cat > a.lds <<e SECTIONS { . = 0xffffffff80000000; . += 0x100000; _text = .; } e as --32 /dev/null -o a.o ld.bfd -m elf_i386 -T a.lds a.o -M Memory Configuration Name Origin Length Attributes *default* 0x0000000000000000 0xffffffffffffffff Linker script and memory map 0xffffffff80000000 . = 0xffffffff80000000 0xffffffff80100000 . = (. + 0x100000) 0xffffffff80100000 _text = . LOAD a.o OUTPUT(a.out elf32-i386) .text 0xffffffff80100000 0x0 .text 0xffffffff80100000 0x0 a.o ... 0xffffffff80000000 will be truncated to 0x80000000. Similarly, 0x0fffffff80000000 will be truncated to 0x80000000. I think rejecting such addresses may be more reasonable.
Some 32-bit targets interpret VMAs as signed. See elf_backend_sign_extend_vma. For those targets the valid range of addresses is 0xffffffff80000000 to 0x7fffffff. I don't see much benefit in diagnosing out of range addresses. Also note that there are practical difficulties in implementing such bounds checking given that we'd like to have a 32-bit target linker behave the same whether it is compiled for a 32-bit host or 64-bit host.
As per comment #1