On Thu, 2014-11-06 at 10:25 -0800, Roland McGrath wrote:
> >           /* First see whether the information in the section header is
> >              valid and it does not ask for too much.  */
> >           if (unlikely (offset + size > elf->maximum_size))
> 
> This is not overflow-proof.

Missed that one. So the full fix would be as attached.