On Thu, 2014-12-04 at 15:27 +0100, Mark Wielaard wrote:
> Thanks! We have been fixing various issues the last couple of weeks
> and I just pushed some my fixes to git master. So if you could retry
> against the very latest git checkout that would be very helpful.
> I'll run your crashers locally against my tree and will report which
> issues still exist.

Good news, the asserts from readelf-asserts.tar.gz don't trigger anymore
and the command seems to run fine.

Mixed news, some of the crashes in readelf-crashes.tar.gz have been
fixed (1e76f17f, 66ad10d4). But a lot still crash. The somewhat good
news is that all of the crashes seem to come from either handling
archives or debuginfo, both of which haven't seen much robustness fixes
yet. And most of the crashes are the same in
__libdw_form_val_compute_len which does a strlen and runs out of the
debug section data. We'll need to pass around the length of the data
section and use strnlen here. But still some more work to do.

Bad news, all of the eu-objdump crashes are still there. The good news
is that all but one (af293379) that deals with ar archives again are
simple to fix by some sanity checks. Patch attached and pushed to
master.

Thanks,

Mark