Fix: leak in CIccXform::Create on failure paths (#1304)#1305
Merged
Conversation
CIccXform::Create() is documented to take ownership of pProfile, but it returned NULL on every failure path without freeing it. For an encoding-class profile the original is converted (the encoding profile allocated in CIccDefaultEncProfileConverter::ConvertFromParams() replaces it), so a malformed profile that converts successfully but then fails to produce an xform leaked the converted CIccProfile. Free pProfile on each early `return NULL`, and add an else-branch at the end so the break-to-bottom cases (rv left NULL) also clean up. None of the failure paths reach SetParams(), which is the only place pProfile is adopted, so the deletes are unconditional and safe. Repro (LeakSanitizer): iccApplyNamedCmm test-data-rgb-8bit.txt 0 0 \ huaf-CIccNamedColorCmm-AddXform-IccCmm_cpp-Line10564.icc 50 Before: indirect leak of 232 bytes (IccEncoding.cpp:164). After: clean, AddXform still returns status 4 for the malformed profile. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
colourbill-ctrl
requested review from
ChrisCoxArt,
maxderhak and
xsscx
as code owners
github-actions
Bot
added
Source
ChrisCoxArt
approved these changes
Jun 11, 2026
github-actions
Bot
added
passed
This was referenced Jun 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #1304 — a LeakSanitizer-reported memory leak in
CIccXform::Create().CIccXform::Create()is documented to take ownership ofpProfile, but it returnedNULLon every failure path without freeing it. For anicSigColorEncodingClassprofile, the original profile is deleted and replaced by an encoding-convertedCIccProfile(allocated inCIccDefaultEncProfileConverter::ConvertFromParams(),IccEncoding.cpp:164). A malformed profile that converts successfully but then fails to produce an xform (AddXform→ status 4) therefore leaked the converted profile.Changes (
IccProfLib/IccCmm.cpp)delete pProfile;to all 8 earlyreturn NULLsites inCreate.else { delete pProfile; }at the function tail to cover the break-to-bottom paths wherervis leftNULL(switch defaults / empty inner switches).SetParams()is the only placepProfileis adopted, and it only runs whenrv != NULL, so the deletes are unconditional and cannot double-free.Repro
Verification (ASan/LSan build)
IccEncoding.cpp:164→IccCmm.cpp:551)AddXformstill returns status 4 for the malformed profileConfirmed by stashing the fix and rebuilding: the pre-fix binary reproduces the exact LSan trace from the issue; the post-fix binary is clean. Touches only
IccProfLib/IccCmm.cpp.🤖 Generated with Claude Code