Skip to content

fix: address 10 code audit issues with validation and robustness#28

Open
lifeart wants to merge 2 commits intomasterfrom
improvements-v4
Open

fix: address 10 code audit issues with validation and robustness#28
lifeart wants to merge 2 commits intomasterfrom
improvements-v4

Conversation

@lifeart
Copy link
Owner

@lifeart lifeart commented Mar 26, 2026

Summary

Fixes 10 issues identified during code audit (Wave 1-3), each with proper fix, regression tests, and two rounds of expert review (domain + QA).

  • MED-09: StackGroupNode wipe properties (wipeX/wipeY) now enforce min: 0, max: 1 with NaN sanitization
  • MED-24: Async logo file upload guarded against use-after-dispose with _disposed flag and pre/post-await checks
  • MED-26: EXR tile count validated against MAX_TILES_PER_LEVEL (2^24) to prevent allocation bombs from malformed files
  • MED-27: DPX dimension validation added in getDPXInfo() — zero, oversized, and total pixel overflow checks
  • MED-31: TIFF IFD entry count capped at 1024 to prevent CPU waste from malformed files
  • MED-32: DPX pixel data size validated against actual file size before buffer allocation
  • MED-44: Worker Transferable validation — detached ArrayBuffers, closed ImageBitmaps, invalid dimensions now return renderError
  • MED-45: Vibrance 3D LUT cache key extended with all computation parameters (lutSize, skinHueCenter, skinHueRange, skinProtectionMin)
  • LOW-08: EXR layer property bidirectionally synced with currentExrLayer field via propertyChanged listener
  • LOW-16: Transform history uses epsilon-based comparison (1e-6) to filter float-precision noise

97 regression tests added across 11 test files. All 25,690+ tests pass. Zero type errors. Zero new lint errors.

Test plan

  • All 10 fixes have dedicated regression tests
  • Each fix passed domain expert review (Round 1)
  • Each fix passed QA review (Round 2) — full suite, tsc, eslint
  • Full test suite: 25,690 tests pass, 1 pre-existing skip, 0 failures
  • tsc --noEmit: clean
  • eslint: 0 new errors

🤖 Generated with Claude Code

@lifeart @claude
fix: address 10 code audit issues with validation, sync, and robustne…
f550a50 
…ss improvements

Fix MED-09 (wipe min/max), MED-24 (upload after disposal), MED-26 (EXR tile overflow),
MED-27 (DPX dimension validation), MED-31 (TIFF IFD count), MED-32 (DPX scanline overflow),
MED-44 (worker Transferable validation), MED-45 (LUT cache key), LOW-08 (EXR layer sync),
LOW-16 (transform history float precision). Adds 97 regression tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@github-actions
Copy link

github-actions bot commented Mar 26, 2026
edited
Loading

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 83.62% 66955 / 80061
🔵 Statements 82.51% 70651 / 85624
🔵 Functions 79.33% 10075 / 12699
🔵 Branches 72.73% 29231 / 40187
Generated in workflow #46 for commit 5eca71c by the Vitest Coverage Report Action

@lifeart @claude
style: fix prettier formatting in EXRDecoder and TIFFFloatDecoder test
5eca71c 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lifeart