pax-utils is a set of tools that check files for security relevant properties.
A fuzz on dumpelf shows multiple divide-by-zero . They was reported to vapier which fixed the issues immediately.
Unfortunately I can’t get the ASan stacktrace, so I will show only the useful(not at all) part of the crash.
# dumpelf $FILE FPE on unknown address 0x00000051ca65 (pc 0x00000051ca65 bp 0x7ffc31bb6f80 sp 0x7ffc31bb6e40 T0)
# dumpelf $FILE FPE on unknown address 0x00000051d335 (pc 0x00000051d335 bp 0x7ffc17babf80 sp 0x7ffc17babe40 T0)
# dumpelf $FILE FPE on unknown address 0x00000051db76 (pc 0x00000051db76 bp 0x7ffdf90fff80 sp 0x7ffdf90ffe40 T0)
These bugs were discovered by Agostino Sarubbo of Gentoo.
2017-01-30: bug discovered and reported to upstream
2017-02-01: upstream released a patch
2017-02-04: blog post about the issue
These bugs were found with American Fuzzy Lop.