From f5594370d30b4188d2ff831b8bef6e40530ba2be Mon Sep 17 00:00:00 2001
From: Steven Luscher <steven.luscher@anza.xyz>
Date: Sat, 8 Mar 2025 00:17:20 +0000
Subject: [PATCH 1/2] [backport 5.x] Prohibit char codes that would overflow
 the `BASE_MAP`

---
 src/cjs/index.cjs  | 6 +++++-
 src/esm/index.js   | 6 +++++-
 test/fixtures.json | 6 ++++++
 ts_src/index.ts    | 8 +++++++-
 4 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/cjs/index.cjs b/src/cjs/index.cjs
index 0124347..ead2b9a 100644
--- a/src/cjs/index.cjs
+++ b/src/cjs/index.cjs
@@ -82,8 +82,12 @@ function base (ALPHABET) {
     const b256 = new Uint8Array(size)
     // Process the characters.
     while (source[psz]) {
+      // Find code of next character
+      const charCode = source.charCodeAt(psz)
+      // Base map can not be indexed using char code
+      if (charCode > 255) { return }
       // Decode character
-      let carry = BASE_MAP[source.charCodeAt(psz)]
+      let carry = BASE_MAP[charCode]
       // Invalid character
       if (carry === 255) { return }
       let i = 0
diff --git a/src/esm/index.js b/src/esm/index.js
index ac60db8..78b0849 100644
--- a/src/esm/index.js
+++ b/src/esm/index.js
@@ -80,8 +80,12 @@ function base (ALPHABET) {
     const b256 = new Uint8Array(size)
     // Process the characters.
     while (source[psz]) {
+      // Find code of next character
+      const charCode = source.charCodeAt(psz)
+      // Base map can not be indexed using char code
+      if (charCode > 255) { return }
       // Decode character
-      let carry = BASE_MAP[source.charCodeAt(psz)]
+      let carry = BASE_MAP[charCode]
       // Invalid character
       if (carry === 255) { return }
       let i = 0
diff --git a/test/fixtures.json b/test/fixtures.json
index f8eedbf..3aadd67 100644
--- a/test/fixtures.json
+++ b/test/fixtures.json
@@ -660,6 +660,12 @@
       "alphabet": "0123456789fabcdef",
       "description": "poorly formed alphabet",
       "exception": "^TypeError: f is ambiguous$"
+    },
+    {
+      "alphabet": "base58",
+      "description": "character whose code exceeds the highest index of base map (>=256)",
+      "exception": "^Error: Non-base58 character$",
+      "string": "\u1000"
     }
   ]
 }
diff --git a/ts_src/index.ts b/ts_src/index.ts
index 66e0e4b..22be805 100644
--- a/ts_src/index.ts
+++ b/ts_src/index.ts
@@ -101,8 +101,14 @@ function base (ALPHABET: string): base.BaseConverter {
 
     // Process the characters.
     while (source[psz]) {
+      // Find code of next character
+      const charCode = source.charCodeAt(psz)
+
+      // Base map can not be indexed using char code
+      if (charCode > 255) return
+
       // Decode character
-      let carry = BASE_MAP[source.charCodeAt(psz)]
+      let carry = BASE_MAP[charCode]
 
       // Invalid character
       if (carry === 255) return

From cfa63a966a5376d4ef8dea2d7e6fa8577c40e1a0 Mon Sep 17 00:00:00 2001
From: Steven Luscher <steven.luscher@anza.xyz>
Date: Sat, 8 Mar 2025 00:17:46 +0000
Subject: [PATCH 2/2] 5.0.1

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 489df47..2eba6a4 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "base-x",
-  "version": "5.0.0",
+  "version": "5.0.1",
   "description": "Fast base encoding / decoding of any given alphabet",
   "type": "module",
   "keywords": [