Skip to content

Fix: UB in CIccProfileSharedPtr pccIcc()#657

Merged
xsscx merged 1 commit intomasterfrom
issue-650
Mar 8, 2026
Merged

Fix: UB in CIccProfileSharedPtr pccIcc()#657
xsscx merged 1 commit intomasterfrom
issue-650

Conversation

@ChrisCoxArt
Copy link
Contributor

@ChrisCoxArt ChrisCoxArt commented Mar 8, 2026

Fixes #650

Pull Request Checklist

  • Have you followed the guidelines in Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you built your Pull Request locally with the Build Instructions?
  • Have you added or updated relevant tests?
  • Have you added or updated relevant docs?

@ChrisCoxArt ChrisCoxArt requested a review from xsscx as a code owner March 8, 2026 01:03
@xsscx xsscx self-assigned this Mar 8, 2026
@xsscx xsscx added PR Pull Request Review in Process Issue is being Reviewed by Maintainers Pending Merge Maintainer indicates Merge Pending and requests no further changes and removed Review in Process Issue is being Reviewed by Maintainers pending labels Mar 8, 2026
xsscx
xsscx approved these changes Mar 8, 2026
View reviewed changes
Copy link
Member

@xsscx xsscx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maintainer Review

2026-03-08 01:11:03 UTC

cd ~
mkdir pr-657
cd pr-657
git clone https://github.com/InternationalColorConsortium/iccDEV.git
cd iccDEV
git fetch origin pull/657/head:pr-657
git checkout pr-657
cd Build
export CXX=clang++ && export CXXFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer -g -O1 -fprofile-arcs -ftest-coverage" && export LDFLAGS="-fsanitize=address,undefined -fprofile-arcs" && cmake Cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DENABLE_ASAN=ON -DENABLE_UBSAN=ON -DENABLE_COVERAGE=ON
make -j32
wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/icc/ub-runtime-error-icFloatNumber-IccMpeBasic_cpp-Line1825.icc
wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/icc/crash_obs.icc
ASAN_OPTIONS=detect_leaks=0 Tools/IccV5DspObsToV4Dsp/iccV5DspObsToV4Dsp ub-runtime-error-icFloatNumber-IccMpeBasic_cpp-Line1825.icc crash_obs.icc foo.icc
...
git log --oneline --graph -1
* 35006ee (HEAD -> pr-657, origin/issue-650) call Begin, and check error return values in v5DspObsToV4Dsp
file ub-runtime-error-icFloatNumber-IccMpeBasic_cpp-Line1825.icc
ub-runtime-error-icFloatNumber-IccMpeBasic_cpp-Line1825.icc: color profile 5.0, RGB/XYZ-mntr device, 30428 bytes, 28-10-2014 17:13:25, embedded, relative colorimetric, PCS X=0xeee2 Z=0xeefc, 0x541b281dcc4ec11c MD5 'LCD Display'
identify ub-runtime-error-icFloatNumber-IccMpeBasic_cpp-Line1825.icc
ub-runtime-error-icFloatNumber-IccMpeBasic_cpp-Line1825.icc ICC 1x1 1x1+0+0 16-bit sRGB 30428B 0.000u 0:00.000
ASAN_OPTIONS=detect_leaks=0 Tools/IccV5DspObsToV4Dsp/iccV5DspObsToV4Dsp ub-runtime-error-icFloatNumber-IccMpeBasic_cpp-Line1825.icc crash_obs.icc foo.icc
bad tagIn in ub-runtime-error-icFloatNumber-IccMpeBasic_cpp-Line1825.icc

@xsscx xsscx changed the title call Begin, and check error return values in v5DspObsToV4Dsp Fix: UB in CIccProfileSharedPtr pccIcc() Mar 8, 2026
@xsscx xsscx merged commit 7db2273 into master Mar 8, 2026
27 checks passed
@xsscx xsscx added Merged Merged Merge Defect Maintainer indicates Merge Defect and removed Pending Merge Maintainer indicates Merge Pending and requests no further changes labels Mar 8, 2026
@xsscx
Copy link
Member

xsscx commented Mar 11, 2026

Post Merge Audit Report

2026-03-11 13:49:43 UTC

Maintainer Summary

The Issue was initially Opened by yours truly and was a UB error:

IccProfLib/IccMpeBasic.cpp:1825:12: runtime error: load of null pointer of type 'icFloatNumber' (aka 'float')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior IccProfLib/IccMpeBasic.cpp:1825:12

The 'Code Review' performed in Approving the PR was made based on the Application Response not Matching on: UndefinedBehaviorSanitizer whereas the Code Review Process was not folllowed because I would have quickly identified that there was a Copy & Paste Error:

  if (!curveMpe->Begin()) {
    printf("bad transform curve in %s\n", argv[2]);
    return -2;
  }
  
  if (!matrixMpe->Begin()) {
    printf("bad transform matrix in %s\n", argv[2]);
    return -2;
  }

Code at HEAD

https://github.com/InternationalColorConsortium/iccDEV/pull/657/changes#diff-5b6f0980509444d8505a95202650f770a0d8a7caee067479228f76f036c68787R182-R190

Resolution

A PR will be opened shortly to Resolve the Issue.

Lessons Learned

This Merge Defect can directly be traced to the Maintainer (me) not putting eyeballs on the PR Code and instead running the Reproducer and Approving.

xsscx pushed a commit to xsscx/research that referenced this pull request Mar 11, 2026
@github-actions
ci: add iccDEV upstream regression gate workflow
1b8ff2e 
Addresses code review gap identified in PR #657 post-merge audit.
Builds iccDEV master with ASAN+UBSAN and runs positive functional
tests (exit 0 + output file exists) on all CLI tools.

Key coverage:
- iccV5DspObsToV4Dsp: 9 tests (Rec2020 × 6 PCC + LCD × 3 PCC)
  using the exact profiles that expose the PR #657 Begin() regression
- iccToXml/iccFromXml round-trip serialization
- iccRoundTrip color transform accuracy
- iccDumpProfile, iccApplyToLink, iccTiffDump

Runs Mon+Thu 05:00 UTC and on workflow_dispatch with configurable ref.

References:
- PR #657: InternationalColorConsortium/iccDEV#657
- Issue #667: InternationalColorConsortium/iccDEV#667

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@ChrisCoxArt ChrisCoxArt deleted the issue-650 branch March 15, 2026 00:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xsscx xsscx xsscx approved these changes

Assignees

@xsscx xsscx

Labels

Merge Defect Maintainer indicates Merge Defect Merged Merged PR Pull Request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix: UB in CIccProfileSharedPtr pccIcc()

2 participants

@ChrisCoxArt @xsscx