Merge pull request #81 from ImagingDataCommons/fix-double-free

jcupitt · web-flow · commit e0f07cf89f5b · 2024-02-16T16:26:16.000Z
fix a double free error
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,7 @@
 * improve memory usage [bgilbert]
 * fix docs build with LLVM != 14 [bgilbert]
 * improve thread safety docs [mollyclaretechcyte]
+* fix a double free error and clarify docs on pointer ownership [dtatsis]
 
 ## 1.0.5, 9/10/23
 
diff --git a/include/dicom/dicom.h b/include/dicom/dicom.h
@@ -1026,8 +1026,11 @@ DcmDataSet *dcm_dataset_clone(DcmError **error, const DcmDataSet *dataset);
  * :param dataset: Pointer to Data Set
  * :param element: Pointer to Data Element
  *
- * The object takes over ownership of the memory referenced by `element`
- * and frees it when the object is destroyed or if the insert operation fails.
+ * On success, the dataset takes over ownership of `element`
+ * and frees it when the dataset is destroyed.
+ *
+ * If the insert operation fails, ownership does not pass and the caller is
+ * responsible for freeing `element`.
  *
  * :return: Whether insert operation was successful
  */
@@ -1198,8 +1201,11 @@ DcmSequence *dcm_sequence_create(DcmError **error);
  * :param seq: Pointer to Sequence
  * :param item: Data Set item
  *
- * The object takes over ownership of the memory referenced by `item`
- * and frees it when the object is destroyed or if the append operation fails.
+ * On success, the sequence takes over ownership of `item`
+ * and frees it when the sequence is destroyed.
+ *
+ * If the append fails, ownership does not pass and the caller is
+ * responsible for freeing `item`.
  *
  * :return: Whether append operation was successful
  */
diff --git a/src/dicom-data.c b/src/dicom-data.c
@@ -1391,6 +1391,7 @@ DcmDataSet *dcm_dataset_clone(DcmError **error, const DcmDataSet *dataset)
             return NULL;
         }
         if (!dcm_dataset_insert(error, cloned_dataset, cloned_element)) {
+            dcm_element_destroy(cloned_element);
             dcm_dataset_destroy(cloned_dataset);
             return NULL;
         }
@@ -1435,7 +1436,6 @@ bool dcm_dataset_insert(DcmError **error,
                       "Element already exists",
                       "Inserting Data Element '%08x' into Data Set failed",
                       element->tag);
-        dcm_element_destroy(element);
         return false;
     }
 
@@ -1707,7 +1707,6 @@ DcmDataSet *dcm_sequence_steal(DcmError **error,
     }
 
     DcmDataSet *result = seq_item->dataset;
-    //dcm_dataset_lock(result);
     seq_item->dataset = NULL;
     // this will free the SequenceItem
     utarray_erase(seq->items, index, 1);

Original file line number	Diff line number	Diff line change
`@@ -1391,6 +1391,7 @@ DcmDataSet dcm_dataset_clone(DcmError error, const DcmDataSet dataset)`
`1391`	`1391`	`return NULL;`
`1392`	`1392`	`}`
`1393`	`1393`	`if (!dcm_dataset_insert(error, cloned_dataset, cloned_element)) {`
	`1394`	`+ dcm_element_destroy(cloned_element);`
`1394`	`1395`	`dcm_dataset_destroy(cloned_dataset);`
`1395`	`1396`	`return NULL;`
`1396`	`1397`	`}`
`@@ -1435,7 +1436,6 @@ bool dcm_dataset_insert(DcmError **error,`
`1435`	`1436`	`"Element already exists",`
`1436`	`1437`	`"Inserting Data Element '%08x' into Data Set failed",`
`1437`	`1438`	`element->tag);`
`1438`		`- dcm_element_destroy(element);`
`1439`	`1439`	`return false;`
`1440`	`1440`	`}`
`1441`	`1441`
`@@ -1707,7 +1707,6 @@ DcmDataSet dcm_sequence_steal(DcmError *error,`
`1707`	`1707`	`}`
`1708`	`1708`
`1709`	`1709`	`DcmDataSet *result = seq_item->dataset;`
`1710`		`- //dcm_dataset_lock(result);`
`1711`	`1710`	`seq_item->dataset = NULL;`
`1712`	`1711`	`// this will free the SequenceItem`
`1713`	`1712`	`utarray_erase(seq->items, index, 1);`