Fix minor buffer overflow in url.c++

When the protocol string is empty, we should not try to drop a trailing colon. This was found by using a new fuzzer for URL-related APIs.
cloudflare · Oct 2, 2024 · c2568c1 · c2568c1
1 parent 015f8e3
commit c2568c1
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/workerd/jsg/url.c++ b/src/workerd/jsg/url.c++
@@ -2056,6 +2056,9 @@ UrlPattern::Result<UrlPattern::Init> UrlPattern::processInit(
         chooseStr(kj::mv(init.protocol), options.protocol).map([](kj::String&& str) mutable {
       // It's silly but the URL spec always includes the : suffix in the value,
       // while the URLPattern spec always omits it. Silly specs.
+      if (!str.size()) {
+        return kj::mv(str);
+      }
       return stripSuffixFromProtocol(str.asPtr());
     })) {
       result.protocol = kj::mv(protocol);