Unhandled exception (IndexError) in URL parsing #1485
Description
Please confirm the following
- I agree to follow the aio-libs Code of Conduct
- I have checked the current issues for duplicates.
- I understand this is open source software provided for free and that I might not receive a timely response.
- I am positive I am NOT reporting a (potential) security
vulnerability, to the best of my knowledge. (These must be shared by
submitting this report form instead, if
any hesitation exists.)
- I am willing to submit a pull request with reporoducers as xfailing test cases or even entire fix. (Assign this issue to me.)
Describe the bug
We were fuzzing URL() parser and have found IndexError.
To Reproduce
- install yarl 1.18.3:
pip install --force-reinstall -v "yarl==1.18.3"
- reproduce IndexError:
from yarl import URL
URL("//]'z[")
Expected behavior
Parse string without an error
Logs/tracebacks
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.10/dist-packages/yarl/_url.py", line 355, in __new__
return pre_encoded_url(val) if encoded else encode_url(val)
File "/usr/local/lib/python3.10/dist-packages/yarl/_url.py", line 147, in encode_url
scheme, netloc, path, query, fragment = split_url(url_str)
File "/usr/local/lib/python3.10/dist-packages/yarl/_parse.py", line 72, in split_url
if bracketed_host[0] == "v":
IndexError: string index out of rangePython Version
$ python --version
Python 3.10.12multidict Version
$ python -m pip show multidict
Version: 6.2.0propcache Version
$ python -m pip show propcache
Version: 0.3.0yarl Version
$ python -m pip show yarl
Version: 1.18.3OS
Ubuntu:22.04
Additional context
No response