Skip to content

Regression in CIccTagColorantOrder::Validate() #752

Closed
Bug
#768
Closed
Regression in CIccTagColorantOrder::Validate()#752
Bug
#768
Assignees
xsscx
Labels
BisectMaintainer indicates BisectTriagedMaintainer indicates triaged status and ready for developer handoff
@xsscx

Description

@xsscx
xsscx
opened on Mar 28, 2026

Maintainer Summary

2026-03-28 04:33:49 UTC

Bisect

Bad: c2ea9da
Good: e62525a

Problem Statement

CWE: CWE-20 (Improper Input Validation)
File: IccProfLib/IccTagBasic.cpp lines 8713-8724
Status: Regression introduced by PR #708

Observation

  1. ColorantTableOutTag (0x636C6F74, 'clot') corresponds to PCS channels
  2. A colorSpace=CMYK (4 channel) and PCS=Lab (3 channel) should validate the clot tag against PCS
  3. After c2ea9da, a clot with 3 entry CMYK profile fails validation when it is correct
  4. A malformed clot tag with 4 entries (match colorSpace !PCS) should fail

Code Review

Good: e62525a
Three-branch validation in CIccTagColorantOrder::Validate():

  1. sigPath == icSigColorantTableTag -> validate m_nCount against colorSpace
  2. sigPath == icSigColorantTableOutTag -> validate m_nCount against PCS
  3. else -> warn "Unknown number of required colorants"

Bad: c2ea9da
Single-branch validation:

  1. Validate m_nCount against colorSpace

libIccTest Check

  • CF-340: colorantTableOutTag count vs PCS channels validation

Metadata

Metadata

Assignees

Labels

BisectMaintainer indicates BisectTriagedMaintainer indicates triaged status and ready for developer handoff

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions