backups: Count grapheme clusters instead of characters in poll strings

moiseev-signal · web-flow · commit 3c93a655e6d9 · 2025-10-23T20:41:37.000-07:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -210,6 +210,7 @@ tonic = "0.13.1"
 tonic-build = "0.13.1"
 tower = "0.5.2"
 tungstenite = "0.27.0"
+unicode-segmentation = "1.12.0"
 url = "2.4.1"
 uuid = "1.5"
 visibility = "0.1.1"
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -3,3 +3,5 @@ v0.85.1
 - Backups / SVRB - add support for multiple SVRB backends when new enclaves need to roll out.
 
 - Typed APIs: `UnauthUsernamesService.lookUpUsernameLink` has been added.
+
+- Backup validator: count grapheme clusters instead of characters in poll strings.
diff --git a/acknowledgments/acknowledgments-android-testing.md b/acknowledgments/acknowledgments-android-testing.md
@@ -3601,7 +3601,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## gimli 0.31.1, heck 0.5.0, unicode-xid 0.2.6
+## gimli 0.31.1, heck 0.5.0, unicode-segmentation 1.12.0, unicode-xid 0.2.6
 
 ```
 Copyright (c) 2015 The Rust Project Developers
diff --git a/acknowledgments/acknowledgments-android.md b/acknowledgments/acknowledgments-android.md
@@ -3601,7 +3601,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## gimli 0.31.1, heck 0.5.0, unicode-xid 0.2.6
+## gimli 0.31.1, heck 0.5.0, unicode-segmentation 1.12.0, unicode-xid 0.2.6
 
 ```
 Copyright (c) 2015 The Rust Project Developers
diff --git a/acknowledgments/acknowledgments-desktop.md b/acknowledgments/acknowledgments-desktop.md
@@ -3716,7 +3716,7 @@ DEALINGS IN THE SOFTWARE.
 
 ```
 
-## gimli 0.31.1, heck 0.5.0, unicode-xid 0.2.6
+## gimli 0.31.1, heck 0.5.0, unicode-segmentation 1.12.0, unicode-xid 0.2.6
 
 ```
 Copyright (c) 2015 The Rust Project Developers
diff --git a/acknowledgments/acknowledgments-ios.plist b/acknowledgments/acknowledgments-ios.plist
@@ -3857,7 +3857,7 @@ DEALINGS IN THE SOFTWARE.
 			<key>License</key>
 			<string>MIT License</string>
 			<key>Title</key>
-			<string>gimli 0.31.1, heck 0.5.0, unicode-xid 0.2.6</string>
+			<string>gimli 0.31.1, heck 0.5.0, unicode-segmentation 1.12.0, unicode-xid 0.2.6</string>
 			<key>Type</key>
 			<string>PSGroupSpecifier</string>
 		</dict>
diff --git a/acknowledgments/acknowledgments.html b/acknowledgments/acknowledgments.html
@@ -46,7 +46,7 @@ <h1>Third Party Licenses</h1>
     
         <h2>Overview of licenses:</h2>
         <ul class="licenses-overview">
-            <li><a href="#MIT">MIT License</a> (346)</li>
+            <li><a href="#MIT">MIT License</a> (347)</li>
             <li><a href="#AGPL-3.0-only">GNU Affero General Public License v3.0 only</a> (34)</li>
             <li><a href="#Apache-2.0">Apache License 2.0</a> (28)</li>
             <li><a href="#BSD-3-Clause">BSD 3-Clause &quot;New&quot; or &quot;Revised&quot; License</a> (10)</li>
@@ -4292,6 +4292,7 @@ <h4>Used by:</h4>
                 <ul class="license-used-by">
                     <li><a href="https://github.com/gimli-rs/gimli">gimli 0.31.1</a></li>
                     <li><a href="https://github.com/withoutboats/heck">heck 0.5.0</a></li>
+                    <li><a href="https://github.com/unicode-rs/unicode-segmentation">unicode-segmentation 1.12.0</a></li>
                     <li><a href="https://github.com/unicode-rs/unicode-xid">unicode-xid 0.2.6</a></li>
                 </ul>
                 <pre class="license-text">Copyright (c) 2015 The Rust Project Developers
diff --git a/rust/message-backup/Cargo.toml b/rust/message-backup/Cargo.toml
@@ -86,6 +86,7 @@ static_assertions = { workspace = true }
 strum = { workspace = true, features = ["derive"] }
 subtle = { workspace = true }
 thiserror = { workspace = true }
+unicode-segmentation = { workspace = true }
 uuid = { workspace = true, features = ["serde"] }
 visibility = { workspace = true }
 
diff --git a/rust/message-backup/src/backup/chat/poll.rs b/rust/message-backup/src/backup/chat/poll.rs
@@ -10,6 +10,7 @@ use std::ops::RangeInclusive;
 use derive_where::derive_where;
 use intmap::IntMap;
 use itertools::Itertools as _;
+use unicode_segmentation::UnicodeSegmentation as _;
 
 use crate::backup::TryIntoWith;
 use crate::backup::chat::reactions::{ReactionError, ReactionSet};
@@ -69,8 +70,8 @@ pub enum PollError {
     UnknownVoterId,
     /// voter id is not self nor contact
     InvalidVoterId,
-    /// poll option size ({0}) is out of bounds
-    InvalidPollStringSize(usize),
+    /// {0} size ({1}) is out of bounds
+    InvalidPollStringSize(&'static str, usize),
     /// {0} option(s) is too few for a poll
     TooFewOptions(usize),
     /// {0}
@@ -123,7 +124,7 @@ impl<R: Clone, C: LookupPair<RecipientId, MinimalRecipientData, R> + ReportUnusu
             votes,
             special_fields: _,
         } = self;
-        validate_poll_string_len(&option)?;
+        validate_poll_string_len(&option, "poll option")?;
         validate_unique_voters(&votes)?;
         let votes = votes
             .into_iter()
@@ -148,7 +149,7 @@ impl<R: Clone, C: LookupPair<RecipientId, MinimalRecipientData, R> + ReportUnusu
             reactions,
             special_fields: _,
         } = self;
-        validate_poll_string_len(&question)?;
+        validate_poll_string_len(&question, "poll question")?;
         if options.len() < MIN_POLL_OPTIONS {
             return Err(Self::Error::TooFewOptions(options.len()));
         }
@@ -177,7 +178,7 @@ impl<C: ReportUnusualTimestamp> TryIntoWith<PollTerminate, C> for PollTerminateP
             question,
             special_fields: _,
         } = self;
-        validate_poll_string_len(&question)?;
+        validate_poll_string_len(&question, "poll question")?;
         let target_sent_timestamp = Timestamp::from_millis(
             targetSentTimestamp,
             "PollTerminateUpdate.targetSentTimestamp",
@@ -190,10 +191,10 @@ impl<C: ReportUnusualTimestamp> TryIntoWith<PollTerminate, C> for PollTerminateP
     }
 }
 
-fn validate_poll_string_len(s: &str) -> Result<(), PollError> {
-    let len = s.len();
+fn validate_poll_string_len(s: &str, description: &'static str) -> Result<(), PollError> {
+    let len = s.graphemes(true).count();
     if !POLL_STRING_LENGTH_RANGE.contains(&len) {
-        return Err(PollError::InvalidPollStringSize(len));
+        return Err(PollError::InvalidPollStringSize(description, len));
     }
     Ok(())
 }
@@ -270,10 +271,11 @@ mod test {
 
     #[test_case("a" => Ok(()); "lower bound")]
     #[test_case(&format!("{:0100}", 0) => Ok(()); "upper bound")]
-    #[test_case("" => Err(PollError::InvalidPollStringSize(0)); "too short")]
-    #[test_case(&format!("{:0101}", 0) => Err(PollError::InvalidPollStringSize(101)); "too long")]
+    #[test_case("" => Err(PollError::InvalidPollStringSize("test string", 0)); "too short")]
+    #[test_case(&format!("{:0101}", 0) => Err(PollError::InvalidPollStringSize("test string", 101)); "too long")]
+    #[test_case("🧑‍🧑‍🧒‍🧒🧑‍🧑‍🧒‍🧒🧑‍🧑‍🧒‍🧒🧑‍🧑‍🧒‍🧒🧑‍🧑‍🧒‍🧒" => Ok(()); "grapheme clusters")]
     fn length_check(s: &str) -> Result<(), PollError> {
-        validate_poll_string_len(s)
+        validate_poll_string_len(s, "test string")
     }
 
     fn poll_option_proto(option: &str) -> PollOptionProto {
@@ -361,10 +363,10 @@ mod test {
     #[test_case(|x| x.options = vec![] => Err(PollError::TooFewOptions(0)); "not an option")]
     #[test_case(|x| x.options.truncate(1) => Err(PollError::TooFewOptions(1)); "but one option")]
     #[test_case(|x| x.options.truncate(2) => Ok(()); "barely enough choice")]
-    #[test_case(|x| x.question = "".to_string() => Err(PollError::InvalidPollStringSize(0)); "empty question")]
+    #[test_case(|x| x.question = "".to_string() => Err(PollError::InvalidPollStringSize("poll question", 0)); "empty question")]
     #[test_case(|x| x.question = "a".to_string() => Ok(()); "question len lower bound")]
     #[test_case(|x| x.question = format!("{:0100}", 0) => Ok(()); "question len upper bound")]
-    #[test_case(|x| x.question = format!("{:0101}", 0) => Err(PollError::InvalidPollStringSize(101)); "question too long")]
+    #[test_case(|x| x.question = format!("{:0101}", 0) => Err(PollError::InvalidPollStringSize("poll question", 101)); "question too long")]
     #[test_case(|x| x.reactions.clear() => Ok(()); "no reactions")]
     #[test_case(|x| x.reactions.push(ReactionProto::default()) => Err(PollError::Reaction(ReactionError::EmptyEmoji)); "invalid reaction")]
     fn poll(modify: fn(&mut PollProto)) -> Result<(), PollError> {
@@ -401,10 +403,10 @@ mod test {
     #[test_case(|_| {} => Ok(()); "happy path")]
     #[test_case(|x| x.targetSentTimestamp = Timestamp::MAX_SAFE_TIMESTAMP_MS + 1 =>
         Err(PollError::InvalidTimestamp(TimestampError("PollTerminateUpdate.targetSentTimestamp", Timestamp::MAX_SAFE_TIMESTAMP_MS + 1))); "bad timestamp")]
-    #[test_case(|x| x.question = "".to_string() => Err(PollError::InvalidPollStringSize(0)); "empty question")]
+    #[test_case(|x| x.question = "".to_string() => Err(PollError::InvalidPollStringSize("poll question", 0)); "empty question")]
     #[test_case(|x| x.question = "a".to_string() => Ok(()); "question len lower bound")]
     #[test_case(|x| x.question = format!("{:0100}", 0) => Ok(()); "question len upper bound")]
-    #[test_case(|x| x.question = format!("{:0101}", 0) => Err(PollError::InvalidPollStringSize(101)); "question too long")]
+    #[test_case(|x| x.question = format!("{:0101}", 0) => Err(PollError::InvalidPollStringSize("poll question", 101)); "question too long")]
     fn poll_terminate(modify: fn(&mut PollTerminateProto)) -> Result<(), PollError> {
         let mut terminate = poll_terminate_proto();
         modify(&mut terminate);
