UB nan outside range at iccApplyProfiles.cpp:560

[xsscx]

Maintainer Repro

2026-03-06 02:43:39 UTC

Host

5f7e03a (HEAD -> master, origin/master, origin/HEAD) Add link to ICC Intellectual Property Policy in CONTRIBUTING (#643)

PoC Replay

Step 1. wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/icc/ub-nan-outside-range-iccApplyProfiles_cpp-Line560.icc

Step 2. wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/tif/test_rgb.tif

Step 3. ASAN_OPTIONS=detect_leaks=0 iccApplyProfiles test_rgb.tif ub-out.tif 1 0 0 0 0 ub-nan-outside-range-iccApplyProfiles_cpp-Line560.icc 0

PoC Expected Output

ASAN_OPTIONS=detect_leaks=0 iccApplyProfiles /tmp/test_rgb.tif /tmp/ub-out.tif 1 0 0 0 0 ub-nan-outside-range-iccApplyProfiles_cpp-Line560.icc 0
Tools/CmdLine/IccApplyProfiles/iccApplyProfiles.cpp:560:39: runtime error: -nan is outside the range of representable values of type 'unsigned char'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior Tools/CmdLine/IccApplyProfiles/iccApplyProfiles.cpp:560:39

test_rgb.tif

[xsscx]

Link Tested

[2026-03-07 22:34:50 UTC] ~/po/research (main)$ wget https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/icc/ub-nan-outside-range-iccApplyProfiles_cpp-Line560.icc
--2026-03-07 17:36:55--  https://github.com/xsscx/fuzz/raw/refs/heads/master/graphics/icc/ub-nan-outside-range-iccApplyProfiles_cpp-Line560.icc
Resolving github.com (github.com)... 140.82.112.3
Connecting to github.com (github.com)|140.82.112.3|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/xsscx/fuzz/refs/heads/master/graphics/icc/ub-nan-outside-range-iccApplyProfiles_cpp-Line560.icc [following]
--2026-03-07 17:36:55--  https://raw.githubusercontent.com/xsscx/fuzz/refs/heads/master/graphics/icc/ub-nan-outside-range-iccApplyProfiles_cpp-Line560.icc
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.108.133, 185.199.109.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 337304 (329K) [application/octet-stream]
Saving to: ‘ub-nan-outside-range-iccApplyProfiles_cpp-Line560.icc.1’

ub-nan-outside-range-iccApplyProfiles_cpp-Line560.icc.1   100%[====================================================================================================================================>] 329.40K  --.-KB/s    in 0.04s

2026-03-07 17:36:56 (8.49 MB/s) - ‘ub-nan-outside-range-iccApplyProfiles_cpp-Line560.icc.1’ saved [337304/337304]

[2026-03-07 22:36:56 UTC] ~/po/research (main)$

[ChrisCoxArt]

iccApplyProfile has it's on UnitClip function.. which I hadn't noticed, and hadn't updated to handle NaN or Inf.