From fe3fef62ad11115fc3b03c0c0dcb9c38b2f544cb Mon Sep 17 00:00:00 2001
From: Alan Modra <amodra@gmail.com>
Date: Fri, 15 Mar 2019 16:49:59 +1030
Subject: [PATCH] PR24339, segfault on NULL symbol section

	PR 24339
	* elflink.c (elf_link_add_object_symbols): Bail out on a local
	symbol after globals if elf_bad_symtab is not set.
---
 bfd/ChangeLog | 6 ++++++
 bfd/elflink.c | 8 +++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/bfd/ChangeLog b/bfd/ChangeLog
index eacd828..b044fad 100644
--- a/bfd/ChangeLog
+++ b/bfd/ChangeLog
@@ -1,5 +1,11 @@
 2019-03-15  Alan Modra  <amodra@gmail.com>
 
+	PR 24339
+	* elflink.c (elf_link_add_object_symbols): Bail out on a local
+	symbol after globals if elf_bad_symtab is not set.
+
+2019-03-15  Alan Modra  <amodra@gmail.com>
+
 	PR 24337
 	* elf.c (_bfd_elf_rela_local_sym): Don't segfault on NULL sec.
 	(_bfd_elf_rel_local_sym): Likewise.
diff --git a/bfd/elflink.c b/bfd/elflink.c
index 2600c39..09990a4 100644
--- a/bfd/elflink.c
+++ b/bfd/elflink.c
@@ -4442,7 +4442,13 @@ error_free_dyn:
 	     global symbols follow all local symbols, and that sh_info
 	     point to the first global symbol.  Unfortunately, Irix 5
 	     screws this up.  */
-	  continue;
+	  if (elf_bad_symtab (abfd))
+	    continue;
+
+	  /* If we aren't prepared to handle locals within the globals
+	      then we'll likely segfault on a NULL section.  */
+	  bfd_set_error (bfd_error_bad_value);
+	  goto error_free_vers;
 
 	case STB_GLOBAL:
 	  if (isym->st_shndx != SHN_UNDEF && !common)
-- 
2.7.4