CVE-2020-16592: UAF in binutils BFD section merging

CVE-2020-16592 — Use-after-free in GNU binutils 2.34 BFD library (bfd/merge.c) during section merging. _bfd_add_merge_section links secinfo into sinfo->chain BEFORE calling bfd_get_full_section_contents(&contents). For compressed/decompress-in-place sections, the callee rebinds *ptr to a fresh bfd_malloc buffer that is never copied back into secinfo->contents, so secinfo->contents holds uninitialized/stale memory. On the error_return path only *psecinfo=NULL is set, leaving a dangling secinfo entry in sinfo->chain. Later during relocation processing the linker calls _bfd_merged_section_offset (bfd/merge.c:871) from elflink.c, dereferencing the dangling secinfo->contents/htab and triggering heap-use-after-free reachable via objdump/ld/nm on a crafted ELF.