diff -rup a/elf/dl-load.c b/elf/dl-load.c

--- a/elf/dl-load.c	2012-02-03 10:59:58.917870716 -0700

+++ b/elf/dl-load.c	2012-02-03 11:01:01.796580644 -0700

@@ -1130,6 +1130,16 @@ _dl_map_object_from_fd (const char *name

 		= N_("ELF load command address/offset not properly aligned");

 	      goto call_lose;

 	    }

+	  if (__builtin_expect ((ph->p_offset + ph->p_filesz > st.st_size), 0))

+	    {

+	      /* If the segment requires zeroing of part of its last

+		 page, we'll crash when accessing the unmapped page.

+		 There's still a possibility of a race, if the shared

+		 object is truncated between the fxstat above and the

+		 memset below.  */

+	      errstring = N_("ELF load command past end of file");

+	      goto call_lose;

+	    }

 	  c = &loadcmds[nloadcmds++];

 	  c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1);

Only in b/elf: dl-load.c.orig