Verify that section header offset is not past EOF

MFC After:	1 week
Sponsored by:	The FreeBSD Foundation

1 files changed, 2 insertions, 1 deletions

diff --git a/contrib/elftoolchain/libelf/elf_scn.c b/contrib/elftoolchain/libelf/elf_scn.c
index 209e2ef..9a9c816 100644
--- a/contrib/elftoolchain/libelf/elf_scn.c
+++ b/contrib/elftoolchain/libelf/elf_scn.c
@@ -60,7 +60,8 @@ _libelf_load_section_headers(Elf *e, void *ehdr)
 	assert((e->e_flags & LIBELF_F_SHDRS_LOADED) == 0);
 
 #define	CHECK_EHDR(E,EH)	do {				\
-		if (fsz != (EH)->e_shentsize ||			\
+		if (shoff > e->e_rawsize ||			\
+		    fsz != (EH)->e_shentsize ||			\
 		    shnum > SIZE_MAX / fsz ||			\
 		    fsz * shnum > e->e_rawsize - shoff) {	\
 			LIBELF_SET_ERROR(HEADER, 0);		\