Skip to content

Fix: HBO in CTiffImg::ReadLine()#659

Merged
xsscx merged 1 commit intomasterfrom
issue-656
Mar 8, 2026
Merged

Fix: HBO in CTiffImg::ReadLine()#659
xsscx merged 1 commit intomasterfrom
issue-656

Conversation

@ChrisCoxArt
Copy link
Contributor

@ChrisCoxArt ChrisCoxArt commented Mar 8, 2026

Fixes #656

Pull Request Checklist

  • Have you followed the guidelines in Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you built your Pull Request locally with the Build Instructions?
  • Have you added or updated relevant tests?
  • Have you added or updated relevant docs?

@ChrisCoxArt ChrisCoxArt requested a review from xsscx as a code owner March 8, 2026 01:51
@xsscx xsscx self-assigned this Mar 8, 2026
@xsscx xsscx added PR Pull Request Review in Process Issue is being Reviewed by Maintainers Pending Merge Maintainer indicates Merge Pending and requests no further changes and removed Review in Process Issue is being Reviewed by Maintainers pending labels Mar 8, 2026
xsscx
xsscx approved these changes Mar 8, 2026
View reviewed changes
Copy link
Member

@xsscx xsscx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maintainer Review

2026-03-08 02:01:28 UTC

Git

[2026-03-08 02:01:28 UTC] ~/pr-659/iccDEV/Build (pr-659)$ git log --oneline --graph -1
* 8618025 (HEAD -> pr-659, origin/issue-656) use max size for strip to allocate buffer, just in case

Repro

cd ~
mkdir pr-659
cd pr-659
git clone https://github.com/InternationalColorConsortium/iccDEV.git
cd iccDEV
git fetch origin pull/659/head:pr-659
git checkout pr-659
cd Build
export CXX=clang++ && export CXXFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer -g -O1 -fprofile-arcs -ftest-coverage" && export LDFLAGS="-fsanitize=address,undefined -fprofile-arcs" && cmake Cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DENABLE_ASAN=ON -DENABLE_UBSAN=ON -DENABLE_COVERAGE=ON
make -j32
wget https://github.com/xsscx/research/raw/refs/heads/main/test-profiles/Rec2020rgbSpectral.icc
wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/tif/hbo-CTiffImg-ReadLine-TiffImg_cpp-Line370.tiff
ASAN_OPTIONS=print_scariness=1 iccDEV/Build/Tools/IccApplyProfiles/iccApplyProfiles hbo-CTiffImg-ReadLine-TiffImg_cpp-Line370.tiff foo.tif 0 0 0 0 1 Rec2020rgbSpectral.icc 1
...
git log --oneline --graph -1
* 8618025 (HEAD -> pr-659, origin/issue-656) use max size for strip to allocate buffer, just in case
ASAN_OPTIONS=print_scariness=1 Tools/IccApplyProfiles/iccApplyProfiles hbo-CTiffImg-ReadLine-TiffImg_cpp-Line370.tiff foo.tif 0 0 0 0 1 Rec2020rgbSpectral.icc 1
TIFFReadDirectory: Warning, Bogus "StripByteCounts" field, ignoring and calculating from imagelength.
100%

@xsscx xsscx changed the title use max size for strip to allocate buffer, just in case Fix: HBO in CTiffImg::ReadLine() Mar 8, 2026
@xsscx xsscx merged commit 867d622 into master Mar 8, 2026
27 checks passed
@xsscx xsscx added Merged Merged CVE Requested Maintainer indicates a CVE has been Requested and removed Pending Merge Maintainer indicates Merge Pending and requests no further changes labels Mar 8, 2026
@xsscx
Copy link
Member

xsscx commented Mar 9, 2026

GHSA-wh2p-cm3r-7hm3

@ChrisCoxArt ChrisCoxArt deleted the issue-656 branch March 15, 2026 00:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xsscx xsscx xsscx approved these changes

Assignees

@xsscx xsscx

Labels

CVE Requested Maintainer indicates a CVE has been Requested Merged Merged PR Pull Request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

HBO in CTiffImg::ReadLine() at TiffImg.cpp:370

2 participants

@ChrisCoxArt @xsscx