Index: llvm/trunk/include/llvm/Object/ELF.h
===================================================================
--- llvm/trunk/include/llvm/Object/ELF.h
+++ llvm/trunk/include/llvm/Object/ELF.h
@@ -137,6 +137,8 @@
   const Elf_Rela *rela_begin(const Elf_Shdr *sec) const {
     if (sec->sh_entsize != sizeof(Elf_Rela))
       report_fatal_error("Invalid relocation entry size");
+    if (sec->sh_offset >= Buf.size())
+      report_fatal_error("Invalid relocation entry offset");
     return reinterpret_cast<const Elf_Rela *>(base() + sec->sh_offset);
   }
 
@@ -154,6 +156,8 @@
   const Elf_Rel *rel_begin(const Elf_Shdr *sec) const {
     if (sec->sh_entsize != sizeof(Elf_Rel))
       report_fatal_error("Invalid relocation entry size");
+    if (sec->sh_offset >= Buf.size())
+      report_fatal_error("Invalid relocation entry offset");
     return reinterpret_cast<const Elf_Rel *>(base() + sec->sh_offset);
   }
 
Index: llvm/trunk/test/Object/invalid.test
===================================================================
--- llvm/trunk/test/Object/invalid.test
+++ llvm/trunk/test/Object/invalid.test
@@ -58,3 +58,9 @@
 RUN: not llvm-readobj -t %p/Inputs/invalid-ext-symtab-index.elf-x86-64 2>&1 | \
 RUN:   FileCheck --check-prefix=INVALID-EXT-SYMTAB-INDEX %s
 INVALID-EXT-SYMTAB-INDEX: Invalid symbol table index
+
+RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-i386 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
+RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
+INVALID-RELOC-SH-OFFSET: Invalid relocation entry offset