CVE-2022-38126: memory leak in binutils display_debug_abbrev

CVE-2022-38126: binutils dwarf.c (readelf/objdump --debug-dump=abbrev) leaks memory when processing malformed DWARF abbreviation tables. In display_debug_abbrev() (binutils/dwarf.c lines 6214-6269), each iteration of the outer do...while(start) loop calls new_abbrev_list(0, offset) which xcallocs an abbrev_list and prepends it onto the GLOBAL static abbrev_lists chain. process_abbrev_set() then xmalloc's abbrev_entry and abbrev_attr nodes attached to that list. display_debug_abbrev never calls free_all_abbrevs() before returning, so every list (including empty lists generated by zero-padded or fuzzed .debug_abbrev / .trace_abbrev sections, which are explicitly legal in DWARF5) leaks for the duration of the process. With multiple .trace_abbrev sections or crafted offsets, an attacker can drive unbounded heap growth and DoS the tool. The same caching pattern is also leaky in process_debug_info around dwarf.c:3604 and :3810.