CVE-2021-3487: binutils readelf OOB read in fetch_indexed_string (.debug_str_offsets)

CVE-2021-3487: binutils 2.35 readelf has an out-of-bounds read in fetch_indexed_string() in binutils/dwarf.c when displaying DWARF debug information that references the .debug_str_offsets section. The function reads a length field from the file header and uses it as the bound for index_offset (if (index_offset >= length)), but never validates that length itself fits within the actual section size (end - curr). The pre-existing 'sanity check' at lines 773-780 uses inverted comparison operators (curr + length < end - 8), so an attacker who supplies a header length much larger than the real section evades all checks. The subsequent byte_get(curr + index_offset, offset_size) at line 796 then reads off the end of the mapped section, causing OOB read / DoS / potential info disclosure.