On Fri, Nov 28, 2014 at 10:24:46PM +0100, Mark Wielaard wrote:
> We already checked this in all other cases except for the special case
> of relocs in statically_linked executables. Found with afl.

Sorry, this patch is bogus. It works around the actual cause.
The destshdr should not be NULL to begin with. We actually check that
before processing the relocations. But when we see a STT_SECTION symbol
relocation we reuse destshdr to lookup that section. The correct fix is
to not trash destshdr in that case. Which the attached patch does.

Cheers,

Mark