From ac6bb76a4df8cc5d1a113453d74c31239bcc0080 Mon Sep 17 00:00:00 2001
From: Jon Surrell <sirreal@users.noreply.github.com>
Date: Thu, 12 Mar 2026 12:01:59 +0100
Subject: [PATCH 1/3] Add bounds-check test when consuming and ident start
 token

---
 components/DataLiberation/Tests/CSSProcessorTest.php | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/components/DataLiberation/Tests/CSSProcessorTest.php b/components/DataLiberation/Tests/CSSProcessorTest.php
index 900fcece..f54cf9aa 100644
--- a/components/DataLiberation/Tests/CSSProcessorTest.php
+++ b/components/DataLiberation/Tests/CSSProcessorTest.php
@@ -1530,5 +1530,15 @@ public function test_set_token_with_invalid_utf8_sequence(): void {
 		$this->assertSame( "background: url(\"\xC0.jpg\");", $updated );
 	}
 
-
+	/**
+	 * Test bounds check when consuming and ident start token.
+	 */
+	public function test_trailing_hyphen_at_end_of_input(): void {
+		$processor     = CSSProcessor::create( '-' );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$expected_tokens = array(
+			array( 'type' => CSSProcessor::TOKEN_DELIM, 'raw' => '-' ),
+		);
+		$this->assertSame( $expected_tokens, $actual_tokens );
+	}
 }

From fa124deaeca885e9fc8a3698c41a93b0588773ee Mon Sep 17 00:00:00 2001
From: Jon Surrell <sirreal@users.noreply.github.com>
Date: Thu, 12 Mar 2026 12:02:34 +0100
Subject: [PATCH 2/3] Fix incorrect bounds check

---
 components/DataLiberation/CSS/class-cssprocessor.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/DataLiberation/CSS/class-cssprocessor.php b/components/DataLiberation/CSS/class-cssprocessor.php
index 0265fc2e..cacb48b4 100644
--- a/components/DataLiberation/CSS/class-cssprocessor.php
+++ b/components/DataLiberation/CSS/class-cssprocessor.php
@@ -1500,7 +1500,7 @@ private function consume_ident_codepoint( $at ): int {
 	 * @return int The number of bytes consumed.
 	 */
 	private function consume_ident_start_codepoint( $at ): int {
-		if ( $at > $this->length ) {
+		if ( $at >= $this->length ) {
 			return 0;
 		}
 

From 96475479d55a31560554d8141b4e7623f2c98251 Mon Sep 17 00:00:00 2001
From: Jon Surrell <sirreal@users.noreply.github.com>
Date: Thu, 12 Mar 2026 13:45:55 +0100
Subject: [PATCH 3/3] Clearify test name

---
 components/DataLiberation/Tests/CSSProcessorTest.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/components/DataLiberation/Tests/CSSProcessorTest.php b/components/DataLiberation/Tests/CSSProcessorTest.php
index f54cf9aa..ed164ac2 100644
--- a/components/DataLiberation/Tests/CSSProcessorTest.php
+++ b/components/DataLiberation/Tests/CSSProcessorTest.php
@@ -1533,7 +1533,7 @@ public function test_set_token_with_invalid_utf8_sequence(): void {
 	/**
 	 * Test bounds check when consuming and ident start token.
 	 */
-	public function test_trailing_hyphen_at_end_of_input(): void {
+	public function test_ident_start_codepoint_bounds_check(): void {
 		$processor     = CSSProcessor::create( '-' );
 		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
 		$expected_tokens = array(