Skip to content

Fix crash in SSWCP color_to_int for RGBA color strings#201

Open
appositeit wants to merge 1 commit intoSnapmaker:2.2.4-devfrom
appositeit:fix/sswcp-color-parsing-crash
Open

Fix crash in SSWCP color_to_int for RGBA color strings#201
appositeit wants to merge 1 commit intoSnapmaker:2.2.4-devfrom
appositeit:fix/sswcp-color-parsing-crash

Conversation

@appositeit
Copy link

@appositeit appositeit commented Mar 14, 2026

Summary

  • Fix out-of-bounds string access in color_to_int lambda in SSWCP.cpp that crashes when parsing 9-character RGBA color strings (e.g. "#FFFFFFFF")
  • The 8-digit (RGBA) branch used oriclr[7 - i] which evaluates to oriclr[-1] when i=8, wrapping to std::string::npos and causing SIGABRT
  • Fix: use oriclr[9 - i] for the RGBA branch to correctly index from the end of the 9-character string

Root Cause

The color_to_int lambda validates that oriclr is either 7 or 9 characters starting with #. For the 7-character case (#RRGGBB), the loop oriclr[7 - i] for i in [1, 6] correctly accesses indices 6 down to 1. However, for the 9-character case (#RRGGBBAA), the same oriclr[7 - i] formula is used with i in [1, 8], which accesses index -1 when i=8.

Reproduction

  1. Load a model in Snapmaker Orca
  2. Slice the model
  3. Click "Print" to send to printer via the WebPreprintDialog
  4. The sw_GetFileFilamentMapping command triggers color_to_int with an RGBA color string
  5. Application crashes with SIGABRT

GDB Backtrace

#6  std::__cxx11::basic_string::operator[] (__pos=18446744073709551615)
#7  operator() (oriclr="#FFFFFFFF") at SSWCP.cpp:3074
#8  sw_GetFileFilamentMapping() at SSWCP.cpp:3094

Test plan

  • Verified fix by building with AddressSanitizer (-fsanitize=address -O2) and successfully sending print jobs without crash
  • Verify RGBA color values are parsed correctly (compare parsed integer with expected value)

🤖 Generated with Claude Code

@appositeit @claude
Fix out-of-bounds string access in SSWCP color_to_int for RGBA colors
81b7471 
The color_to_int lambda in sw_GetFileFilamentMapping crashes when
parsing 9-character RGBA color strings like "#FFFFFFFF". The 8-digit
branch uses oriclr[7-i] which evaluates to oriclr[-1] when i=8,
causing an out-of-bounds access and SIGABRT.

Fix by using oriclr[9-i] for the RGBA branch, matching the string
length of 9 (index 8 down to 1, skipping the '#' at index 0).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@appositeit