Recursion causes stack overflow which aborts process

Trying to parse the following pdf contained within the zip file will cause a stack overflow.

The fuzzing harness I used to find this was modified from the existing one, since there's already lots of panics and I wanted to look for more interesting bugs.

#![no_main]
use libfuzzer_sys::fuzz_target;

fuzz_target!(|data: &[u8]| {
    std::panic::set_hook(Box::new(|_| {}));

    std::panic::catch_unwind(|| {
        if let Ok(p) = pdf::file::File::from_data(data) {
            for _ in p.pages() {}
        }
    });
});

crash.zip

[s3bk]

Thanks, I will take a look.

[s3bk]

Should be good now.

Updated my checkout and re-ran the fuzzer, got this crash. Want me to move this to a new issue and close this one?

crash2.zip

[s3bk]

No, here is fine...
I need to get the fuzzer back into working order here ...

[s3bk]

I can reproduce that there are stack overflows .. sigh.

[s3bk]

Added more anti-recursion measures.

Okay, cool. I'll let the fuzzer run on this for a few hours and then call it good enough to close this, then I'll start running the fuzzer without ignoring panics and open bugs for those.

Hmm... I can get the fuzzer to abort on a stack overflow... somewhere. But it doesn't want to tell me where. Fun.

cargo fuzz run parse -snone -j12 -- -use_value_profile=1 will eventually (after 8 minutes, for me when I last ran it) find a bug and abort with a segfault.

Am trying to get it to reproduce with a sanitizer enabled, which hopefully will get it to exit cleanly enough to write an artifact and tell me what the failing file is.

crash3.pdf

[s3bk]

that is fixed as well

crash4.pdf

[s3bk]

and fixed

Okay, a few hours of 12 cores fuzzing it can't find anything. I'll mark this as done, and continue fuzzing without the "ignore panics" bit. If any stack overflows come up then, I can just file normal bugs for it.

[williamdes]

Since this thread seems to be about crashing the code, here are nice example files: https://github.com/pdf-association/safedocs/tree/main/Miscellaneous%20Targeted%20Test%20PDFs