From d74274161a687c996f4f3912ff268bb332b73e99 Mon Sep 17 00:00:00 2001
From: Erik Schnetter <schnetter@gmail.com>
Date: Tue, 4 Nov 2025 09:17:53 -0500
Subject: [PATCH 1/4] Correct out-of-bounds memory access

---
 utf8proc.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/utf8proc.c b/utf8proc.c
index 40ea295..ece49cc 100644
--- a/utf8proc.c
+++ b/utf8proc.c
@@ -595,7 +595,17 @@ UTF8PROC_DLLEXPORT utf8proc_ssize_t utf8proc_decompose_custom(
       utf8proc_int32_t uc1, uc2;
       const utf8proc_property_t *property1, *property2;
       uc1 = buffer[pos];
+      if (uc1 < 0) {
+        /* skip grapheme break */
+        pos++;
+        continue
+      }
       uc2 = buffer[pos+1];
+      if (uc2 < 0) {
+        /* cannot recombine; skip grapheme break */
+        pos+=2;
+        continue;
+      }
       property1 = unsafe_get_property(uc1);
       property2 = unsafe_get_property(uc2);
       if (property1->combining_class > property2->combining_class &&

From cbcf10055b4884844f0e76681acfb450dcd1666d Mon Sep 17 00:00:00 2001
From: Erik Schnetter <schnetter@gmail.com>
Date: Tue, 4 Nov 2025 09:20:09 -0500
Subject: [PATCH 2/4] Correct syntax error

---
 utf8proc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utf8proc.c b/utf8proc.c
index ece49cc..c59bad2 100644
--- a/utf8proc.c
+++ b/utf8proc.c
@@ -598,7 +598,7 @@ UTF8PROC_DLLEXPORT utf8proc_ssize_t utf8proc_decompose_custom(
       if (uc1 < 0) {
         /* skip grapheme break */
         pos++;
-        continue
+        continue;
       }
       uc2 = buffer[pos+1];
       if (uc2 < 0) {

From 4b776e61298b9a2574b056163d511de5915f9390 Mon Sep 17 00:00:00 2001
From: Erik Schnetter <schnetter@gmail.com>
Date: Tue, 4 Nov 2025 09:26:13 -0500
Subject: [PATCH 3/4] Add test

---
 CMakeLists.txt | 4 ++--
 MANIFEST       | 6 +++---
 Makefile       | 4 ++--
 NEWS.md        | 6 ++++++
 test/fuzzer.c  | 5 ++++-
 utf8proc.h     | 2 +-
 6 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f07f90c..96fc653 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -5,14 +5,14 @@ include (utils.cmake)
 disallow_intree_builds()
 
 # API version - be sure to update utf8proc.h and Makefile, too!
-project (utf8proc VERSION 2.11.0 LANGUAGES C)
+project (utf8proc VERSION 2.11.1 LANGUAGES C)
 
 # This is the ABI version number, which may differ from the
 # API version number (defined in utf8proc.h and above).
 # Be sure to also update these in Makefile and MANIFEST!
 set(SO_MAJOR 3)
 set(SO_MINOR 2)
-set(SO_PATCH 0)
+set(SO_PATCH 1)
 
 option(UTF8PROC_INSTALL "Enable installation of utf8proc" On)
 option(UTF8PROC_ENABLE_TESTING "Enable testing of utf8proc" Off)
diff --git a/MANIFEST b/MANIFEST
index 4bda19a..d43a5fd 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -2,8 +2,8 @@ include/
 include/utf8proc.h
 lib/
 lib/libutf8proc.a
-lib/libutf8proc.so -> libutf8proc.so.3.2.0
-lib/libutf8proc.so.2 -> libutf8proc.so.3.2.0
-lib/libutf8proc.so.3.2.0
+lib/libutf8proc.so -> libutf8proc.so.3.2.1
+lib/libutf8proc.so.2 -> libutf8proc.so.3.2.1
+lib/libutf8proc.so.3.2.1
 lib/pkgconfig/
 lib/pkgconfig/libutf8proc.pc
diff --git a/Makefile b/Makefile
index 74a840e..0f6c2a6 100644
--- a/Makefile
+++ b/Makefile
@@ -24,10 +24,10 @@ SOFLAG = -Wl,-soname
 # Be sure to also update these ABI versions in MANIFEST and CMakeLists.txt!
 MAJOR=3
 MINOR=2
-PATCH=0
+PATCH=1
 
 # api version (also in utf8proc.h and CMakeLists.txt)
-VERSION=2.11.0
+VERSION=2.11.1
 
 OS := $(shell uname)
 ifeq ($(OS),Darwin) # MacOS X
diff --git a/NEWS.md b/NEWS.md
index e52d161..3b78f74 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,5 +1,11 @@
 # utf8proc release history #
 
+## Version 2.11.1 ##
+
+2025-11-04
+
+ - Correct out-of-bounds memory access ([#311]).
+
 ## Version 2.11.0 ##
 
 2025-09-10
diff --git a/test/fuzzer.c b/test/fuzzer.c
index 98ce490..c6f06ad 100644
--- a/test/fuzzer.c
+++ b/test/fuzzer.c
@@ -90,5 +90,8 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
     utf8proc_map(data, len, &str, UTF8PROC_COMPOSE | UTF8PROC_STRIPMARK);
     free(str);
 
+    utf8proc_map(data, len, &str, UTF8PROC_CHARBOUND | UTF8PROC_DECOMPOSE);
+    free(str);
+
     return 0;
-}
\ No newline at end of file
+}
diff --git a/utf8proc.h b/utf8proc.h
index 59e5389..569a21d 100644
--- a/utf8proc.h
+++ b/utf8proc.h
@@ -73,7 +73,7 @@
 /** The MINOR version number (increased when new functionality is added in a backwards-compatible manner). */
 #define UTF8PROC_VERSION_MINOR 11
 /** The PATCH version (increased for fixes that do not change the API). */
-#define UTF8PROC_VERSION_PATCH 0
+#define UTF8PROC_VERSION_PATCH 1
 /** @} */
 
 #include <stdlib.h>

From b02ef84acb4c69da70788e1170028f60aadbd526 Mon Sep 17 00:00:00 2001
From: Erik Schnetter <schnetter@gmail.com>
Date: Wed, 5 Nov 2025 08:13:16 -0500
Subject: [PATCH 4/4] Update NEWS.md

Co-authored-by: Steven G. Johnson <stevenj@alum.mit.edu>
---
 NEWS.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NEWS.md b/NEWS.md
index 3b78f74..d9ccda4 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -4,7 +4,7 @@
 
 2025-11-04
 
- - Correct out-of-bounds memory access ([#311]).
+ - Correct out-of-bounds memory access when calling `utf8proc_map` with both `UTF8PROC_CHARBOUND` and `UTF8PROC_DECOMPOSE` ([#311]).
 
 ## Version 2.11.0 ##