Skip to content

Fix: HBO in icMemDump()#689

Merged
xsscx merged 1 commit intomasterfrom
issue-674
Mar 15, 2026
Merged

Fix: HBO in icMemDump()#689
xsscx merged 1 commit intomasterfrom
issue-674

Conversation

@ChrisCoxArt
Copy link
Contributor

@ChrisCoxArt ChrisCoxArt commented Mar 15, 2026

Fixes #674

Pull Request Checklist

  • Have you followed the guidelines in Contributing document?
  • Have you checked to ensure there aren't other open Pull Requests for the same change?
  • Have you built your Pull Request locally with the Build Instructions?
  • Have you added or updated relevant tests?
  • Have you added or updated relevant docs?

@ChrisCoxArt ChrisCoxArt requested a review from xsscx as a code owner March 15, 2026 01:29
@xsscx xsscx self-assigned this Mar 15, 2026
@xsscx xsscx added PR Pull Request Review in Process Issue is being Reviewed by Maintainers and removed pending labels Mar 15, 2026
xsscx
xsscx approved these changes Mar 15, 2026
View reviewed changes
Copy link
Member

@xsscx xsscx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maintainer Review

2026-03-15 01:44:54 UTC

Repro

mkdir pr-689
cd pr-689
git clone https://github.com/InternationalColorConsortium/iccDEV.git
cd iccDEV/Build
git fetch origin pull/689/head:pr-689
git checkout pr-689
export CXX=clang++ && export CXXFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer -g -O1 -fprofile-arcs -ftest-coverage" && export LDFLAGS="-fsanitize=address,undefined -fprofile-arcs" && cmake Cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DENABLE_UBSAN=ON -DENABLE_COVERAGE=ON
make -j$(nproc)
        cd ../Testing/
        echo "=== Updating PATH ==="
         for d in ../Build/Tools/*; do
          [ -d "$d" ] && export PATH="$(realpath "$d"):$PATH"
         done
wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/icc/hbo-icMemDump-IccUtil_cpp-Line1002.icc
ASAN_OPTIONS=print_scariness=1:halt_on_error=0:abort_on_error=0:print_full_stacktrace=1:detect_leaks=0 iccDumpProfile -v 100 hbo-icMemDump-IccUtil_cpp-Line1002.icc ALL

PR Application Output

[2026-03-15 01:40:52 UTC] ~/pr-689/iccDEV/Testing (pr-689)$ ASAN_OPTIONS=print_scariness=1:halt_on_error=0:abort_on_error=0:print_full_stacktrace=1:detect_leaks=0 iccDumpProfile -v 100 hbo-icMemDump-IccUtil_cpp-Line1002.icc ALL
Built with IccProfLib version 2.3.1.5

Profile:            'hbo-icMemDump-IccUtil_cpp-Line1002.icc'
Profile ID:         00000000000000000000004900000000
Size:               720 (0x2d0) bytes

Header
------
Attributes:         Reflective | Glossy
Cmm:                Unknown NULL
Creation Date:      0/0/0 (M/D/Y)  00:00:00
Creator:            NULL
Device Manufacturer:NULL
Data Color Space:   RgbData
Flags:              EmbeddedProfileFalse | UseAnywhere
PCS Color Space:    NoData
Platform:           Unknown
Rendering Intent:   Perceptual
Profile Class:      ColorEncodingClass
Profile SubClass:   Not Defined
Version:            5.00
Illuminant:         X=0.0005, Y=0.0000, Z=0.0000
Spectral PCS:       NoSpectralData
Spectral PCS Range: start=0.0nm, end=0.2nm, steps=0
BiSpectral Range:   Not Defined
MCS Color Space:    Not Defined

Profile Tags (3)
------------
                         Tag    ID      Offset      Size             Pad
                        ----  ------    ------      ----             ---
            referenceNameTag  'rfnm'       168        20               0
           colorSpaceNameTag  'csnm'       188         7               9
      colorEncodingParamsTag  'cept'       204       516               0


Contents of referenceNameTag tag ('rfnm' = 72666E6D)
Type: utf16Type ('ut16' = 75743136)
UTF16 Length = 5 bytes
"䥓传㈲"

Contents of colorSpaceNameTag tag ('csnm' = 63736E6D)
Type: Unknown NULL (NULL)
Unknown Tag Type of 3 Bytes.

Data Follows:
00000000: 00 00 00                                         ...

Contents of colorEncodingParamsTag tag ('cept' = 63657074)
Type: Unknown NULL (NULL)
Unknown Tag Type of 512 Bytes.

Data Follows:
00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000020: 00 00 00 00 00 00 00 00 00 00 00 30 32 38 2D 31  ...........028-1
00000030: 00 38 66 74 75 00 00 00 00 62 67 2D 73 52 47 42  .8ftu....bg-sRGB
00000040: 00 74 73 74 72 00 00 00 00 63 65 70 74 00 00 00  .tstr....cept...
00000050: 00 00 51 10 00 0A CE DC 0F 72 58 59 5A 00 00 00  ..Q......rXYZ...
00000060: C4 00 00 00 14 67 58 59 5A 00 00 00 D8 00 00 00  .....gXYZ.......
00000070: EC 9D A7 A6 A5 FF FF F6 EC 00 00 00 14 66 75 6E  .............fun
00000080: 63 00 00 01 00 00 00 00 70 77 6C 75 6D 00 00 01  c.......pwlum...
00000090: 70 00 00 00 0C 77 58 59 5A 00 00 01 7C 00 00 00  p....wXYZ...|...
000000A0: 0E 65 52 6E 67 00 00 01 8C 00 00 00 10 62 69 74  .eRng........bit
000000B0: 73 00 00 01 9C 00 00 0B 69 6D 00 00 73 74 00 01  s.......im..st..
000000C0: A8 00 00 00 0C 69 62 6B 67 00 00 01 B4 00 00 00  .....ibkg.......
000000D0: 0C 73 72 6E 64 00 00 01 C0 00 00 00 0C 61 69 6C  .srnd........ail
000000E0: 6D 00 00 01 CC 00 00 00 0C 6D 77 70 6C 00 00 01  m........mwpl...
000000F0: D8 00 00 00 0C 6D 77 70 63 00 00 01 E4 00 00 00  .....mwpc.......
00000100: 10 6D 62 70 63 00 00 01 F4 00 00 00 10 66 6C 30  .mbpc........fl0
00000110: 37 00 00 00 00 3F 23 D7 0A 3E A8 F5 C3 3C F5 C2  7....?#..>...<..
00000120: 8F 66 6C 33 32 00 00 00 00 3E 99 99 9A 3F 19 99  .fl32....>...?..
00000130: 9A 3D CC CC CD 66 6C 31 39 60 00 00 00 3E 19 99  .=...fl19`...>..
00000140: 9A 3D 75 C2 8F 3F 4A 3D 71 63 75 72 66 00 00 00  .=u..?J=qcurf...
00000150: 00 00 03 00 00 BB 4D 2E 1C 3B 4D 2E 1C 70 61 72  ......M..;M..par
00000160: 66 00 00 00 00 00 03 00 00 3E D5 55 55 BF 87 0A  f........>.UU...
00000170: 3D BF 80 00 00 00 00 00 00 00 00 00 00 70 61 72  =............par
00000180: 66 00 00 00 00 00 00 00 00 3F 80 00 00 41 4E B8  f........?...AN.
00000190: 52 00 00 00 00 00 00 00 00 70 61 72 66 00 00 00  R........parf...
000001A0: 00 00 03 00 00 3E D5 55 55 3F 87 0A 3D 3F 80 00  .....>.UU?..=?..
000001B0: 00 00 00 00 00 00 00 00 00 00 00 00 03 72 72 00  .............rr.
000001C0: 00 00 00 6D 70 65 74 00 00 00 00 00 03 00 03 00  ...mpet.........
000001D0: 00 00 01 00 00 00 18 00 00 0D 18 63 61 6C 63 00  ...........calc.
000001E0: 00 00 00 00 03 00 03 00 00 00 0B 00 00 00 70 00  ..............p.
000001F0: 00 09 0C 00 00 09 0C 00 00 00 9C 00 00 09 A8 00  ................

Validation Report
-----------------
Profile violates ICC specification for version 5.00

NonCompliant! - Bad Header File Size
NonCompliant! - Bad Profile ID
NonCompliant! -  - Encoding Class has non-zero Header data were zeros are required!
NonCompliant! - referenceNameTag utf16Type: Invalid tag type (Might be critical!).
NonCompliant! - colorSpaceNameTag Unknown NULL: Invalid tag type (Might be critical!).
NonCompliant! - colorEncodingParamsTag Unknown NULL: Invalid tag type (Might be critical!).
Warning! - Tag colorSpaceNameTag (size 7) is followed by 8 unnecessary additional bytes (from offset 196).

@xsscx xsscx added Pending Merge Maintainer indicates Merge Pending and requests no further changes and removed Review in Process Issue is being Reviewed by Maintainers labels Mar 15, 2026
@xsscx xsscx changed the title Remove pointless offset from Describe to avoid buffer overrun Fix: HBO in icMemDump() Mar 15, 2026
@xsscx xsscx merged commit 3c3e6ad into master Mar 15, 2026
27 checks passed
@xsscx xsscx removed the Pending Merge Maintainer indicates Merge Pending and requests no further changes label Mar 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xsscx xsscx xsscx approved these changes

Assignees

@xsscx xsscx

Labels

PR Pull Request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

HBO in icMemDump() at IccUtil.cpp:1002

2 participants

@ChrisCoxArt @xsscx