Problem here in the next part of code:
void EHOutputSection<ELFT>::addSectionAux( EHInputSection<ELFT> *S, iterator_range<const Elf_Rel_Impl<ELFT, IsRela> *> Rels) { ... uint32_t Length = read32<E>(D.data()); Length += 4; ...
Ian Lance Taylor writes: "Read 4 bytes. If they are not 0xffffffff, they are the length of the CIE or FDE record. Otherwise the next 64 bits holds the length, and this is a 64-bit DWARF format. This is like .debug_frame." (http://www.airs.com/blog/archives/460), that also consistent with spec (https://refspecs.linuxfoundation.org/LSB_3.0.0/LSB-PDA/LSB-PDA/ehframechpt.html).
When length was 0xffffffff overflow happened and code executed forward without any error here, failing much later.
Patch implements support of described extended length field and also adds few more checks for safety.
ArrayRef is usually supposed to be passed by value as it's basically a pointer to an array.