I found a repeatable denial of service crash in readelf while fuzzing with some ELF objects the other day. Here is the GDB trace: ... Program received signal SIGSEGV, Segmentation fault. 0x08069c99 in byte_get_little_endian (field=0x8d784b8 <Address 0x8d784b8 out of bounds>, size=4) at dwarf.c:68 68 return ((unsigned long) (field[0])) (gdb) bt #0 0x08069c99 in byte_get_little_endian (field=0x8d784b8 <Address 0x8d784b8 out of bounds>, size=4) at dwarf.c:68 #1 0x0805bbfb in process_version_sections (file=0x8088058) at readelf.c:6596 #2 0x0806264e in process_object (file_name=<value optimized out>, file=0x8088058) at readelf.c:9599 #3 0x08064eae in main (argc=Cannot access memory at address 0xcf0010 ... You can find the elf object at http://www.structsoftware.net/elf-crashes-readelf - chris
http://sourceware.org/ml/binutils-cvs/2007-09/msg00044.html
*** Bug 5013 has been marked as a duplicate of this bug. ***