Page MenuHomePhabricator

mitk::ImageDataItem::ComputeItemSize() has 4GB limit
Closed, ResolvedPublic

Description

mitk::ImageDataItem::ComputeItemSize() calculates the size in bytes necessary to hold an image volume. With big images (e.g. µCT) this limit hits early, is not recognized and the calculated size is completely wrong due to multiple integer overflow.

To reprocude this, all you need is something like this:

mitk::PixelType pixel_type = mitk::MakeScalarPixelType<short>();
unsigned int image_dimensions[3];
image_dimensions[0] = 1600;
image_dimensions[1] = 1600;
image_dimensions[2] = 5000;
mitk_image->Initialize(pixel_type, 3, image_dimensions);

 // this should allocate ~20GB but does much less
mitk::ImagePixelWriteAccessor<short, 3> write_access(mitk_image.GetPointer(), mitk_image->GetVolumeData());
short* voxel_end = write_access.GetData() + 1600 * 1600 * 5000;
for (short* voxel = write_access.GetData(); voxel < voxel_end; ++voxel) {
    *voxel = 1; // this will generate an illegal access beyond the allocated memory
}

A fix would be to use size_t instead of unsigned long to hold ImageDataItem's m_Size.

This fix could produce/unveil a series of follow-up bugs where other types than size_t are used to hold byte sizes. I'd look into it but will not be able to do so soon.

Revisions and Commits

Event Timeline

kislinsk edited projects, added MITK (2018-04); removed MITK.

Yes we have a overflow of the buffer from a unsigned long.

I will test it by altering ImageDataItem.m_Size to unsigned long long

steint added a revision: Restricted Differential Revision.May 4 2018, 3:33 PM

Suggestion: use size_t instead which is used all over the standard library to denote memory sizes.
Plus: if you find the time, you could try to generate a random/fixed pattern image of 20GB and verify that MitkWorkbench is able to load _and_ display it. This might uncover a couple of related bugs - or just pass perfectly :-)

Thank you, i have used size_t and tested a random pattern image (see screenshot below) which works fine in Release Mode.

grafik.png (875×1 px, 788 KB)

Great news! Honestly I am surprised that everything just works fine (since nobody every tried this), but this is just very good news! Thank you!

Deleted branch T24716-imageDataItem-limit-expanded.