New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

runtime: goroutine stack exceeds 1000000000-byte limit #80

Metalnem opened this Issue Jul 20, 2017 · 1 comment


None yet
2 participants

Metalnem commented Jul 20, 2017

Calling pdf.NewPdfReader on this malformed PDF file causes stack overflow with the following message:

runtime: goroutine stack exceeds 1000000000-byte limit
fatal error: stack overflow

runtime stack:
runtime.throw(0x11919ea, 0xe)
	/usr/local/Cellar/go/1.8.3/libexec/src/runtime/panic.go:596 +0x95
	/usr/local/Cellar/go/1.8.3/libexec/src/runtime/stack.go:1089 +0x3f2
	/usr/local/Cellar/go/1.8.3/libexec/src/runtime/asm_amd64.s:398 +0x86

Top of the stack trace:

goroutine 1 [running]:
runtime.mallocgc(0x4, 0x0, 0x0, 0x0)
	/usr/local/Cellar/go/1.8.3/libexec/src/runtime/malloc.go:562 +0xa2f fp=0xc440400358 sp=0xc440400350
runtime.rawstring(0x4, 0x0, 0x0, 0x0, 0x0, 0x0)
	/usr/local/Cellar/go/1.8.3/libexec/src/runtime/string.go:237 +0x85 fp=0xc440400388 sp=0xc440400358
runtime.intstring(0x0, 0x4c, 0x0, 0x0)
	/usr/local/Cellar/go/1.8.3/libexec/src/runtime/string.go:223 +0xb4 fp=0xc4404003d8 sp=0xc440400388*PdfParser).parseName(0xc420018640, 0x1191b61, 0xf, 0x0, 0x0)
	/Users/Metalnem/Go/src/ +0x165 fp=0xc4404004d8 sp=0xc4404003d8*PdfParser).parseDict(0xc420018640, 0x2, 0xc43663000a, 0x2)
	/Users/Metalnem/Go/src/ +0x420 fp=0xc440400650 sp=0xc4404004d8*PdfParser).parseIndirectObject(0xc420018640, 0x1000, 0x1000, 0xc436630000, 0x1000)
	/Users/Metalnem/Go/src/ +0x1780 fp=0xc440400880 sp=0xc440400650*PdfParser).lookupByNumber(0xc420018640, 0xa0, 0xc42002a801, 0x1400000, 0x0, 0xc42f2ab110, 0x0, 0xc423aa4180)
	/Users/Metalnem/Go/src/ +0xd1a fp=0xc440400a68 sp=0xc440400880*PdfParser).lookupByNumberWrapper(0xc420018640, 0xa0, 0x1193e01, 0x17, 0xc42f2ab110, 0x1, 0x1, 0xc42f2ab130)
	/Users/Metalnem/Go/src/ +0x42 fp=0xc440400ad0 sp=0xc440400a68*PdfParser).LookupByNumber(0xc420018640, 0xa0, 0x17, 0xc42f2ab110, 0x1, 0x1)
	/Users/Metalnem/Go/src/ +0x3a fp=0xc440400b20 sp=0xc440400ad0*PdfParser).LookupByReference(0xc420018640, 0xa0, 0x0, 0x4992, 0x1191870, 0x0, 0xc42f2ab0e0)
	/Users/Metalnem/Go/src/ +0xfb fp=0xc440400b78 sp=0xc440400b20*PdfParser).Trace(0xc420018640, 0x1233800, 0xc42f2aadf0, 0x0, 0x0, 0x0, 0x0)
	/Users/Metalnem/Go/src/ +0xe6 fp=0xc440400bd8 sp=0xc440400b78*PdfParser).parseIndirectObject(0xc420018640, 0x1000, 0x1000, 0xc436669000, 0x1000)
	/Users/Metalnem/Go/src/ +0xe7c fp=0xc440400e08 sp=0xc440400bd8*PdfParser).lookupByNumber(0xc420018640, 0xa0, 0xc42002a801, 0x1400000, 0x0, 0xc42f2aab60, 0x0, 0xc423aa4180)
	/Users/Metalnem/Go/src/ +0xd1a fp=0xc440400ff0 sp=0xc440400e08*PdfParser).lookupByNumberWrapper(0xc420018640, 0xa0, 0x1193e01, 0x17, 0xc42f2aab60, 0x1, 0x1, 0xc42f2aab90)
	/Users/Metalnem/Go/src/ +0x42 fp=0xc440401058 sp=0xc440400ff0*PdfParser).LookupByNumber(0xc420018640, 0xa0, 0x17, 0xc42f2aab60, 0x1, 0x1)
	/Users/Metalnem/Go/src/ +0x3a fp=0xc4404010a8 sp=0xc440401058*PdfParser).LookupByReference(0xc420018640, 0xa0, 0x0, 0x4992, 0x1191870, 0x0, 0xc42f2aab30)
	/Users/Metalnem/Go/src/ +0xfb fp=0xc440401100 sp=0xc4404010a8*PdfParser).Trace(0xc420018640, 0x1233800, 0xc42f2aa860, 0x0, 0x0, 0x0, 0x0)

This bug was found with the help of go-fuzz.


This comment has been minimized.

Metalnem commented Jul 20, 2017

This bug exists in both master and v2.

@gunnsth gunnsth added the bug label Jul 20, 2017

@gunnsth gunnsth closed this in 6e30b10 Jul 25, 2017

@gunnsth gunnsth modified the milestone: v2.0.1 Aug 3, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment