Correct out-of-bounds memory access (#311)

eschnett · stevengj · web-flow · commit 0a789d6de2c5 · 2025-11-13T14:27:18.000-05:00
* Correct out-of-bounds memory access

* Correct syntax error

* Add test

* Update NEWS.md

Co-authored-by: Steven G. Johnson &lt;stevenj@alum.mit.edu&gt;

---------

Co-authored-by: Steven G. Johnson &lt;stevenj@alum.mit.edu&gt;
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -5,14 +5,14 @@ include (utils.cmake)
 disallow_intree_builds()
 
 # API version - be sure to update utf8proc.h and Makefile, too!
-project (utf8proc VERSION 2.11.0 LANGUAGES C)
+project (utf8proc VERSION 2.11.1 LANGUAGES C)
 
 # This is the ABI version number, which may differ from the
 # API version number (defined in utf8proc.h and above).
 # Be sure to also update these in Makefile and MANIFEST!
 set(SO_MAJOR 3)
 set(SO_MINOR 2)
-set(SO_PATCH 0)
+set(SO_PATCH 1)
 
 option(UTF8PROC_INSTALL "Enable installation of utf8proc" On)
 option(UTF8PROC_ENABLE_TESTING "Enable testing of utf8proc" Off)
diff --git a/MANIFEST b/MANIFEST
@@ -2,8 +2,8 @@ include/
 include/utf8proc.h
 lib/
 lib/libutf8proc.a
-lib/libutf8proc.so -> libutf8proc.so.3.2.0
-lib/libutf8proc.so.2 -> libutf8proc.so.3.2.0
-lib/libutf8proc.so.3.2.0
+lib/libutf8proc.so -> libutf8proc.so.3.2.1
+lib/libutf8proc.so.2 -> libutf8proc.so.3.2.1
+lib/libutf8proc.so.3.2.1
 lib/pkgconfig/
 lib/pkgconfig/libutf8proc.pc
diff --git a/Makefile b/Makefile
@@ -24,10 +24,10 @@ SOFLAG = -Wl,-soname
 # Be sure to also update these ABI versions in MANIFEST and CMakeLists.txt!
 MAJOR=3
 MINOR=2
-PATCH=0
+PATCH=1
 
 # api version (also in utf8proc.h and CMakeLists.txt)
-VERSION=2.11.0
+VERSION=2.11.1
 
 OS := $(shell uname)
 ifeq ($(OS),Darwin) # MacOS X
diff --git a/NEWS.md b/NEWS.md
@@ -1,5 +1,11 @@
 # utf8proc release history #
 
+## Version 2.11.1 ##
+
+2025-11-04
+
+ - Correct out-of-bounds memory access when calling `utf8proc_map` with both `UTF8PROC_CHARBOUND` and `UTF8PROC_DECOMPOSE` ([#311]).
+
 ## Version 2.11.0 ##
 
 2025-09-10
diff --git a/test/fuzzer.c b/test/fuzzer.c
@@ -90,5 +90,8 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
     utf8proc_map(data, len, &str, UTF8PROC_COMPOSE | UTF8PROC_STRIPMARK);
     free(str);
 
+    utf8proc_map(data, len, &str, UTF8PROC_CHARBOUND | UTF8PROC_DECOMPOSE);
+    free(str);
+
     return 0;
-}
+}
diff --git a/utf8proc.c b/utf8proc.c
@@ -595,7 +595,17 @@ UTF8PROC_DLLEXPORT utf8proc_ssize_t utf8proc_decompose_custom(
       utf8proc_int32_t uc1, uc2;
       const utf8proc_property_t *property1, *property2;
       uc1 = buffer[pos];
+      if (uc1 < 0) {
+        /* skip grapheme break */
+        pos++;
+        continue;
+      }
       uc2 = buffer[pos+1];
+      if (uc2 < 0) {
+        /* cannot recombine; skip grapheme break */
+        pos+=2;
+        continue;
+      }
       property1 = unsafe_get_property(uc1);
       property2 = unsafe_get_property(uc2);
       if (property1->combining_class > property2->combining_class &&
diff --git a/utf8proc.h b/utf8proc.h
@@ -73,7 +73,7 @@
 /** The MINOR version number (increased when new functionality is added in a backwards-compatible manner). */
 #define UTF8PROC_VERSION_MINOR 11
 /** The PATCH version (increased for fixes that do not change the API). */
-#define UTF8PROC_VERSION_PATCH 0
+#define UTF8PROC_VERSION_PATCH 1
 /** @} */
 
 #include <stdlib.h>
