Bug 700442

Summary: stack overflow in svg_run_element
Product: MuPDF Reporter: zerokeeper <0x0keeper>
Component: mupdfAssignee: MuPDF bugs <mupdf-bugs>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P4    
Version: 1.14.0   
Hardware: PC   
OS: All   
Customer: Word Size: ---
Attachments: mutool-stack-overflow.svg

Description zerokeeper 2019-01-05 14:27:44 UTC 
Hi,mupdf team,i found a stack overflow bug  in function svg_run_element of file svg-run.c

The bug is trigered by:
./mutool draw -F svg -o out.svg mutool-stack-overflow.svg

The asan debug info is as follows:

=================================================================
==13704==ERROR: AddressSanitizer: stack-overflow on address 0x7ffe2743cea0 (pc 0x0000008fd2d9 bp 0x7ffe2743dd50 sp 0x7ffe2743cea0 T0)
    #0 0x8fd2d8 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1059
    #1 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #2 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #3 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #4 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #5 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #6 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #7 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #8 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #9 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #10 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #11 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #12 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #13 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #14 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #15 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #16 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #17 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #18 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #19 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #20 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #21 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #22 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #23 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #24 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #25 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #26 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #27 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #28 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #29 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #30 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #31 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #32 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #33 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #34 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #35 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #36 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #37 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #38 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #39 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #40 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #41 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #42 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #43 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #44 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #45 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #46 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #47 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #48 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #49 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #50 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #51 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #52 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #53 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #54 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #55 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #56 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #57 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #58 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #59 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #60 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #61 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #62 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #63 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #64 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #65 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #66 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #67 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #68 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #69 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #70 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #71 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #72 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #73 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #74 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #75 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #76 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #77 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #78 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #79 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #80 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #81 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #82 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #83 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #84 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #85 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #86 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #87 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #88 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #89 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #90 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #91 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #92 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #93 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #94 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #95 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #96 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #97 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #98 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #99 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #100 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #101 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #102 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #103 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #104 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #105 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #106 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #107 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #108 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #109 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #110 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #111 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #112 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #113 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #114 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #115 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #116 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #117 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #118 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #119 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #120 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #121 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #122 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #123 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #124 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #125 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #126 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #127 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #128 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #129 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #130 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #131 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #132 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #133 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #134 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #135 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #136 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #137 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #138 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #139 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #140 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #141 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #142 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #143 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #144 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #145 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #146 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #147 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #148 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #149 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #150 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #151 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #152 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #153 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #154 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #155 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #156 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #157 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #158 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #159 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #160 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #161 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #162 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #163 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #164 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #165 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #166 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #167 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #168 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #169 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #170 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #171 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #172 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #173 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #174 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #175 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #176 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #177 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #178 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #179 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #180 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #181 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #182 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #183 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #184 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #185 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #186 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #187 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #188 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #189 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #190 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #191 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #192 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #193 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #194 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #195 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #196 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #197 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #198 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #199 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #200 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #201 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #202 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #203 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #204 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #205 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #206 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #207 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #208 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #209 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #210 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #211 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #212 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #213 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #214 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #215 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #216 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #217 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #218 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #219 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #220 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #221 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #222 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #223 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #224 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #225 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #226 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #227 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #228 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #229 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #230 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #231 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #232 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #233 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #234 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #235 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #236 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #237 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #238 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #239 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #240 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #241 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #242 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #243 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #244 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #245 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #246 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #247 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #248 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #249 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #250 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #251 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #252 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #253 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #254 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #255 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #256 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #257 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #258 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #259 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #260 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #261 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #262 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #263 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #264 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #265 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #266 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #267 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #268 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #269 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #270 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #271 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #272 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #273 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #274 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #275 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #276 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #277 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #278 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #279 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #280 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #281 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #282 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #283 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #284 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #285 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #286 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #287 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #288 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #289 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #290 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #291 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #292 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #293 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #294 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #295 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #296 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #297 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #298 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #299 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #300 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #301 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #302 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #303 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #304 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #305 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #306 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #307 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #308 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #309 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #310 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #311 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #312 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #313 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #314 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #315 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #316 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #317 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #318 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #319 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #320 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #321 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #322 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #323 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #324 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #325 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #326 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #327 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #328 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #329 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #330 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #331 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #332 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #333 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #334 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #335 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #336 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #337 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #338 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #339 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #340 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #341 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #342 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #343 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #344 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #345 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #346 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #347 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #348 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #349 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #350 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #351 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #352 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #353 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #354 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #355 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #356 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #357 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #358 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #359 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #360 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #361 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #362 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #363 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #364 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #365 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #366 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #367 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #368 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #369 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #370 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3
    #371 0x8fde38 in svg_run_use /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1047:5
    #372 0x8fde38 in svg_run_element /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1077
    #373 0x901297 in svg_run_use_symbol /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1020:3

SUMMARY: AddressSanitizer: stack-overflow /root/fuzz/test/mupdf-1.14.0-source/source/svg/svg-run.c:1059 in svg_run_element
==13704==ABORTING
➜  sanitize
➜  sanitize gef mutool
zsh: command not found: gef
➜  sanitize gdb  mutool
GNU gdb (Debian 7.12-6+b1) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
GEF for linux ready, type `gef' to start, `gef config' to configure
68 commands loaded for GDB 7.12.0.20161007-git using Python engine 3.6
[*] 5 commands could not be loaded, run `gef missing` to know why.
Reading symbols from mutool...done.
gef➤  q
➜  sanitize
➜  sanitize gdb  -q  mutool
GEF for linux ready, type `gef' to start, `gef config' to configure
68 commands loaded for GDB 7.12.0.20161007-git using Python engine 3.6
[*] 5 commands could not be loaded, run `gef missing` to know why.
Reading symbols from mutool...done.
gef➤  set args draw -F svg -o out.svg mutool-stack-overflow.svg
gef➤  r
Starting program: /root/fuzz/test/mupdf-1.14.0-source/build/sanitize/mutool draw -F svg -o out.svg mutool-stack-overflow.svg
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
warning: push viewport: 0 0 12 792

Program received signal SIGSEGV, Segmentation fault.
[ Legend: Modified register | Code | Heap | Stack | String ]
──────────────────────────────────────────────────────────────────────────────────────────── registers ────
$rax   : 0x0
$rbx   : 0x00007fffff7ffda0  →  0x0000000000000000
$rcx   : 0x00006210000066b8  →  0x0000000000657375  →  <fz_flatten_stroke_path+389> add BYTE PTR [rax], al
$rdx   : 0x000060e000000120  →  0x0000000000000001
$rsp   : 0x7fffff7fefe0
$rbp   : 0x00007fffff7ffe90  →  0x00007fffff800110  →  0x00007fffff800fd0  →  0x00007fffff801250  →  0x00007fffff802110  →  0x00007fffff802390  →  0x00007fffff803250  →  0x00007fffff8034d0
$rsi   : 0x000061f000000080  →  0x0000000000000001
$rdi   : 0x000060e000000040  →  0x0000000000000000
$rip   : 0x00000000008fd2d9  →  <svg_run_element+153> mov QWORD PTR [r15], 0x41b58ab3
$r8    : 0x00007fffff7fff00  →  0x000000003f800000
$r9    : 0x00000000042680f0  →  0x0000000000000003
$r10   : 0xfffffffffffffffc
$r11   : 0x1ffffffeffa8
$r12   : 0x000061f000000080  →  0x0000000000000001
$r13   : 0xf8f8f8f8f8f8f8f8
$r14   : 0x000060e000000040  →  0x0000000000000000
$r15   : 0x7fffff7fefe0
$eflags: [zero carry parity adjust sign trap INTERRUPT direction overflow RESUME virtualx86 identification]
$cs: 0x0033 $ss: 0x002b $ds: 0x0000 $es: 0x0000 $fs: 0x0000 $gs: 0x0000
──────────────────────────────────────────────────────────────────────────────────────────────── stack ────
[!] Unmapped address
────────────────────────────────────────────────────────────────────────────────────────── code:x86:64 ────
     0x8fd2c5 <svg_run_element+133> mov    rsp, r15
     0x8fd2c8 <svg_run_element+136> movabs r13, 0xf8f8f8f8f8f8f8f8
     0x8fd2d2 <svg_run_element+146> mov    QWORD PTR [rbx+0x98], r15
 →   0x8fd2d9 <svg_run_element+153> mov    QWORD PTR [r15], 0x41b58ab3
     0x8fd2e0 <svg_run_element+160> mov    QWORD PTR [r15+0x8], 0x143861d
     0x8fd2e8 <svg_run_element+168> mov    QWORD PTR [r15+0x10], 0x8fd240
     0x8fd2f0 <svg_run_element+176> mov    rax, r15
     0x8fd2f3 <svg_run_element+179> shr    rax, 0x3
     0x8fd2f7 <svg_run_element+183> movabs rcx, 0xf2f8f2f8f1f1f1f1
───────────────────────────────────────────────────────────────────── source:source/svg/svg-run.c+1059 ────
   1054	 	fz_warn(ctx, "svg: cannot find linked symbol");
   1055	 }
   1056
   1057	 static void
   1058	 svg_run_element(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, const svg_state *state)
 → 1059	 {
   1060	 	if (fz_xml_is_tag(root, "svg"))
   1061	 		svg_run_svg(ctx, dev, doc, root, state);
   1062
   1063	 	else if (fz_xml_is_tag(root, "g"))
   1064	 		svg_run_g(ctx, dev, doc, root, state);
────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "mutool", stopped, reason: SIGSEGV
──────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x8fd2d9 → svg_run_element(ctx=<optimized out>, dev=<optimized out>, doc=<optimized out>, root=0x6210000066b8, state=<optimized out>)
[#1] 0x901298 → svg_run_use_symbol(ctx=<optimized out>, dev=0x61f000000080, doc=0x60e000000120, use=0x6210000066b8, symbol=0x621000006618, inherit_state=<optimized out>)
[#2] 0x8fde39 → svg_run_use(ctx=0x60e000000040, dev=0x61f000000080, doc=0x60e000000120, root=0x6210000066b8, inherit_state=0x621000006750)
[#3] 0x8fde39 → svg_run_element(ctx=<optimized out>, dev=<optimized out>, doc=<optimized out>, root=0x6210000066b8, state=<optimized out>)
[#4] 0x901298 → svg_run_use_symbol(ctx=<optimized out>, dev=0x61f000000080, doc=0x60e000000120, use=0x6210000066b8, symbol=0x621000006618, inherit_state=<optimized out>)
[#5] 0x8fde39 → svg_run_use(ctx=0x60e000000040, dev=0x61f000000080, doc=0x60e000000120, root=0x6210000066b8, inherit_state=0x621000006750)
[#6] 0x8fde39 → svg_run_element(ctx=<optimized out>, dev=<optimized out>, doc=<optimized out>, root=0x6210000066b8, state=<optimized out>)
[#7] 0x901298 → svg_run_use_symbol(ctx=<optimized out>, dev=0x61f000000080, doc=0x60e000000120, use=0x6210000066b8, symbol=0x621000006618, inherit_state=<optimized out>)
[#8] 0x8fde39 → svg_run_use(ctx=0x60e000000040, dev=0x61f000000080, doc=0x60e000000120, root=0x6210000066b8, inherit_state=0x621000006750)
[#9] 0x8fde39 → svg_run_element(ctx=<optimized out>, dev=<optimized out>, doc=<optimized out>, root=0x6210000066b8, state=<optimized out>)
───────────────────────────────────────────────────────────────────────────────────────────────────────────
0x00000000008fd2d9 in svg_run_element (ctx=<optimized out>, dev=<optimized out>, doc=<optimized out>, root=0x6210000066b8, state=<optimized out>) at source/svg/svg-run.c:1059
1059	{
gef➤  p 0x8fd2d9
$1 = 0x8fd2d9
gef➤  disa
disable      disassemble
g
Comment 1 zerokeeper 2019-01-05 14:39:47 UTC 
Created attachment 16645 [details]
mutool-stack-overflow.svg
Comment 2 Tor Andersson 2019-01-08 10:24:22 UTC 
*** Bug 700443 has been marked as a duplicate of this bug. ***
Comment 3 Tor Andersson 2019-01-08 10:24:27 UTC 
*** Bug 700444 has been marked as a duplicate of this bug. ***
Comment 4 Tor Andersson 2019-01-08 11:02:08 UTC 
*** Bug 700445 has been marked as a duplicate of this bug. ***
Comment 5 Tor Andersson 2019-01-08 15:36:46 UTC 
commit c8f7e48ff74720a5e984ae19d978a5ab4d5dde5b
Author: Tor Andersson <tor.andersson@artifex.com>
Date:   Tue Jan 8 11:44:59 2019 +0100

    Bug 700442: Add a recursion depth check to prevent infinite recursion.