From dea074e42c86a6f51b3bd87e5e40d9bcc8dfe7a2 Mon Sep 17 00:00:00 2001
From: Fabio Bozzo <fabio.bozzo@gmail.com>
Date: Mon, 17 Jun 2024 18:03:57 +0200
Subject: [PATCH] fix(baggage): validate chars panic with 0x80 (#5494)

The validation rule for baggage key/values chars has a N+1 problem with
the unicode value: `0x80`.

For instance, `baggage.NewMemberRaw` could be called with a string value
including the rune `128` and return no error.

Then `baggage.New` would panic on `validateValueChar`:
```
=== RUN   TestValidateValueChar
--- FAIL: TestValidateValueChar (0.00s)
panic: runtime error: index out of range [128] with length 128 [recovered]
	panic: runtime error: index out of range [128] with length 128
```

---------

Co-authored-by: Sam Xie <sam@samxie.me>
---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9bd2e7db0c03..c529f6729c65 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -43,6 +43,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 - Correct comments for the priority of the `WithEndpoint` and `WithEndpointURL` options and their coresponding environment variables in  in `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc`. (#5508)
 - Fix stale timestamps reported by the lastvalue aggregation. (#5517)
 - Run the `Detect` method in `go.opentelemetry.io/otel/sdk/resource` in parallel. (#5402)
+- Fix panic in baggage creation when a member contains 0x80 char in key or value. (#5494)
 
 ## [1.27.0/0.49.0/0.3.0] 2024-05-21