vulnerabilities in libbfd (CVE-2014-beats-me)

[Michal Zalewski]

> We could cook a (simple) ELF fuzzer and run it on Binutils with
> AddressSanitizer enabled.  Perhaps there is one I'm unaware of? Traditional
> fuzzers like afl are necessarily limited for highly structured inputs.

Either way should give you decent results. Pretty sure that you'd get
decent mileage out of afl - it can get pretty far with binary files.

/mz