1 files changed, 11 insertions, 2 deletions

diff --git a/libelf/elf_rand.c b/libelf/elf_rand.c
index eb2c9eaa2c1a..ac3bd0bc60e0 100644
--- a/libelf/elf_rand.c
+++ b/libelf/elf_rand.c
@@ -29,16 +29,25 @@
 
 #include "_libelf.h"
 
-ELFTC_VCSID("$Id: elf_rand.c 3174 2015-03-27 17:13:41Z emaste $");
+ELFTC_VCSID("$Id: elf_rand.c 3716 2019-03-18 22:01:01Z jkoshy $");
 
 off_t
 elf_rand(Elf *ar, off_t offset)
 {
 	struct ar_hdr *arh;
+	off_t offset_of_member;
 
 	if (ar == NULL || ar->e_kind != ELF_K_AR ||
 	    (offset & 1) || offset < SARMAG ||
-	    (size_t) offset + sizeof(struct ar_hdr) >= ar->e_rawsize) {
+	    offset >= ar->e_rawsize) {
+		LIBELF_SET_ERROR(ARGUMENT, 0);
+		return 0;
+	}
+
+	offset_of_member = offset + (off_t) sizeof(struct ar_hdr);
+
+	if (offset_of_member <= 0 || /* Numeric overflow. */
+	    offset_of_member >= ar->e_rawsize) {
 		LIBELF_SET_ERROR(ARGUMENT, 0);
 		return 0;
 	}