Skip to content

Add CodeQL + CTest for the #1356/#1359 patterns; fix the latent siblings they surface (#1361)#1365

Merged
xsscx merged 3 commits into
masterfrom
add-1361-codeql-roundtrip-version
Jun 15, 2026
Merged

Add CodeQL + CTest for the #1356/#1359 patterns; fix the latent siblings they surface (#1361)#1365
xsscx merged 3 commits into
masterfrom
add-1361-codeql-roundtrip-version

Conversation

@colourbill-ctrl

@colourbill-ctrl colourbill-ctrl commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Closes #1361. In-repo branch (re-opened from #1363 per maintainer request so the Script/CodeQL CI runs against it — fork PRs hit the WORKFLOW_TRIGGER_HELPER unbound-variable limitation). Supersedes #1363.

Adds the CodeQL/CTest coverage to "identify same/similar issues" from #1356, #1358 and #1359 — and fixes the real latent instances the new queries surface, so both queries run clean.

CodeQL queries (detection)

signature-serialized-without-zero-guard.ql — the #1356 round-trip class. An ICC four-byte signature serialized through the icGetSig* text helpers does not round-trip when zero: icGetSig*(0) emits the literal "NULL", and icGetSigVal("NULL") returns 0x4E554C4C. Flags a header field the JSON serializer guards with field ? helper(...) : "" but a *ToXml* serializer emits unconditionally. Understands both ternary and if (field != 0) guard idioms.

version-blind-space-validation.ql — the #1359 class. A header colour space validated by the version-blind CIccInfo::IsValidSpace() directly in an if condition that never consults m_Header.version, so iccMAX-only spaces (ncXXXX) pass on a v2/v4 profile.

Both validated against a locally-built CodeQL DB (CLI 2.25.6):

Query on master on this branch
signature-serialized-without-zero-guard 3 findings (cmmId, deviceClass, creator) 0
version-blind-space-validation 1 finding (DeviceLink PCS check) 0

Fixes the queries surface

CTest (dynamic)

iccdev-issue-1361-header-sig-roundtrip-regression.sh — generalises the #1358 round-trip test to cmmId/deviceClass/creator. Verified FAIL on master / PASS on this branch. Registered as iccdev.issue-1361-header-sig-roundtrip-regression.

Note on scope

Bundles detection (the queries/test #1361 asked for) with the small fixes those detectors surface, so the committed queries are green. The two source fixes are each a direct analog of #1356 / #1359 and isolated in their own commit — happy to split if preferred.

🤖 Generated with Claude Code

colourbill-ctrl and others added 3 commits June 15, 2026 14:25
@colourbill-ctrl @claude
Add CodeQL queries for the #1356 round-trip and #1359 version-blind p…
664cbde 
…atterns (#1361)

Two custom queries generalising the #1355/#1356/#1359 findings so the same
classes of bug are caught statically:

* signature-serialized-without-zero-guard.ql -- an ICC four-byte signature
  serialized via the icGetSig* text helpers does not round-trip when zero
  (icGetSig*(0) -> "NULL"; icGetSigVal("NULL") -> 0x4E554C4C). Flags a header
  field that the JSON serializer guards with `field ? helper(...) : ""` but a
  *ToXml* serializer emits unconditionally. Validated: flags cmmId, deviceClass
  and creator on master; clean once they are guarded.

* version-blind-space-validation.ql -- a header colour space validated by the
  version-blind CIccInfo::IsValidSpace() directly in an `if` condition that
  never consults m_Header.version, so iccMAX-only spaces (ncXXXX) pass on a
  v2/v4 profile. Validated: flags the DeviceLink PCS check on master; clean
  once it is version-gated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@colourbill-ctrl @claude
Fix latent round-trip / version-blind siblings surfaced by the #1361
6a4efff 
…queries

Close the issues the two new CodeQL queries flag, so both run clean:

* IccProfileXml.cpp: guard the zero case for the remaining header signature
  fields the JSON serializer already guards -- PreferredCMMType (cmmId),
  ProfileDeviceClass (deviceClass) and ProfileCreator (creator). Like the data
  colour space / PCS fix in #1356, a zero value was serialized as the literal
  "NULL" and reparsed by icGetSigVal("NULL") to 0x4E554C4C, corrupting it on an
  iccToXml -> iccFromXml round-trip. Emit an empty element for zero instead.

* IccProfile.cpp: version-gate the DeviceLink PCS colour-space check the same
  way #1359 gated the data colour space. IsValidSpace() is version-blind and
  accepts the iccMAX N-channel spaces (ncXXXX) for any version, so a v2/v4
  DeviceLink could carry an ncXXXX PCS unflagged; it is now a critical error
  reporting the raw value.

Verified: zero cmmId/deviceClass/creator round-trip as 0 (not 0x4E554C4C); a
v4 DeviceLink with an ncXXXX PCS is now flagged; v5 and normal v2/v4 profiles
are unaffected.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@colourbill-ctrl @claude
Test: regression for header signature XML round-trip corruption (#1361)
9001cb6 
Generalises the #1358 data-colour-space round-trip test to the remaining header
signature fields the #1361 fix guards. Zeroes cmmId / deviceClass / creator in
a real profile, serialises to XML and parses back, and fails if any field is
corrupted to 0x4E554C4C ("NULL") instead of round-tripping as zero. Companion
to the static signature-serialized-without-zero-guard.ql query.

Verified to FAIL on master (all three corrupted) and PASS with the writer
guards. Plain functional test; skips cleanly when the tools/fixture are absent.
Reuses the committed nodata-colourspace-1356.icc fixture.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@colourbill-ctrl colourbill-ctrl mentioned this pull request Jun 15, 2026
Closed
@github-actions github-actions Bot added Testing CTest, regression, or test coverage Source C or C++ source code changes Scripts Shell, PowerShell, or repository automation scripts Configuration Repository, CMake, YAML, JSON, or tool configuration Build Build system, CMake, compiler, or packaging security Security, sanitizer, or fuzzer-relevant report SAST Static analysis or source security scanning CodeQL CodeQL configuration, workflow, queries, or reports Unix Linux, macOS, Bash, or POSIX shell scope failed One or more CI checks failed pending CI checks still running and removed failed One or more CI checks failed labels Jun 15, 2026
xsscx
xsscx approved these changes Jun 15, 2026
View reviewed changes

@xsscx xsscx left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2026-06-15 22:01:46 UTC

@colourbill-ctrl colourbill-ctrl mentioned this pull request Jun 15, 2026
Merged
@xsscx xsscx merged commit 751a0c6 into master Jun 15, 2026
56 of 58 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xsscx xsscx xsscx approved these changes

@ChrisCoxArt ChrisCoxArt Awaiting requested review from ChrisCoxArt ChrisCoxArt is a code owner

@maxderhak maxderhak Awaiting requested review from maxderhak maxderhak is a code owner

@dwtza dwtza Awaiting requested review from dwtza dwtza is a code owner

Assignees

No one assigned

Labels

Build Build system, CMake, compiler, or packaging CodeQL CodeQL configuration, workflow, queries, or reports Configuration Repository, CMake, YAML, JSON, or tool configuration pending CI checks still running SAST Static analysis or source security scanning Scripts Shell, PowerShell, or repository automation scripts security Security, sanitizer, or fuzzer-relevant report Source C or C++ source code changes Testing CTest, regression, or test coverage Unix Linux, macOS, Bash, or POSIX shell scope

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add CodeQL #1355

2 participants

@colourbill-ctrl @xsscx