Initial string changes after quoting and unquoting

[lenix123]

Please confirm the following

• I agree to follow the aio-libs Code of Conduct

• I have checked the current issues for duplicates.

• I understand this is open source software provided for free and that I might not receive a timely response.
• I am positive I am NOT reporting a (potential) security
  vulnerability, to the best of my knowledge. (These must be shared by
  submitting this report form instead, if
  any hesitation exists.)

• I am willing to submit a pull request with reporoducers as xfailing test cases or even entire fix. (Assign this issue to me.)

Describe the bug

We were fuzzing yarl url quoting. We assumed that input string shouldn't change after url quotinq and unquoting. But using _quoting_py module input string is not equal to output string after quoting and unquoting. If it's not safe to assume that string will not be changed after quoting and unquoting please let us know.

To Reproduce

1. Install atheris and yarl 1.18.3:

pip install --force-reinstall -v "yarl==1.18.3"

2. Run our test url_quoter_test.py:

from yarl._quoting_py import _Quoter
from yarl._quoting_py import _Unquoter

data = '%%1111'
quote = _Quoter()
unquote = _Unquoter()
text_quoted = quote(data)
text_output = unquote(text_quoted)
assert data == text_output

python3 url_quoter_fuzz.py crash.raw

3. See assertion error that input string is not equal to output string.

Expected behavior

input string shouldn't change after url quotinq and unquoting

Logs/tracebacks

Traceback (most recent call last):
  File "/home/fuzzer/fuzz/reproduce.py", line 10, in <module>
    assert data == text_output
AssertionError

Python Version

$ python --version
Python 3.9.20

multidict Version

$ python -m pip show multidict
Name: multidict
Version: 6.1.0
Summary: multidict implementation
Home-page: https://github.com/aio-libs/multidict
Author: Andrew Svetlov
Author-email: andrew.svetlov@gmail.com
License: Apache 2
Location: /usr/local/lib64/python3/site-packages
Requires: typing-extensions
Required-by: yarl

propcache Version

$ python -m pip show propcache
Name: propcache
Version: 0.3.0
Summary: Accelerated property cache
Home-page: https://github.com/aio-libs/propcache
Author: Andrew Svetlov
Author-email: andrew.svetlov@gmail.com
License: Apache-2.0
Location: /usr/local/lib64/python3/site-packages
Requires: 
Required-by: yarl

yarl Version

$ python -m pip show yarl
Name: yarl
Version: 1.18.3
Summary: Yet another URL library
Home-page: https://github.com/aio-libs/yarl
Author: Andrew Svetlov
Author-email: andrew.svetlov@gmail.com
License: Apache-2.0
Location: /usr/local/lib64/python3/site-packages
Requires: idna, multidict, propcache
Required-by:

OS

alt:p10

Additional context

We have found it by fuzzing yarl with atheris. So you can see the full fuzz test:

import atheris
import sys

with atheris.instrument_imports():
    from yarl._quoting_py import _Quoter
    from yarl._quoting_py import _Unquoter


def TestOneInput(input_bytes):
    fdp = atheris.FuzzedDataProvider(input_bytes)
    data = fdp.ConsumeUnicodeNoSurrogates(sys.maxsize)
    print(data)
    try:
        quote = _Quoter()
        unquote = _Unquoter()
        text_quoted = quote(data)
        text_output = unquote(text_quoted)
        assert data == text_output
    except ValueError as e:
        pass

def main():
    atheris.Setup(sys.argv, TestOneInput)
    atheris.Fuzz()

if __name__ == "__main__":
    main()

[lenix123]

There is also a similar problem in Cython implementation of quoting:

from yarl._quoting_c import _Quoter
from yarl._quoting_c import _Unquoter

data = '%22'
quote = _Quoter()
unquote = _Unquoter()
text_quoted = quote(data)
text_output = unquote(text_quoted)
assert data == text_output