--- java/org/apache/tomcat/util/buf/Utf8Decoder.java.orig	2018-10-01 11:41:20.080777790 -0400

+++ java/org/apache/tomcat/util/buf/Utf8Decoder.java	2018-10-01 11:42:07.421663409 -0400

@@ -277,6 +277,11 @@ public class Utf8Decoder extends Charset

                 outRemaining--;

             } else {

                 if (outRemaining < 2) {

+                    // Encoded with 4 bytes. inIndex currently points

+                    // to the final byte. Move it back to first byte.

+                    inIndex -= 3;

+                    in.position(inIndex - in.arrayOffset());

+                    out.position(outIndex - out.arrayOffset());

                     return CoderResult.OVERFLOW;

                 }

                 cArr[outIndex++] = (char) ((jchar >> 0xA) + 0xD7C0);

--- webapps/docs/changelog.xml.orig	2018-10-01 11:47:17.700912507 -0400

+++ webapps/docs/changelog.xml	2018-10-01 11:47:40.889856277 -0400

@@ -57,6 +57,16 @@

   They eventually become mixed with the numbered issues. (I.e., numbered

   issues do not "pop up" wrt. others).

 -->

+<section name="Tomcat 7.0.76-8 (csutherl)">

+  <subsection name="Catalina">

+    <changelog>

+      <fix>

+        Improve handing of overflow in the UTF-8 decoder with supplementary

+        characters. (markt)

+      </fix>

+    </changelog>

+  </subsection>

+</section>

 <section name="Tomcat 7.0.76-3 (csutherl)">

   <subsection name="Catalina">

     <changelog>