Bug#680352:
[...]
conquest DICOM server has been rejected from introduction in debian.
Some issues were my fault (I did not respect some debian policies).
I'll share with you the remaining ones:
[...]
- conquest-dicom-server-1.14.16/jpeg_encoder.cpp has different authors and
different coding style than other source files in that directory. No mention
of a license. Authors not mentioned in debian/copyright.
[...]
- Cppcheck shows a number of errors, including buffer overruns, mismatched
new[]/delete, dangerous use of strncpy(). Since this is run as a CGI server,
these things could be exploited by remote users.
[./device.cpp:778]: (error) Dangerous usage of 's' (strncpy doesn't
always 0-terminate it)
[./dgate.cpp:16228]: (error) Uninitialized variable: format
[./dgate.cpp:5306]: (error) Array 'items[4]' index 4 out of bounds
[./dgate.cpp:5560]: (error) Uninitialized variable: owned
[./nkiqrsop.cpp:5406]: (error) Uninitialized variable: buffer
[./rtc.cxx:608]: (error) Mismatching allocation and deallocation: StringTable
[./rtc.cxx:673]: (error) Mismatching allocation and deallocation: StringTable
[./rtc.cxx:774]: (error) Mismatching allocation and deallocation: StringTable
[buffer.cxx:433]: (error) Mismatching allocation and deallocation: Data
[device.cpp:247]: (error) Array 'PID[255]' index 255 out of bounds
[device.cpp:2748]: (error) Array 'PatientID[255]' index 255 out of bounds
[device.cpp:778]: (error) Dangerous usage of 's' (strncpy doesn't
always 0-terminate it)
[dgate.cpp:10309]: (error) Possible null pointer dereference:
IPCBlockPtrInstance
[dgate.cpp:16228]: (error) Uninitialized variable: format
[dgate.cpp:5306]: (error) Array 'items[4]' index 4 out of bounds
[dgate.cpp:5560]: (error) Uninitialized variable: owned
[rtc.cxx:608]: (error) Mismatching allocation and deallocation: StringTable
[rtc.cxx:673]: (error) Mismatching allocation and deallocation: StringTable
[rtc.cxx:774]: (error) Mismatching allocation and deallocation: StringTable
[...]
Reply to: