UB runtime error: downcast .. does not point to an object of type .. at IccLibXML/IccTagXml.cpp:3094

[xsscx]

Maintainer Repro

2026-01-20 20:57:23 UTC

Type Confusion

Host

Linux 6.6.87.2-microsoft-standard-WSL2 #1 SMP PREEMPT_DYNAMIC Thu Jun  5 18:30:46 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Source Tested

0dbe22e (HEAD -> master, origin/update-docs, origin/master, origin/HEAD) Modify: RefIccMAXConfig.cmake.in (#473)

Step 1. wget https://github.com/xsscx/Commodity-Injection-Signatures/raw/refs/heads/master/graphics/icc/undefined-behavior-type-confusion-runtime-error-CIccSegmentedCurveXmlIccLibXML-IccTagXml_cpp-Line3094.icc

Step 2. iccToXml undefined-behavior-type-confusion-runtime-error-CIccSegmentedCurveXmlIccLibXML-IccTagXml_cpp-Line3094.icc oops.xml

Expected Output

IccXML/IccLibXML/IccTagXml.cpp:3094:13: runtime error: downcast of address 0x503000000370 which does not point to an object of type 'CIccSegmentedCurveXml'
0x503000000370: note: object is of type 'CIccSegmentedCurve'
 00 00 00 00  48 ca e6 45 0c 7d 00 00  a0 03 00 00 30 50 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'CIccSegmentedCurve'
IccXML/IccLibXML/IccTagXml.cpp:3094:53: runtime error: member call on address 0x503000000370 which does not point to an object of type 'CIccSegmentedCurveXml'
0x503000000370: note: object is of type 'CIccSegmentedCurve'
 00 00 00 00  48 ca e6 45 0c 7d 00 00  a0 03 00 00 30 50 00 00  00 00 00 00 00 00 00 00  00 00 00 00
              ^~~~~~~~~~~~~~~~~~~~~~~
              vptr for 'CIccSegmentedCurve'
XML successfully created