Uncovering a few SIGSEGVs in binutils' BFD and GLIBC
Introduction A few years ago I released an ELF file format fuzzer, Melkor , and recently just came up with the idea to fuzz the parsers in binutils ’ BFD library, through ld at the linking phase, and the parsers and loader(s) in GLIBC to see if there could be something interesting. To continue reading, all the scripts, output and analysis can be downloaded from here: http://brainoverflow.org/papers/BFD-GLIBC_Fuzzing/ Preamble Before running we need to walk; that said, we need to see the different scenarios where ELF files take places when building an executable. As explained in [1], when you type gcc foo.c -o foo , gcc only performs the preprocessing and compilation, and later on it acts a wrapper that launches the programs in charge of the subsequent phases: assembly and linking, achieved by the GNU assembler ( as ) and the GNU linker ( ld ) respectively, and both part of GNU binutils. In the end, at the linking phase, ELF files, particularly object fi...