UB runtime error: member access .. null pointer at IccLibXML/IccTagXml.cpp:1578

[xsscx]

Maintainer Repro

Mon Jan 19 01:54:32 AM UTC 2026

Host

Linux 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun  5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Source Tested

7f0ebcf
7f0ebcf (HEAD -> master, origin/master, origin/HEAD) Modify: ci-pr-action & child workflows (#471)

Step 1. wget https://raw.githubusercontent.com/xsscx/Commodity-Injection-Signatures/refs/heads/master/xml/icc/ub-member-access-null-pointer-struct-xmlnode.xml

Step 2. iccFromXml ub-member-access-null-pointer-struct-xmlnode.xml oops.icc

Expected Output

[2026-01-19 01:57:45 UTC] ~/head/iccDEV/Testing (master)$ iccFromXml ub-member-access-null-pointer-struct-xmlnode.xml oops.icc
IccXML/IccLibXML/IccTagXml.cpp:1578:11: runtime error: member access within null pointer of type 'struct xmlNode'
AddressSanitizer:DEADLYSIGNAL
=================================================================
==11212==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000018 (pc 0x769ecfcfef8c bp 0x7ffde5132700 sp 0x7ffde5132600 T0)
==11212==The signal is caused by a READ memory access.
==11212==Hint: address points to the zero page.
    #0 0x769ecfcfef8c in CIccTagXmlFloatNum<float, CIccXmlArrayType<float, (icTagTypeSignature)1718367026>, (icTagTypeSignature)1718366518>::ParseXml(_xmlNode*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) (Build/IccXML/libIccXML2.so.2+0x4fef8c) (BuildId: f9c769f3e88ba9101df4e5d6b850b0d4a5fc8cb9)
    #1 0x769ecfc39dca in CIccProfileXml::ParseTag(_xmlNode*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) IccXML/IccLibXML/IccProfileXml.cpp:751
    #2 0x769ecfc3e633 in CIccProfileXml::ParseXml(_xmlNode*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&) IccXML/IccLibXML/IccProfileXml.cpp:862
    #3 0x769ecfc3eaf7 in CIccProfileXml::LoadXml(char const*, char const*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >*) IccXML/IccLibXML/IccProfileXml.cpp:919
    #4 0x58892b9e45d3 in main IccXML/CmdLine/IccFromXml/IccFromXml.cpp:68
    #5 0x769ecbe2a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #6 0x769ecbe2a28a in __libc_start_main_impl ../csu/libc-start.c:360
    #7 0x58892b9e3864 in _start (Build/Tools/IccFromXml/iccFromXml+0x9864) (BuildId: 8b491c2f359548d4acda07cfc5de677fbad1725b)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (Build/IccXML/libIccXML2.so.2+0x4fef8c) (BuildId: f9c769f3e88ba9101df4e5d6b850b0d4a5fc8cb9) in CIccTagXmlFloatNum<float, CIccXmlArrayType<float, (icTagTypeSignature)1718367026>, (icTagTypeSignature)1718366518>::ParseXml(_xmlNode*, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&)
==11212==ABORTING