From e77c64d4ee3a11c64e6447b6dd39c244ecfbd3d9 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 28 Jan 2026 20:48:53 +0000
Subject: [PATCH 1/2] Initial plan


From 7fc67dd5445543191587294173cf696d00537ca7 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 28 Jan 2026 21:01:36 +0000
Subject: [PATCH 2/2] Fix bounds check in utf8.js deLoose function

Co-authored-by: ChALkeR <291301+ChALkeR@users.noreply.github.com>
---
 utf8.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/utf8.js b/utf8.js
index 4b295d7..a623177 100644
--- a/utf8.js
+++ b/utf8.js
@@ -27,11 +27,11 @@ function deLoose(str, loose, res) {
 
   // Recheck if the string was encoded correctly
   let start = 0
-  const last = res.length - 2
-  // Search for EFBFBD
-  while (start < last) {
+  const last = res.length - 3
+  // Search for EFBFBD (3-byte sequence)
+  while (start <= last) {
     const pos = res.indexOf(0xef, start)
-    if (pos === -1) break
+    if (pos === -1 || pos > last) break
     start = pos + 1
     if (res[pos + 1] === 0xbf && res[pos + 2] === 0xbd) {
       // Found a replacement char in output, need to recheck if we encoded the input correctly