Integer overflow when parsing long URL

[Byron]

When parsing the attached URL (long.url.zip) with url::Url::parse() when compiled with overflow checks, there will be an overflow in idna with the panic.

thread '<unnamed>' panicked at /rust/registry/src/index.crates.io-6f17d22bba15001f/idna-0.4.0/src/punycode.rs:272:17:
attempt to add with overflow

Without overflow checks, the same will cause an IdnaError to be created, but won't panic.

Since the URL is very long, I suppose that this issue can be prevented by avoiding to parse unrealistically long host and domain names, which makes this issue related to #868 .

[Byron]

I have another URL of this kind, along with a reproducer directly in the Rust playground. The panic only happens in debug mode due to an integer overflow. In release mode, there is an Idna error.

[Byron]

Here is another Rust playground example of the same overflow, but using a smaller URL.

[Byron]

And another new test-case, which fails in the same spot.

clusterfuzz-testcase-minimized-gix-url-parse-5849655294164992.zip

It's sad that the fuzzer keeps creating new cases for the same issue, and I will stop reporting these here now.

[valenting]

Fixed by https://github.com/servo/rust-url/pull/877