Skip to content

Fix: SBO in CIccXform3DLut::Apply()#655

Merged
xsscx merged 2 commits intomasterfrom
issue-469
Mar 7, 2026
Merged

Fix: SBO in CIccXform3DLut::Apply()#655
xsscx merged 2 commits intomasterfrom
issue-469

Conversation

@ChrisCoxArt
Copy link
Contributor

@ChrisCoxArt ChrisCoxArt commented Mar 7, 2026

Pull Request Checklist

  • Have you followed the guidelines in Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you built your Pull Request locally with the Build Instructions?
  • Have you added or updated relevant tests?
  • Have you added or updated relevant docs?

@ChrisCoxArt ChrisCoxArt requested a review from xsscx as a code owner March 7, 2026 23:38
@xsscx xsscx self-assigned this Mar 7, 2026
@xsscx xsscx added PR Pull Request Review in Process Issue is being Reviewed by Maintainers Pending Merge Maintainer indicates Merge Pending and requests no further changes and removed Review in Process Issue is being Reviewed by Maintainers pending labels Mar 7, 2026
xsscx
xsscx approved these changes Mar 7, 2026
View reviewed changes
Copy link
Member

@xsscx xsscx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2026-03-07 23:49:11 UTC

@xsscx xsscx linked an issue Mar 7, 2026 that may be closed by this pull request
SBO in CIccXform3DLut::Apply() at IccCmm.cpp:5873 #649
Closed
@xsscx xsscx changed the title check that LUT output colorspace and channel counts agree Fix: SBO in CIccXform3DLut::Apply() Mar 7, 2026
@xsscx
Copy link
Member

xsscx commented Mar 7, 2026

Maintainer Review

2026-03-07 23:50:49 UTC

mkdir pr-655
cd pr-655
git clone https://github.com/InternationalColorConsortium/iccDEV.git
cd iccDEV
git fetch origin pull/655/head:pr-655
git checkout pr-655
cd Build
export CXX=clang++ && export CXXFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer -g -O1 -fprofile-arcs -ftest-coverage" && export LDFLAGS="-fsanitize=address,undefined -fprofile-arcs" && cmake Cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DENABLE_ASAN=ON -DENABLE_UBSAN=ON -DENABLE_COVERAGE=ON
make -j32
wget wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/icc/sbo-CIccXform3DLut-Apply-IccCmm_cpp-Line5873.icc
wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/tif/test_rgb.tif
ASAN_OPTIONS=print_scariness=1:detect_leaks=0 iccApplyProfiles test_rgb.tif foo.tif 0 0 0 0 1 sbo-CIccXform3DLut-Apply-IccCmm_cpp-Line5873.icc 40
...
Error 8 - Unable to begin profile application - Possibly invalid or incompatible profiles

@xsscx xsscx merged commit 48a5319 into master Mar 7, 2026
27 checks passed
@xsscx xsscx added Merged Merged CVE Requested Maintainer indicates a CVE has been Requested and removed Pending Merge Maintainer indicates Merge Pending and requests no further changes labels Mar 7, 2026
@xsscx
Copy link
Member

xsscx commented Mar 9, 2026

GHSA-wh5x-j6pq-pr3c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xsscx xsscx xsscx approved these changes

Assignees

@xsscx xsscx

Labels

CVE Requested Maintainer indicates a CVE has been Requested Merged Merged PR Pull Request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SBO in CIccXform3DLut::Apply() at IccCmm.cpp:5873

2 participants

@ChrisCoxArt @xsscx