From f5b6492769087bc3ccdb48e93a8b7df5d27a0194 Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Mon, 16 Jun 2025 15:48:52 +0200
Subject: [PATCH] Issue #202: Special case for empty substring that splits
 surrogate pair.

The code to split non-BMP characters into surrogate pairs assumes that
we are actually splitting a character, and will fail when we ask it to
create a zero-length string in the middle of a surrogate pair split.

Special case zero-length substrings to work around this.
---
 jsstring.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/jsstring.c b/jsstring.c
index 4954d75..da12431 100644
--- a/jsstring.c
+++ b/jsstring.c
@@ -288,8 +288,10 @@ static void Sp_slice(js_State *J)
 
 	if (s < e)
 		Sp_substring_imp(J, str, s, e - s);
-	else
+	else if (s > e)
 		Sp_substring_imp(J, str, e, s - e);
+	else
+		js_pushliteral(J, "");
 }
 
 static void Sp_substring(js_State *J)
@@ -304,8 +306,10 @@ static void Sp_substring(js_State *J)
 
 	if (s < e)
 		Sp_substring_imp(J, str, s, e - s);
-	else
+	else if (s > e)
 		Sp_substring_imp(J, str, e, s - e);
+	else
+		js_pushliteral(J, "");
 }
 
 static void Sp_toLowerCase(js_State *J)