address:
0x0)
* frame #0: 0x00007f7275242b33
libdcmdata.so.2`DcmSequenceOfItems::DcmSequenceOfItems(DcmSequenceOfItems
const&) + 131
frame #1: 0x00007f7275249441
libdcmdata.so.2`DcmFileFormat::DcmFileFormat(DcmFileFormat const&) + 17
frame #2: 0x00000000004014bd
testcase`operator(__closure=0x0000000002150e80) + 63 at testcase.cpp:17
frame #3: 0x00000000004018c2
testcase`_M_invoke(__functor=0x0000000002157a20) + 32 at functional:2071
----->8------
The test case contains a commented out line that will lock a mutex
before performing the copy; if this line is uncommented, no crashes are
seen, confirming suspicions of a race condition.
I compile the test case using the following command:
g++ -o testcase testcase.cpp -g -Wall -std=c++11 -DHAVE_CONFIG_H
-ldcmdata
I'm reporting this here because I use the Ubuntu repository version of
the package. If you want me to, I can report this upstream as well,
after verifying that the problem is not caused by Ubuntu/Debian-specific
patches.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libdcmtk2 3.6.0-15
ProcVersionSignature: Ubuntu 3.13.0-61.100-generic 3.13.11-ckt22
Uname: Linux 3.13.0-61-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3.12
Architecture: amd64
CurrentDesktop: XFCE
Date: Fri Aug 21 11:26:49 2015
InstallationDate: Installed on 2015-02-18 (183 days ago)
InstallationMedia: Xubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140723)
SourcePackage: dcmtk
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: dcmtk (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty
** Attachment added: "Test case"
https://bugs.launchpad.net/bugs/1487389/+attachment/4450148/+files/testcase.cpp
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1487389
Title:
SIGSEGV on threaded copy of DcmFileFormat
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dcmtk/+bug/1487389/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
