diff --git a/sys/kern/link_elf.c b/sys/kern/link_elf.c
--- a/sys/kern/link_elf.c
+++ b/sys/kern/link_elf.c
@@ -1711,6 +1711,10 @@
 	}
 	stop = (void **)symval.value;
 
+	if (stop < start) {
+		error = ESRCH;
+		goto out;
+	}
 	/* and the number of entries */
 	count = stop - start;
 
diff --git a/sys/kern/link_elf_obj.c b/sys/kern/link_elf_obj.c
--- a/sys/kern/link_elf_obj.c
+++ b/sys/kern/link_elf_obj.c
@@ -1566,6 +1566,8 @@
 			start  = (void **)ef->progtab[i].addr;
 			stop = (void **)((char *)ef->progtab[i].addr +
 			    ef->progtab[i].size);
+			if (stop < start)
+				return (ESRCH);
 			count = stop - start;
 			if (startp)
 				*startp = start;
@@ -1757,6 +1759,8 @@
 		}
 		if (i == ef->nprogtab)
 			continue;
+		if (stopp < startp)
+			continue;
 
 		sym->st_value = start ? startp : stopp;
 		sym->st_shndx = i;