diff --git a/contrib/elftoolchain/readelf/readelf.c b/contrib/elftoolchain/readelf/readelf.c
index 6eda0599b6cb..4080f144b2c2 100644
--- a/contrib/elftoolchain/readelf/readelf.c
+++ b/contrib/elftoolchain/readelf/readelf.c
@@ -3740,6 +3740,10 @@ dump_notes_content(struct readelf *re, const char *buf, size_t sz, off_t off)
 		}
 		note = (Elf_Note *)(uintptr_t) buf;
 		buf += sizeof(Elf_Note);
+		if (buf + roundup2(note->n_namesz, 4) > end) {
+			warnx("invalid note header name");
+			return;
+		}
 		name = buf;
 		buf += roundup2(note->n_namesz, 4);
 		/*
@@ -3759,6 +3763,10 @@ dump_notes_content(struct readelf *re, const char *buf, size_t sz, off_t off)
 		printf("  %-13s %#010jx", name, (uintmax_t) note->n_descsz);
 		printf("      %s\n", note_type(name, re->ehdr.e_type,
 		    note->n_type));
+		if (buf + roundup2(note->n_descsz, 4) > end) {
+			warnx("invalid note header desc");
+			return;
+		}
 		dump_notes_data(re, name, note->n_type, buf, note->n_descsz);
 		buf += roundup2(note->n_descsz, 4);
 	}