Index: include/llvm/Object/ELF.h
===================================================================
--- include/llvm/Object/ELF.h
+++ include/llvm/Object/ELF.h
@@ -120,6 +120,8 @@
       return nullptr;
     if (Sec->sh_entsize != sizeof(Elf_Sym))
       report_fatal_error("Invalid symbol size");
+    if (Sec->sh_offset >= Buf.size())
+      report_fatal_error("Invalid symbol offset");
     return reinterpret_cast<const Elf_Sym *>(base() + Sec->sh_offset);
   }
   const Elf_Sym *symbol_end(const Elf_Shdr *Sec) const {
Index: test/Object/invalid.test
===================================================================
--- test/Object/invalid.test
+++ test/Object/invalid.test
@@ -37,6 +37,9 @@
 RUN: not llvm-readobj -t %p/Inputs/invalid-sh_entsize.elf 2>&1 | FileCheck --check-prefix=INVALID-SYM-SIZE %s
 INVALID-SYM-SIZE: Invalid symbol size
 
+RUN: not llvm-readobj -t %p/Inputs/invalid-sh_offset.elf 2>&1 | FileCheck --check-prefix=INVALID-SYM-OFFSET %s
+INVALID-SYM-OFFSET: Invalid symbol offset
+
 RUN: not llvm-readobj --dyn-symbols %p/Inputs/invalid-sh_entsize.elf 2>&1 | FileCheck --check-prefix=INVALID-DYNSYM-SIZE %s
 INVALID-DYNSYM-SIZE: Invalid entity size