we were playing around with bfd-related apps in Gentoo and ended up finding 
that many can be overflowed with junk binaries

Sebastian Krahmer from SuSe proposed this patch which fixes some of the 
overflows (should apply cleanly to mainline and the 2.16 branch):
http://viewcvs.gentoo.org/src/patchsets/binutils/2.16/81_all_binutils-2.15-bfd-overflow.patch?root=gentoo&rev=1.1

however, at least one issue still remains.  find attached a small binary 
which, when you run `strings` on it, triggers a segfault:

$ strings --version
GNU strings 2.16
Copyright 2005 Free Software Foundation, Inc.
This program is free software; you may redistribute it under the terms of
the GNU General Public License.  This program has absolutely no warranty.

$ gdb --args strings strings.114 
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run
Starting 
program: /var/tmp/portage/binutils-2.16/binutils/strings /root/strings.114

Program received signal SIGSEGV, Segmentation fault.
0x0000000000422048 in bfd_elf_string_from_elf_section (abfd=0x5a9090, 
shindex=26, strindex=11) at elf.c:288
288       if (hdr->contents == NULL
(gdb) bt
#0  0x0000000000422048 in bfd_elf_string_from_elf_section (abfd=0x5a9090, 
shindex=26, strindex=11) at elf.c:288
#1  0x000000000042546f in bfd_section_from_shdr (abfd=0x5a9090, shindex=1) at 
elf.c:1713
#2  0x00000000004522f8 in bfd_elf32_object_p (abfd=0x5a9090) at elfcode.h:723
#3  0x000000000040a2df in bfd_check_format_matches (abfd=0x5a9090, 
format=bfd_object, matching=0x0) at format.c:228
#4  0x000000000040a07c in bfd_check_format (abfd=0x5a9090, format=bfd_object) 
at format.c:91
#5  0x000000000040243a in strings_object_file (file=0x7fffffb25439 
"/root/strings.114") at strings.c:358
#6  0x0000000000402532 in strings_file (file=0x7fffffb25439 
"/root/strings.114") at strings.c:397
#7  0x000000000040230f in main (argc=2, argv=0x7fffffb24868) at strings.c:306
-mike