fix(core): Sanitize lone surrogates in log body and attributes

Lone UTF-16 surrogates (U+D800–U+DFFF) in log message bodies or
attribute strings cause serde_json on the server to reject the entire
log batch. This replaces unpaired surrogates with U+FFFD at capture
time, scoped to the logs path only.

Fixes getsentry/sentry-react-native#5186

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: antonis

packages/core/src/logs/internal.ts

@@ -1,3 +1,4 @@
+import type { Attributes } from '../attributes';
 import { serializeAttributes } from '../attributes';
 import { getGlobalSingleton } from '../carrier';
 import type { Client } from '../client';
@@ -161,14 +162,14 @@ export function _INTERNAL_captureLog(
   const serializedLog: SerializedLog = {
     timestamp,
     level,
-    body: message,
+    body: typeof message === 'string' ? _INTERNAL_removeLoneSurrogates(message) : message,
     trace_id: traceContext?.trace_id,
     severity_number: severityNumber ?? SEVERITY_TEXT_TO_SEVERITY_NUMBER[level],
-    attributes: {
+    attributes: sanitizeLogAttributes({
       ...serializeAttributes(scopeAttributes),
       ...serializeAttributes(logAttributes, true),
       [sequenceAttr.key]: sequenceAttr.value,
-    },
+    }),
   };
 
   captureSerializedLog(client, serializedLog);
@@ -220,3 +221,79 @@ function _getBufferMap(): WeakMap<Client, Array<SerializedLog>> {
   // The reference to the Client <> LogBuffer map is stored on the carrier to ensure it's always the same
   return getGlobalSingleton('clientToLogBufferMap', () => new WeakMap<Client, Array<SerializedLog>>());
 }
+
+/**
+ * Sanitizes serialized log attributes by replacing lone surrogates in both
+ * keys and string values with U+FFFD.
+ */
+function sanitizeLogAttributes(attributes: Attributes): Attributes {
+  const sanitized: Attributes = {};
+  for (const [key, attr] of Object.entries(attributes)) {
+    const sanitizedKey = _INTERNAL_removeLoneSurrogates(key);
+    if (attr.type === 'string') {
+      sanitized[sanitizedKey] = { ...attr, value: _INTERNAL_removeLoneSurrogates(attr.value as string) };
+    } else {
+      sanitized[sanitizedKey] = attr;
+    }
+  }
+  return sanitized;
+}
+
+/**
+ * Replaces unpaired UTF-16 surrogates with U+FFFD (replacement character).
+ *
+ * Lone surrogates (U+D800–U+DFFF not part of a valid pair) cause `serde_json`
+ * on the server to reject the entire log/span batch when they appear in
+ * JSON-escaped form (e.g. `\uD800`). Replacing them at the SDK level ensures
+ * only the offending characters are lost instead of the whole payload.
+ */
+export function _INTERNAL_removeLoneSurrogates(str: string): string {
+  // Use native toWellFormed() when available (Node 20+, Safari 15.4+, Chrome 111+)
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const s = str as any;
+  if (typeof s.isWellFormed === 'function') {
+    return s.isWellFormed() ? str : s.toWellFormed();
+  }
+
+  // Fast path – scan without allocating. Most strings have no surrogates at all.
+  let hasLoneSurrogate = false;
+  for (let i = 0; i < str.length; i++) {
+    const code = str.charCodeAt(i);
+    if (code >= 0xd800 && code <= 0xdfff) {
+      if (code <= 0xdbff && i + 1 < str.length) {
+        const next = str.charCodeAt(i + 1);
+        if (next >= 0xdc00 && next <= 0xdfff) {
+          // Valid surrogate pair – skip the low surrogate
+          i++;
+          continue;
+        }
+      }
+      hasLoneSurrogate = true;
+      break;
+    }
+  }
+
+  if (!hasLoneSurrogate) {
+    return str;
+  }
+
+  // Slow path – build a new string, replacing lone surrogates with U+FFFD.
+  const chars: string[] = [];
+  for (let i = 0; i < str.length; i++) {
+    const code = str.charCodeAt(i);
+    if (code >= 0xd800 && code <= 0xdbff) {
+      const next = i + 1 < str.length ? str.charCodeAt(i + 1) : 0;
+      if (next >= 0xdc00 && next <= 0xdfff) {
+        chars.push(str.charAt(i), str.charAt(i + 1));
+        i++;
+      } else {
+        chars.push('\uFFFD');
+      }
+    } else if (code >= 0xdc00 && code <= 0xdfff) {
+      chars.push('\uFFFD');
+    } else {
+      chars.push(str.charAt(i));
+    }
+  }
+  return chars.join('');
+}

packages/core/test/lib/logs/internal.test.ts

@@ -1,6 +1,11 @@
 import { beforeEach, describe, expect, it, vi } from 'vitest';
 import { fmt, Scope } from '../../../src';
-import { _INTERNAL_captureLog, _INTERNAL_flushLogsBuffer, _INTERNAL_getLogBuffer } from '../../../src/logs/internal';
+import {
+  _INTERNAL_captureLog,
+  _INTERNAL_flushLogsBuffer,
+  _INTERNAL_getLogBuffer,
+  _INTERNAL_removeLoneSurrogates,
+} from '../../../src/logs/internal';
 import type { Log } from '../../../src/types-hoist/log';
 import * as loggerModule from '../../../src/utils/debug-logger';
 import * as timeModule from '../../../src/utils/time';
@@ -1261,4 +1266,134 @@ describe('_INTERNAL_captureLog', () => {
       expect(buffer2?.[0]?.attributes?.['sentry.timestamp.sequence']).toEqual({ value: 0, type: 'integer' });
     });
   });
+
+  describe('lone surrogate sanitization', () => {
+    it('sanitizes lone surrogates in log message body', () => {
+      const options = getDefaultTestClientOptions({ dsn: PUBLIC_DSN, enableLogs: true });
+      const client = new TestClient(options);
+      const scope = new Scope();
+      scope.setClient(client);
+
+      _INTERNAL_captureLog({ level: 'error', message: 'bad surrogate \uD800 here' }, scope);
+
+      const logBuffer = _INTERNAL_getLogBuffer(client);
+      expect(logBuffer?.[0]?.body).toBe('bad surrogate \uFFFD here');
+    });
+
+    it('sanitizes lone surrogates in log attribute values', () => {
+      const options = getDefaultTestClientOptions({ dsn: PUBLIC_DSN, enableLogs: true });
+      const client = new TestClient(options);
+      const scope = new Scope();
+      scope.setClient(client);
+
+      _INTERNAL_captureLog(
+        {
+          level: 'error',
+          message: 'test',
+          attributes: { bad: '{"a":"\uD800"}' },
+        },
+        scope,
+      );
+
+      const logBuffer = _INTERNAL_getLogBuffer(client);
+      expect(logBuffer?.[0]?.attributes?.['bad']).toEqual({
+        value: '{"a":"\uFFFD"}',
+        type: 'string',
+      });
+    });
+
+    it('sanitizes lone surrogates in log attribute keys', () => {
+      const options = getDefaultTestClientOptions({ dsn: PUBLIC_DSN, enableLogs: true });
+      const client = new TestClient(options);
+      const scope = new Scope();
+      scope.setClient(client);
+
+      _INTERNAL_captureLog(
+        {
+          level: 'error',
+          message: 'test',
+          attributes: { ['bad\uD800key']: 'value' },
+        },
+        scope,
+      );
+
+      const logBuffer = _INTERNAL_getLogBuffer(client);
+      expect(logBuffer?.[0]?.attributes?.['bad\uFFFDkey']).toEqual({
+        value: 'value',
+        type: 'string',
+      });
+    });
+
+    it('preserves valid emoji in log messages and attributes', () => {
+      const options = getDefaultTestClientOptions({ dsn: PUBLIC_DSN, enableLogs: true });
+      const client = new TestClient(options);
+      const scope = new Scope();
+      scope.setClient(client);
+
+      _INTERNAL_captureLog(
+        {
+          level: 'info',
+          message: 'hello 😀 world',
+          attributes: { emoji: '🎉 party' },
+        },
+        scope,
+      );
+
+      const logBuffer = _INTERNAL_getLogBuffer(client);
+      expect(logBuffer?.[0]?.body).toBe('hello 😀 world');
+      expect(logBuffer?.[0]?.attributes?.['emoji']).toEqual({
+        value: '🎉 party',
+        type: 'string',
+      });
+    });
+  });
+});
+
+describe('_INTERNAL_removeLoneSurrogates', () => {
+  it('returns the same string when there are no surrogates', () => {
+    expect(_INTERNAL_removeLoneSurrogates('hello world')).toBe('hello world');
+  });
+
+  it('returns the same string for empty input', () => {
+    expect(_INTERNAL_removeLoneSurrogates('')).toBe('');
+  });
+
+  it('preserves valid surrogate pairs (emoji)', () => {
+    expect(_INTERNAL_removeLoneSurrogates('hello 😀 world')).toBe('hello 😀 world');
+  });
+
+  it('replaces a lone high surrogate with U+FFFD', () => {
+    expect(_INTERNAL_removeLoneSurrogates('before\uD800after')).toBe('before\uFFFDafter');
+  });
+
+  it('replaces a lone low surrogate with U+FFFD', () => {
+    expect(_INTERNAL_removeLoneSurrogates('before\uDC00after')).toBe('before\uFFFDafter');
+  });
+
+  it('replaces lone high surrogate at end of string', () => {
+    expect(_INTERNAL_removeLoneSurrogates('end\uD800')).toBe('end\uFFFD');
+  });
+
+  it('replaces lone low surrogate at start of string', () => {
+    expect(_INTERNAL_removeLoneSurrogates('\uDC00start')).toBe('\uFFFDstart');
+  });
+
+  it('replaces multiple lone surrogates', () => {
+    expect(_INTERNAL_removeLoneSurrogates('\uD800\uD801\uDC00')).toBe('\uFFFD\uD801\uDC00');
+  });
+
+  it('handles two consecutive lone high surrogates', () => {
+    expect(_INTERNAL_removeLoneSurrogates('\uD800\uD800')).toBe('\uFFFD\uFFFD');
+  });
+
+  it('handles mixed valid pairs and lone surrogates', () => {
+    expect(_INTERNAL_removeLoneSurrogates('\uD83D\uDE00\uD800')).toBe('😀\uFFFD');
+  });
+
+  it('handles the exact reproduction case from issue #5186', () => {
+    const badValue = '{"a":"\uD800"}';
+    const result = _INTERNAL_removeLoneSurrogates(badValue);
+    expect(result).toBe('{"a":"\uFFFD"}');
+    expect(() => JSON.parse(result)).not.toThrow();
+  });
 });