normalize_url(url: &str) doesn't check for null bytes, which leads to crashes #16
Description
I fuzzed this crate using honggfuzz and found 2 crashes, both of which can be fixed by letting the normalize_url function check for null bytes.
You can fuzz the code yourself and further investigate the crashes with this repo.
In the main function there are also two test functions which can be used to easily reproduce the crashes.
The crashing inputs are:
////////ws///////////*,\u{0}\u{0}^\u{0}\u{0}\u{0}\u{0}@2\u{1}\u{0}\u{1d})\u{0}\u{0}\u{0}:\u{0}\u{0}\u{0}
and:
?\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{1f}s\u{3}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{0}\u{5}\u{1}@\u{0}\u{0}\u{4}!e\u{0}\u{0}2\u{1c}^3106://?<!41\u{0}\u{0}\u{0}?\u{0}\u{0}\u{0}\u{0}\u{4}?