Index: include/llvm/Object/ELF.h
===================================================================
--- include/llvm/Object/ELF.h
+++ include/llvm/Object/ELF.h
@@ -146,7 +146,10 @@
     uint64_t Size = sec->sh_size;
     if (Size % sizeof(Elf_Rela))
       report_fatal_error("Invalid relocation table size");
-    return rela_begin(sec) + Size / sizeof(Elf_Rela);
+    const Elf_Rela *Begin = rela_begin(sec);
+    if (reinterpret_cast<const uint8_t *>(Begin + Size) >= base() + Buf.size())
+      report_fatal_error("Invalid relocation entry size");
+    return Begin + Size / sizeof(Elf_Rela);
   }
 
   Elf_Rela_Range relas(const Elf_Shdr *Sec) const {
@@ -165,7 +168,10 @@
     uint64_t Size = sec->sh_size;
     if (Size % sizeof(Elf_Rel))
       report_fatal_error("Invalid relocation table size");
-    return rel_begin(sec) + Size / sizeof(Elf_Rel);
+    const Elf_Rel *Begin = rel_begin(sec);
+    if (reinterpret_cast<const uint8_t *>(Begin + Size) >= base() + Buf.size())
+      report_fatal_error("Invalid relocation entry size");
+    return Begin + Size / sizeof(Elf_Rel);
   }
 
   Elf_Rel_Range rels(const Elf_Shdr *Sec) const {
Index: test/Object/invalid.test
===================================================================
--- test/Object/invalid.test
+++ test/Object/invalid.test
@@ -64,3 +64,9 @@
 RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_offset.elf-x86-64 2>&1 | \
 RUN:   FileCheck --check-prefix=INVALID-RELOC-SH-OFFSET %s
 INVALID-RELOC-SH-OFFSET: Invalid relocation entry offset
+
+RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_size.elf-i386 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-RELOC-SH-SIZE %s
+RUN: not llvm-readobj -r %p/Inputs/invalid-relocation-sec-sh_size.elf-x86-64 2>&1 | \
+RUN:   FileCheck --check-prefix=INVALID-RELOC-SH-SIZE %s
+INVALID-RELOC-SH-SIZE: Invalid relocation entry size