Hi, I found a bug in objdump-2.34 by my fuzzing research tool (not published yet), which I ran with ASAN and shows the information below.
Information and also the 11 similar crashes in an archive file are in the attachment.
I hope this will help.
natalie@mars:~/Research/Bug$ ./objdump --dwarf-check -C -g -f -dwarf -x '/home/natalie/Research/Bug/objdump-2.34/crash/id:000000,sig:06,src:010091,op:havoc,rep:16'
/home/natalie/Research/Bug/objdump-2.34/crash/id:000000,sig:06,src:010091,op:havoc,rep:16: file format pei-i386
/home/natalie/Research/Bug/objdump-2.34/crash/id:000000,sig:06,src:010091,op:havoc,rep:16
architecture: i386, flags 0x00000018:
HAS_DEBUG, HAS_SYMS
start address 0x00000000
Characteristics 0x104
line numbers stripped
32 bit words
Time/Date Thu Jan 1 08:00:00 1970
Magic 0000
MajorLinkerVersion 0
MinorLinkerVersion 0
SizeOfCode 00000000
SizeOfInitializedData 00000000
SizeOfUninitializedData 00000000
AddressOfEntryPoint 00000000
BaseOfCode 00000000
BaseOfData 00000000
ImageBase 00000000
SectionAlignment 00000000
FileAlignment 00000000
MajorOSystemVersion 0
MinorOSystemVersion 0
MajorImageVersion 0
MinorImageVersion 0
MajorSubsystemVersion 0
MinorSubsystemVersion 0
Win32Version 00000000
SizeOfImage 00000000
SizeOfHeaders 00000000
CheckSum 00000000
Subsystem 00000000 (unspecified)
DllCharacteristics 00000000
SizeOfStackReserve 00000000
SizeOfStackCommit 00000000
SizeOfHeapReserve 00000000
SizeOfHeapCommit 00000000
LoaderFlags 00000000
NumberOfRvaAndSizes 00000000
The Data Directory
Entry 0 00000000 00000000 Export Directory [.edata (or where ever we found it)]
Entry 1 00000000 00000000 Import Directory [parts of .idata]
Entry 2 00000000 00000000 Resource Directory [.rsrc]
Entry 3 00000000 00000000 Exception Directory [.pdata]
Entry 4 00000000 00000000 Security Directory
Entry 5 00000000 00000000 Base Relocation Directory [.reloc]
Entry 6 00000000 00000000 Debug Directory
Entry 7 00000000 00000000 Description Directory
Entry 8 00000000 00000000 Special Directory
Entry 9 00000000 00000000 Thread Storage Directory [.tls]
Entry a 00000000 00000000 Load Configuration Directory
Entry b 00000000 00000000 Bound Import Directory
Entry c 00000000 00000000 Import Address Table Directory
Entry d 00000000 00000000 Delay Import Directory
Entry e 00000000 00000000 CLR Runtime Header
Entry f 00000000 00000000 Reserved
Sections:
Idx Name Size VMA LMA File off Algn Flags
0 .idata$4 00000004 00000000 00000000 00000000 2**2 CONTENTS, ALLOC, LOAD, RELOC
1 .idata$5 00000004 00000000 00000000 00000000 2**2 CONTENTS, ALLOC, LOAD, RELOC
2 .idata$6 00000004 00000000 00000000 00000000 2**2 CONTENTS, ALLOC, LOAD
3 .text 00000008 00000000 00000000 00000000 2**2 CONTENTS, ALLOC, LOAD, RELOC, CODE
SYMBOL TABLE:
[ 0](sec 0)(fl 0x00)(ty 0)(scl 3) (nx 0) 0x00000000 .idata$4
[ 1](sec 1)(fl 0x00)(ty 0)(scl 3) (nx 0) 0x00000000 .idata$5
[ 2](sec 2)(fl 0x00)(ty 0)(scl 3) (nx 0) 0x00000000 .idata$6
[ 3](sec 1)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000 _imp_
[ 4](sec 3)(fl 0x00)(ty 0)(scl 3) (nx 0) 0x00000000 .text
[ 5](sec 3)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000
[ 6](sec 0)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000 _IMPORT_DESCRIPTOR_
Disassembly of section .text:
00000000 <.text>:
0: ff 25 00 00 00 00 jmp *0x0 2: dir32 _imp_
6: 90 nop
7: 90 nop
debug_name_type: no current file
=================================================================
==28956==ERROR: AddressSanitizer: attempting free on address which was not malloc()-ed: 0x61e0000004e0 in thread T0
#0 0x4f2b58 in __interceptor_free /home/natalie/Research/LLVM/src/llvm-8.0.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3
#1 0x930929 in _bfd_coff_free_symbols (/home/natalie/Research/Bug/objdump+0x930929)
#2 0x94784c in _bfd_coff_close_and_cleanup (/home/natalie/Research/Bug/objdump+0x94784c)
#3 0x6b3960 in bfd_close_all_done (/home/natalie/Research/Bug/objdump+0x6b3960)
#4 0x53450c in display_file (/home/natalie/Research/Bug/objdump+0x53450c)
#5 0x533811 in main (/home/natalie/Research/Bug/objdump+0x533811)
#6 0x7fe6d16ba1e2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x271e2)
#7 0x41f60d in _start (/home/natalie/Research/Bug/objdump+0x41f60d)
0x61e0000004e0 is located 1120 bytes inside of 2505-byte region [0x61e000000080,0x61e000000a49)
allocated by thread T0 here:
#0 0x4f2f37 in malloc /home/natalie/Research/LLVM/src/llvm-8.0.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:146:3
#1 0x6adebc in bfd_malloc (/home/natalie/Research/Bug/objdump+0x6adebc)
#2 0x6ae174 in bfd_zmalloc (/home/natalie/Research/Bug/objdump+0x6ae174)
#3 0x8cb5e8 in pe_ILF_build_a_bfd (/home/natalie/Research/Bug/objdump+0x8cb5e8)
#4 0x8ca374 in pe_ILF_object_p (/home/natalie/Research/Bug/objdump+0x8ca374)
#5 0x8c23ea in pe_bfd_object_p (/home/natalie/Research/Bug/objdump+0x8c23ea)
#6 0x6a7d7d in bfd_check_format_matches (/home/natalie/Research/Bug/objdump+0x6a7d7d)
#7 0x534aa9 in display_object_bfd (/home/natalie/Research/Bug/objdump+0x534aa9)
#8 0x5349b9 in display_any_bfd (/home/natalie/Research/Bug/objdump+0x5349b9)
#9 0x5344e8 in display_file (/home/natalie/Research/Bug/objdump+0x5344e8)
#10 0x533811 in main (/home/natalie/Research/Bug/objdump+0x533811)
#11 0x7fe6d16ba1e2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x271e2)
SUMMARY: AddressSanitizer: bad-free /home/natalie/Research/LLVM/src/llvm-8.0.1.src/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:124:3 in __interceptor_free
==28956==ABORTING