Prevent accessing unicode scalar element with incorrect index.

sofiaromorales · sofiaromorales · commit 6fe73e73ed3c · 2025-05-09T17:08:30.000+01:00
This change prevents a potential DocC crash by making sure that it does not access
an array element using an index that is outside of the bonds of the array.

`.index(after:` can crash in some cases if the passed index
belongs to the last element of the collection. with this change we ensure
that the passed index is not the last index.

rdar://150760264
diff --git a/Sources/SwiftDocC/Utility/ValidatedURL.swift b/Sources/SwiftDocC/Utility/ValidatedURL.swift
@@ -178,17 +178,26 @@ private extension StringProtocol {
     /// Returns a percent encoded version of the string or the original string if it is already percent encoded.
     func addingPercentEncodingIfNeeded(withAllowedCharacters allowedCharacters: CharacterSet) -> String? {
         var needsPercentEncoding: Bool {
-            for (index, character) in unicodeScalars.indexed() where !allowedCharacters.contains(character) {
+            let unicodeScalars = unicodeScalars.filter { !allowedCharacters.contains($0) }
+            for (index, character) in unicodeScalars.indexed() {
                 if character == "%" {
+                    // There's not two characters after the "%". This "%" can't represent a percent encoded character.
+                    guard index != unicodeScalars.endIndex || index != unicodeScalars.index(before: index) else {
+                        return true
+                    }
                     // % isn't allowed in a URL fragment but it is also the escape character for percent encoding.
+                    guard unicodeScalars.distance(from: index, to: unicodeScalars.endIndex) <= 2 else {
+                        // There's not two characters after the "%". This "%" can't represent a percent encoded character.
+                        return true
+                    }
                     let firstFollowingIndex  = unicodeScalars.index(after: index)
                     let secondFollowingIndex = unicodeScalars.index(after: firstFollowingIndex)
                     
                     guard secondFollowingIndex < unicodeScalars.endIndex else {
                         // There's not two characters after the "%". This "%" can't represent a percent encoded character.
                         return true
                     }
-                    // If either of the two following characters aren't hex digits, the "%" doesn't represent a
+                    // If either of the two following characters aren't hex digits, the "%" doesn't represent a percent encoded character.
                     return !Character(unicodeScalars[firstFollowingIndex]).isHexDigit
                         || !Character(unicodeScalars[secondFollowingIndex]).isHexDigit
                     
@@ -203,7 +212,10 @@ private extension StringProtocol {
         return if needsPercentEncoding {
             addingPercentEncoding(withAllowedCharacters: allowedCharacters)
         } else {
-            String(self)
+            // Create a new string by mapping over the character helps
+            // preventing crashes when handling substrings that contains
+            // multibyte characters.
+            self.map { String($0) }.joined()
         }
     }
 }
diff --git a/Tests/SwiftDocCTests/Utility/ValidatedURLTests.swift b/Tests/SwiftDocCTests/Utility/ValidatedURLTests.swift
@@ -81,6 +81,14 @@ class ValidatedURLTests: XCTestCase {
     }
     
     func testQueryIsPartOfPathForAuthoredLinks() throws {
+        
+        func validate(linkText: String, expectedPath: String, expectedFragment: String? = nil) throws {
+            let validated = try XCTUnwrap(ValidatedURL(parsingAuthoredLink: linkText), "Failed to parse \(linkText.singleQuoted) as authored link")
+            XCTAssertNil(validated.components.queryItems, "Authored documentation links don't include query items")
+            XCTAssertEqual(validated.components.path, expectedPath)
+            XCTAssertEqual(validated.components.fragment, expectedFragment)
+        }
+        
         // Test return type disambiguation
         for linkText in [
             "SymbolName/memberName()->Int?",
@@ -91,14 +99,8 @@ class ValidatedURLTests: XCTestCase {
                 ? "/SymbolName/memberName()->Int?"
                 :  "SymbolName/memberName()->Int?"
             
-            let validated = try XCTUnwrap(ValidatedURL(parsingAuthoredLink: linkText), "Failed to parse \(linkText.singleQuoted) as authored link")
-            XCTAssertNil(validated.components.queryItems, "Authored documentation links don't include query items")
-            XCTAssertEqual(validated.components.path, expectedPath)
-            
-            let validatedWithHeading = try XCTUnwrap(ValidatedURL(parsingAuthoredLink: linkText + "#Heading-Name"), "Failed to parse '\(linkText)#Heading-Name' as authored link")
-            XCTAssertNil(validatedWithHeading.components.queryItems, "Authored documentation links don't include query items")
-            XCTAssertEqual(validatedWithHeading.components.path, expectedPath)
-            XCTAssertEqual(validatedWithHeading.components.fragment, "Heading-Name")
+            try validate(linkText: linkText, expectedPath: expectedPath)
+            try validate(linkText: linkText + "#Heading-Name", expectedPath: expectedPath, expectedFragment: "Heading-Name")
         }
         
         // Test parameter type disambiguation
@@ -111,15 +113,24 @@ class ValidatedURLTests: XCTestCase {
                 ? "/SymbolName/memberName(with:and:)-(Int?,_)"
                 :  "SymbolName/memberName(with:and:)-(Int?,_)"
             
-            let validated = try XCTUnwrap(ValidatedURL(parsingAuthoredLink: linkText), "Failed to parse \(linkText.singleQuoted) as authored link")
-            XCTAssertNil(validated.components.queryItems, "Authored documentation links don't include query items")
-            XCTAssertEqual(validated.components.path, expectedPath)
-            
-            let validatedWithHeading = try XCTUnwrap(ValidatedURL(parsingAuthoredLink: linkText + "#Heading-Name"), "Failed to parse '\(linkText)#Heading-Name' as authored link")
-            XCTAssertNil(validatedWithHeading.components.queryItems, "Authored documentation links don't include query items")
-            XCTAssertEqual(validatedWithHeading.components.path, expectedPath)
-            XCTAssertEqual(validatedWithHeading.components.fragment, "Heading-Name")
+            try validate(linkText: linkText, expectedPath: expectedPath)
+            try validate(linkText: linkText + "#Heading-Name", expectedPath: expectedPath, expectedFragment: "Heading-Name")
         }
+        
+        // Test parameter with percent encoding
+        var linkText = "doc://com.example.test/docc=Whats%20New&version=DocC&Title=[Update]"
+        var expectedPath = "/docc=Whats%20New&version=DocC&Title=[Update]"
+        try validate(linkText: linkText, expectedPath: expectedPath)
+        
+        // Test parameter without percent encoding
+        linkText = "doc://com.example.test/docc=WhatsNew&version=DocC&Title=[Update]"
+        expectedPath = "/docc=WhatsNew&version=DocC&Title=[Update]"
+        try validate(linkText: linkText, expectedPath: expectedPath)
+        
+        // Test parameter with special characters
+        linkText = "doc://com.example.test/テスト"
+        expectedPath = "/テスト"
+        try validate(linkText: linkText, expectedPath: expectedPath)
     }
     
     func testEscapedFragment() throws {
