SIGSEGV on threaded copy of DcmFileFormat
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| dcmtk (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
When a DcmFileFormat is copied in a thread, there is a possible race condition that may lead to SIGSEGV because of a null pointer dereference.
A test case is attached. It creates an empty DcmFileFormat, then spawns 12 threads that will copy the DcmFileFormat 1000 times. In my experiments, in about 75% of the runs, it crashes with a segmentation fault with the following stack trace:
-----8<-----
* thread #4: tid = 21848, 0x00007f7275242b33 libdcmdata.
* frame #0: 0x00007f7275242b33 libdcmdata.
frame #1: 0x00007f7275249441 libdcmdata.
frame #2: 0x00000000004014bd testcase`
frame #3: 0x00000000004018c2 testcase`
----->8------
The test case contains a commented out line that will lock a mutex before performing the copy; if this line is uncommented, no crashes are seen, confirming suspicions of a race condition.
I compile the test case using the following command:
g++ -o testcase testcase.cpp -g -Wall -std=c++11 -DHAVE_CONFIG_H -ldcmdata
I'm reporting this here because I use the Ubuntu repository version of the package. If you want me to, I can report this upstream as well, after verifying that the problem is not caused by Ubuntu/
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libdcmtk2 3.6.0-15
ProcVersionSign
Uname: Linux 3.13.0-61-generic x86_64
NonfreeKernelMo
ApportVersion: 2.14.1-0ubuntu3.12
Architecture: amd64
CurrentDesktop: XFCE
Date: Fri Aug 21 11:26:49 2015
InstallationDate: Installed on 2015-02-18 (183 days ago)
InstallationMedia: Xubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140723)
SourcePackage: dcmtk
UpgradeStatus: No upgrade log present (probably fresh install)
| Sjors Gielen (sgielen) wrote | #1 |
