fix(json-repair): use char-based indexing to prevent out-of-bounds (#2549)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

Author: ssddOnTop

crates/forge_json_repair/src/parser.rs

@@ -957,30 +957,35 @@ impl JsonRepairParser {
     }
 
     fn insert_before_last_whitespace(&self, text_to_insert: &str) -> String {
-        let mut index = self.output.len();
+        let chars: Vec<char> = self.output.chars().collect();
+        let mut index = chars.len();
 
-        if index == 0
-            || !self.is_whitespace(self.output.chars().nth(index - 1).unwrap_or('\0'), true)
-        {
+        if index == 0 || !self.is_whitespace(chars[index - 1], true) {
             return format!("{}{}", self.output, text_to_insert);
         }
 
-        let chars: Vec<char> = self.output.chars().collect();
         while index > 0 && self.is_whitespace(chars[index - 1], true) {
             index -= 1;
         }
 
+        // Convert the char-based index back to a byte offset for string slicing.
+        let byte_index = self
+            .output
+            .char_indices()
+            .nth(index)
+            .map_or(self.output.len(), |(i, _)| i);
+
         format!(
             "{}{}{}",
-            &self.output[..index],
+            &self.output[..byte_index],
             text_to_insert,
-            &self.output[index..]
+            &self.output[byte_index..]
         )
     }
 
     fn insert_before_last_whitespace_str(&self, text: &str, text_to_insert: &str) -> String {
-        let mut index = text.len();
         let chars: Vec<char> = text.chars().collect();
+        let mut index = chars.len();
 
         if index == 0 || !self.is_whitespace(chars[index - 1], true) {
             return format!("{text}{text_to_insert}");
@@ -990,7 +995,18 @@ impl JsonRepairParser {
             index -= 1;
         }
 
-        format!("{}{}{}", &text[..index], text_to_insert, &text[index..])
+        // Convert the char-based index back to a byte offset for string slicing.
+        let byte_index = text
+            .char_indices()
+            .nth(index)
+            .map_or(text.len(), |(i, _)| i);
+
+        format!(
+            "{}{}{}",
+            &text[..byte_index],
+            text_to_insert,
+            &text[byte_index..]
+        )
     }
 
     fn remove_at_index(&self, start: usize, count: usize) -> String {

crates/forge_json_repair/tests/error_cases.rs

@@ -51,3 +51,46 @@ fn test_string_with_colon_at_start() {
     let expected = serde_json::json!(":");
     assert_eq!(actual, expected);
 }
+
+#[test]
+fn test_multibyte_unicode_missing_end_quote() {
+    // Triggers index out of bounds in insert_before_last_whitespace_str.
+    // The output buffer contains multi-byte UTF-8 characters (é = 2 bytes each),
+    // so self.output.len() (byte count) > chars.len() (char count).
+    // When the repair path calls insert_before_last_whitespace_str with trailing
+    // whitespace, it initialises `index` from the byte length and then indexes
+    // into a Vec<char> at that byte-length position, panicking.
+    let fixture = r#""café "#;
+    let actual = json_repair::<serde_json::Value>(fixture).unwrap();
+    let expected = serde_json::json!("café");
+    assert_eq!(actual, expected);
+}
+
+#[test]
+fn test_multibyte_unicode_missing_comma_in_object() {
+    // Triggers index out of bounds in insert_before_last_whitespace_str (line 459).
+    // parse_string first collects `"é,"` and hits the inner `"test"`. The
+    // prev_non_whitespace char is `,`, so it retries with stop_at_index=2
+    // (the comma position). On retry it collects str_content = `"é` (3 bytes,
+    // 2 chars) and hits stop_at_index, calling insert_before_last_whitespace_str.
+    // That function sets index = text.len() = 3 (byte count) and then accesses
+    // chars[index - 1] = chars[2] on a Vec<char> of length 2 — panic.
+    let fixture = "\"é,\"test\"";
+    let actual = json_repair::<serde_json::Value>(fixture).unwrap();
+    let expected = serde_json::json!(["é", "test"]);
+    assert_eq!(actual, expected);
+}
+
+#[test]
+fn test_multibyte_unicode_missing_closing_brace() {
+    // Triggers index out of bounds in insert_before_last_whitespace_str (line 384).
+    // A string with a multi-byte character followed by trailing whitespace and
+    // no closing quote hits the "end of text, missing end quote" repair path.
+    // str_content = `"🎉 ` (6 bytes, 3 chars). insert_before_last_whitespace_str
+    // sets index = text.len() = 6 and accesses chars[5] on a Vec<char> of
+    // length 3 — panic.
+    let fixture = "\"🎉 ";
+    let actual = json_repair::<serde_json::Value>(fixture).unwrap();
+    let expected = serde_json::json!("🎉");
+    assert_eq!(actual, expected);
+}