Closed Byron closed 10 months ago
I have another URL of this kind, along with a reproducer directly in the Rust playground. The panic only happens in debug mode due to an integer overflow. In release mode, there is an Idna error.
Here is another Rust playground example of the same overflow, but using a smaller URL.
And another new test-case, which fails in the same spot.
clusterfuzz-testcase-minimized-gix-url-parse-5849655294164992.zip
It's sad that the fuzzer keeps creating new cases for the same issue, and I will stop reporting these here now.
When parsing the attached URL (long.url.zip) with
url::Url::parse()
when compiled with overflow checks, there will be an overflow inidna
with the panic.Without overflow checks, the same will cause an
IdnaError
to be created, but won't panic.Since the URL is very long, I suppose that this issue can be prevented by avoiding to parse unrealistically long host and domain names, which makes this issue related to #868 .