Index: include/llvm/Object/ELF.h
===================================================================
--- include/llvm/Object/ELF.h
+++ include/llvm/Object/ELF.h
@@ -137,6 +137,8 @@
   const Elf_Rela *rela_begin(const Elf_Shdr *sec) const {
     if (sec->sh_entsize != sizeof(Elf_Rela))
       report_fatal_error("Invalid relocation entry size");
+    if (sec->sh_offset >= Buf.size())
+      report_fatal_error("Invalid relocation entry offset");
     return reinterpret_cast<const Elf_Rela *>(base() + sec->sh_offset);
   }
 
@@ -154,6 +156,8 @@
   const Elf_Rel *rel_begin(const Elf_Shdr *sec) const {
     if (sec->sh_entsize != sizeof(Elf_Rel))
       report_fatal_error("Invalid relocation entry size");
+    if (sec->sh_offset >= Buf.size())
+      report_fatal_error("Invalid relocation entry offset");
     return reinterpret_cast<const Elf_Rel *>(base() + sec->sh_offset);
   }
 
Index: test/Object/invalid.test
===================================================================
--- test/Object/invalid.test
+++ test/Object/invalid.test
@@ -54,3 +54,9 @@
 
 RUN: not llvm-readobj -t %p/Inputs/invalid-xindex-size.elf 2>&1 | FileCheck --check-prefix=INVALID-XINDEX-SIZE %s
 INVALID-XINDEX-SIZE: Invalid data was encountered while parsing the file.
+
+RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-i386 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
+RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
+INVALID-RELOC-SH-OFFSET: Invalid relocation entry offset