TC in CIccSegmentedCurveXml::ToXml() at IccXML/IccLibXML/IccMpeXml.cpp:976:49

[xsscx]

Maintainer Repro

Tue Dec 30 01:58:41 PM UTC 2025

git rev-parse HEAD && git show --no-patch --oneline
b656e80
b656e80 (HEAD, origin/master, origin/HEAD, master) Add: Defense in Depth (#385)

Step 1. cd Testing/Calc

Step 2. iccFromXml srgbCalc++Test.xml srgbCalc++Test.icc

Step 3. iccToXml srgbCalc++Test.iccsrgbCalc++Test-xml-icc-xml.xml

Expected Output

IccXML/IccLibXML/IccMpeXml.cpp:976:49: runtime error: member call on address 0x504000000310 which does not point to an object of type 'CIccFormulaCurveSegmentXml'
0x504000000310: note: object is of type 'CIccFormulaCurveSegment'
 00 00 00 00  70 90 64 9d c7 76 00 00  ff ff 7f ff ff ff 7f 7f  00 00 00 00 00 00 04 be  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'CIccFormulaCurveSegment'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior IccXML/IccLibXML/IccMpeXml.cpp:976:49
XML successfully created

[xsscx]

Additional Report

Step 1. cd Testing/Calc

Step 2. iccFromXml srgbCalc++Test.xml srgbCalc++Test.icc

Step 3. iccToXml srgbCalc++Test.iccsrgbCalc++Test-xml-icc-xml.xml

IccXML/IccLibXML/IccMpeXml.cpp:976:13: runtime error: downcast of address 0x504000000310 which does not point to an object of type 'CIccFormulaCurveSegmentXml'
0x504000000310: note: object is of type 'CIccFormulaCurveSegment'
 00 00 00 00  70 90 64 9d c7 76 00 00  ff ff 7f ff ff ff 7f 7f  00 00 00 00 00 00 04 be  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'CIccFormulaCurveSegment'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior IccXML/IccLibXML/IccMpeXml.cpp:976:13

[xsscx]

Unix Repro Script

The example script will build iccDEV in the /tmp directory and reproduce the runtime errors.

Run in Terminal

cd /tmp
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/InternationalColorConsortium/iccDEV/refs/heads/research/contrib/HelperScripts/issue-389.sh)"

Expected Output

...
======================================================
===================  ISSUE START  ====================
======================================================
IccXML/IccLibXML/IccMpeXml.cpp:1038:36: runtime error: downcast of address 0x503000000280 which does not point to an object of type 'CIccSegmentedCurveXml'
0x503000000280: note: object is of type 'CIccSegmentedCurve'
 00 00 00 00  50 94 64 91 d8 7b 00 00  b0 02 00 00 30 50 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'CIccSegmentedCurve'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior IccXML/IccLibXML/IccMpeXml.cpp:1038:36

IccXML/IccLibXML/IccMpeXml.cpp:1040:18: runtime error: member call on address 0x503000000280 which does not point to an object of type 'CIccSegmentedCurveXml'
0x503000000280: note: object is of type 'CIccSegmentedCurve'
 00 00 00 00  50 94 64 91 d8 7b 00 00  b0 02 00 00 30 50 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'CIccSegmentedCurve'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior IccXML/IccLibXML/IccMpeXml.cpp:1040:18

IccXML/IccLibXML/IccMpeXml.cpp:976:13: runtime error: downcast of address 0x504000000310 which does not point to an object of type 'CIccFormulaCurveSegmentXml'
0x504000000310: note: object is of type 'CIccFormulaCurveSegment'
 00 00 00 00  70 90 64 91 d8 7b 00 00  ff ff 7f ff ff ff 7f 7f  00 00 00 00 00 00 04 be  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'CIccFormulaCurveSegment'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior IccXML/IccLibXML/IccMpeXml.cpp:976:13

IccXML/IccLibXML/IccMpeXml.cpp:976:49: runtime error: member call on address 0x504000000310 which does not point to an object of type 'CIccFormulaCurveSegmentXml'
0x504000000310: note: object is of type 'CIccFormulaCurveSegment'
 00 00 00 00  70 90 64 91 d8 7b 00 00  ff ff 7f ff ff ff 7f 7f  00 00 00 00 00 00 04 be  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'CIccFormulaCurveSegment'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /home/xss/head/iccDEV/IccXML/IccLibXML/IccMpeXml.cpp:976:49
XML successfully created
...
======================================================
===================  ISSUE STOP   ====================
======================================================

[ChrisCoxArt]

Same basic cause as #388

[xsscx]

Resolved

Mon Jan 5 04:05:10 AM UTC 2026

xss@W5:~/issue-187/iccDEV/Testing/Calc$ iccFromXml srgbCalc++Test.xml srgbCalc++Test.icc
Profile parsed and saved correctly

xss@W5:~/issue-187/iccDEV/Testing/Calc$ iccToXml srgbCalc++Test.iccsrgbCalc++Test-xml-icc-xml.xml
IccToXml built with IccProfLib Version 2.3.1.2, IccLibXML Version 2.3.1.2

Usage: IccToXml src_icc_profile dest_xml_file

xss@W5:~/issue-187/iccDEV/Testing/Calc$ iccToXml srgbCalc++Test.icc srgbCalc++Test-xml-icc-xml.xml
XML successfully created

xss@W5:~/issue-187/iccDEV/Testing/Calc$ git rev-parse HEAD
a2e98b7

xss@W5:~/issue-187/iccDEV/Testing/Calc$ git show --no-patch --oneline
a2e98b7 (HEAD -> issue-187, origin/issue-187) improved usage, misc. fixes