From 64491e4dd48c1e6bcf76184ae1bcceee3dc8a8ea Mon Sep 17 00:00:00 2001 From: Erik Schnetter Date: Sun, 21 Dec 2025 11:26:43 -0500 Subject: [PATCH 1/2] Correct OOB read --- CMakeLists.txt | 4 ++-- MANIFEST | 6 +++--- Makefile | 4 ++-- NEWS.md | 6 ++++++ test/fuzzer.c | 3 +++ utf8proc.c | 4 ++++ utf8proc.h | 2 +- 7 files changed, 21 insertions(+), 8 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5347218..9fbbf94 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,14 +5,14 @@ include (utils.cmake) disallow_intree_builds() # API version - be sure to update utf8proc.h and Makefile, too! -project (utf8proc VERSION 2.11.2 LANGUAGES C) +project (utf8proc VERSION 2.11.3 LANGUAGES C) # This is the ABI version number, which may differ from the # API version number (defined in utf8proc.h and above). # Be sure to also update these in Makefile and MANIFEST! set(SO_MAJOR 3) set(SO_MINOR 2) -set(SO_PATCH 2) +set(SO_PATCH 3) option(UTF8PROC_INSTALL "Enable installation of utf8proc" On) option(UTF8PROC_ENABLE_TESTING "Enable testing of utf8proc" Off) diff --git a/MANIFEST b/MANIFEST index 32255a3..9047ab5 100644 --- a/MANIFEST +++ b/MANIFEST @@ -2,8 +2,8 @@ include/ include/utf8proc.h lib/ lib/libutf8proc.a -lib/libutf8proc.so -> libutf8proc.so.3.2.2 -lib/libutf8proc.so.2 -> libutf8proc.so.3.2.2 -lib/libutf8proc.so.3.2.2 +lib/libutf8proc.so -> libutf8proc.so.3.2.3 +lib/libutf8proc.so.2 -> libutf8proc.so.3.2.3 +lib/libutf8proc.so.3.2.3 lib/pkgconfig/ lib/pkgconfig/libutf8proc.pc diff --git a/Makefile b/Makefile index dc0f437..6f51c16 100644 --- a/Makefile +++ b/Makefile @@ -24,10 +24,10 @@ SOFLAG = -Wl,-soname # Be sure to also update these ABI versions in MANIFEST and CMakeLists.txt! MAJOR=3 MINOR=2 -PATCH=2 +PATCH=3 # api version (also in utf8proc.h and CMakeLists.txt) -VERSION=2.11.2 +VERSION=2.11.3 OS := $(shell uname) ifeq ($(OS),Darwin) # MacOS X diff --git a/NEWS.md b/NEWS.md index d715206..49fe523 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,5 +1,11 @@ # utf8proc release history # +## Version 2.11.3 ## + +2025-12-21 + +- Correct out-of-bounds memory access when calling `utf8proc_map` with both `UTF8PROC_CHARBOUND` and `UTF8PROC_COMPOSE` ([#???]). + ## Version 2.11.2 ## 2025-11-22 diff --git a/test/fuzzer.c b/test/fuzzer.c index c6f06ad..fad14cc 100644 --- a/test/fuzzer.c +++ b/test/fuzzer.c @@ -93,5 +93,8 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) utf8proc_map(data, len, &str, UTF8PROC_CHARBOUND | UTF8PROC_DECOMPOSE); free(str); + utf8proc_map(data, len, &str, UTF8PROC_CHARBOUND | UTF8PROC_COMPOSE); + free(str); + return 0; } diff --git a/utf8proc.c b/utf8proc.c index b9877c0..e8fa207 100644 --- a/utf8proc.c +++ b/utf8proc.c @@ -662,6 +662,10 @@ UTF8PROC_DLLEXPORT utf8proc_ssize_t utf8proc_normalize_utf32(utf8proc_int32_t *b utf8proc_ssize_t wpos = 0; for (rpos = 0; rpos < length; rpos++) { utf8proc_int32_t current_char = buffer[rpos]; + if (current_char < 0) { + /* skip grapheme break */ + continue; + } const utf8proc_property_t *current_property = unsafe_get_property(current_char); if (starter && current_property->combining_class > max_combining_class) { /* combination perhaps possible */ diff --git a/utf8proc.h b/utf8proc.h index 3893f6f..8d9a2e4 100644 --- a/utf8proc.h +++ b/utf8proc.h @@ -73,7 +73,7 @@ /** The MINOR version number (increased when new functionality is added in a backwards-compatible manner). */ #define UTF8PROC_VERSION_MINOR 11 /** The PATCH version (increased for fixes that do not change the API). */ -#define UTF8PROC_VERSION_PATCH 2 +#define UTF8PROC_VERSION_PATCH 3 /** @} */ #include From 4a74221ef1f12730aac80b55fc98da1430140574 Mon Sep 17 00:00:00 2001 From: Erik Schnetter Date: Sun, 21 Dec 2025 11:52:17 -0500 Subject: [PATCH 2/2] Record PR number --- NEWS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/NEWS.md b/NEWS.md index 49fe523..9878745 100644 --- a/NEWS.md +++ b/NEWS.md @@ -4,7 +4,7 @@ 2025-12-21 -- Correct out-of-bounds memory access when calling `utf8proc_map` with both `UTF8PROC_CHARBOUND` and `UTF8PROC_COMPOSE` ([#???]). +- Correct out-of-bounds memory access when calling `utf8proc_map` with both `UTF8PROC_CHARBOUND` and `UTF8PROC_COMPOSE` ([#323]). ## Version 2.11.2 ##