CVE-2020-16592: binutils libbfd UAF in section merging via hash table resize

CVE-2020-16592 is a use-after-free in GNU binutils 2.34 libbfd's section merging code. When sec_merge_hash_lookup (bfd/merge.c:137) processes SEC_MERGE entries with duplicate strings of differing alignment, it marks the existing entry as deleted (len=0, alignment=0) without unlinking it from the hash chain, then calls bfd_hash_insert (bfd/hash.c:502). If the insertion crosses the 3/4 load-factor threshold, bfd_hash_insert resizes the table by rewriting every entry's ->next pointer (lines 544-557). External pointers held by the section-merge subsystem — particularly sinfo->htab->first, sinfo->htab->last, and the e->next chain walked by _bfd_merge_sections and merge_strings — become stale. Subsequent dereferences in _bfd_merged_section_offset during relocation processing cause heap-use-after-free reads/writes. Triggered by crafted ELF files passed to objdump/nm/ld.