5507 libelf may overflow data buffer when translating data to memory representation

*** 25,46 ****
   */
  
  /*      Copyright (c) 1988 AT&T */
  /*        All Rights Reserved   */
  
- #pragma ident   "%Z%%M% %I%     %E% SMI"
- 
  /*
   * This stuff used to live in cook.c, but was moved out to
   * facilitate dual (Elf32 and Elf64) compilation.  See block
   * comment in cook.c for more info.
   */
  
  #include <string.h>
  #include <ar.h>
  #include <stdlib.h>
  #include <errno.h>
  #include "decl.h"
  #include "member.h"
  #include "msg.h"
  
  /*
--- 25,45 ----
   */
  
  /*      Copyright (c) 1988 AT&T */
  /*        All Rights Reserved   */
  
  /*
   * This stuff used to live in cook.c, but was moved out to
   * facilitate dual (Elf32 and Elf64) compilation.  See block
   * comment in cook.c for more info.
   */
  
  #include <string.h>
  #include <ar.h>
  #include <stdlib.h>
  #include <errno.h>
+ #include <sys/sysmacros.h>
  #include "decl.h"
  #include "member.h"
  #include "msg.h"
  
  /*
*** 175,185 ****
          d->db_data.d_type = _elf_mtype(elf, sh->sh_type, work);
          d->db_data.d_buf = 0;
          d->db_data.d_off = 0;
          fsz = elf_fsize(d->db_data.d_type, 1, elf->ed_version);
          msz = _elf_msize(d->db_data.d_type, elf->ed_version);
!         d->db_data.d_size = (sh->sh_size / fsz) * msz;
          d->db_shsz = sh->sh_size;
          d->db_raw = 0;
          d->db_buf = 0;
          d->db_uflags = 0;
          d->db_myflags = 0;
--- 174,184 ----
          d->db_data.d_type = _elf_mtype(elf, sh->sh_type, work);
          d->db_data.d_buf = 0;
          d->db_data.d_off = 0;
          fsz = elf_fsize(d->db_data.d_type, 1, elf->ed_version);
          msz = _elf_msize(d->db_data.d_type, elf->ed_version);
!         d->db_data.d_size = MAX(sh->sh_size, (sh->sh_size / fsz) * msz);
          d->db_shsz = sh->sh_size;
          d->db_raw = 0;
          d->db_buf = 0;
          d->db_uflags = 0;
          d->db_myflags = 0;