UB at IccCmmConfig.cpp:778

[xsscx]

Maintainer Repro

2026-03-16 00:55:04 UTC

Git

1ffa7a8 (HEAD -> master, tag: v2.3.1.5, origin/master, origin/HEAD) v2.3.1.5 (#661)
4df1fe0 (HEAD -> master, origin/master, origin/HEAD) Fix: Init in iccV5DspObsToV4Dsp (#695)

git clone https://github.com/InternationalColorConsortium/iccDEV.git
cd iccDEV/Build
export CXX=clang++ && export CXXFLAGS="-fsanitize=address,undefined -fno-omit-frame-pointer -g -O1 -fprofile-arcs -ftest-coverage" && export LDFLAGS="-fsanitize=address,undefined -fprofile-arcs" && cmake Cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DENABLE_UBSAN=ON -DENABLE_COVERAGE=ON -DENABLE_TOOLS=ON
make -j32
        cd ../Testing/
        echo "=== Updating PATH ==="
         for d in ../Build/Tools/*; do
          [ -d "$d" ] && export PATH="$(realpath "$d"):$PATH"
         done
./CreateAllProfiles.sh
wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/icc/sbo-GetValues-FixedNum-crafted-cenc.icc
ASAN_OPTIONS=print_scariness=1:halt_on_error=0:abort_on_error=0:print_full_stacktrace=1:detect_leaks=0 iccApplyNamedCmm foo.bar 0 33 0 test 0.0 1.0 0 0 sbo-GetValues-FixedNum-crafted-cenc.icc 1 Display/sRGB_D65_MAT.icc 1

PoC Output

IccCommon/IccCmmConfig.cpp:778:32: runtime error: load of value 33, which is not a valid value for type 'icXformInterp'
    #0 0x63b25f1711ae in CIccCfgProfileSequence::fromArgs(char const**, int, bool) IccCommon/IccCmmConfig.cpp:778:32
    #1 0x63b25f141bd6 in main iccApplyNamedCmm.cpp:298:24
    #2 0x78ea4b82a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #3 0x78ea4b82a28a in __libc_start_main csu/../csu/libc-start.c:360:3
    #4 0x63b25f065a04 in _start (iccApplyNamedCmm+0x81a04) (BuildId: ac4d632da38e4649754678bf46528aa436d89870)

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior IccCommon/IccCmmConfig.cpp:778:32