[x] Note that this crate implements the URL Standard not RFC 1738 or RFC 3986
Describe the bug
librsvg uses the data-url crate to parse data URLs. I recently added librsvg to OSS-Fuzz, which triggered a case where a fuzzed ~630KB data URL inside of an SVG caused data-url to allocate >2.5GB memory.
That seems like a lot of memory given the size of the input, but I'm not sure how pathological the fuzzed data is.
Version: 0.3.1
Sample code to reproduce the issue
use data_url::DataUrl;
use std::fs;
fn main() {
if let Ok(data) = fs::read_to_string("fuzzed_data.txt") {
let url = DataUrl::process(&data).unwrap();
url.decode_to_vec().unwrap();
}
}
Describe the bug
librsvg uses the data-url crate to parse data URLs. I recently added librsvg to OSS-Fuzz, which triggered a case where a fuzzed ~630KB data URL inside of an SVG caused data-url to allocate >2.5GB memory.
That seems like a lot of memory given the size of the input, but I'm not sure how pathological the fuzzed data is.
Version: 0.3.1
Sample code to reproduce the issue
fuzzed_data.txt
Massif data