Created attachment 6857 [details] ar archive 1 readelf gets a segmentation fault on printing headers on malicous ar archives (included in metasploit framework) ./binutils/readelf -h /tmp/metasploit/external/source/byakugan/i386/byakugan.lib [1] 32176 segmentation fault (core dumped) ./binutils/readelf -h gdb: #0 0x000000000042d6c9 in get_archive_member_name (arch=0x7fff41f5dcd0, nested_arch=0x7fff41f5dd70) at elfcomm.c:599 599 j--; (gdb) p j $1 = 1257796941 (gdb) p arch->longnames_size $2 = 0 (gdb) p arch->longnames $3 = 0x0 (gdb) p arch->arhdr.ar_name + 1 $4 = 0x7fff41f5dd29 ' ' <repeats 15 times>, "1257796941", ' ' <repeats 14 times>, "0 964 `\n"
Created attachment 6858 [details] ar archive 2
Created attachment 6859 [details] ar archive 3
Created attachment 6860 [details] ar archive 4
Already Fixed. See: binutils/ChangeLog * elfcomm.c (get_archive_member_name): Prevent seg-fault if a corrupt archive uses long names but has no long name table. Cheers Nick