diff --git a/glibc-rh741105.patch b/glibc-rh741105.patch
new file mode 100644
index 0000000..8252062
--- /dev/null
+++ b/glibc-rh741105.patch
@@ -0,0 +1,21 @@
+diff -rup a/elf/dl-load.c b/elf/dl-load.c
+--- a/elf/dl-load.c	2012-02-03 10:59:58.917870716 -0700
++++ b/elf/dl-load.c	2012-02-03 11:01:01.796580644 -0700
+@@ -1130,6 +1130,16 @@ _dl_map_object_from_fd (const char *name
+ 		= N_("ELF load command address/offset not properly aligned");
+ 	      goto call_lose;
+ 	    }
++	  if (__builtin_expect ((ph->p_offset + ph->p_filesz > st.st_size), 0))
++	    {
++	      /* If the segment requires zeroing of part of its last
++		 page, we'll crash when accessing the unmapped page.
++		 There's still a possibility of a race, if the shared
++		 object is truncated between the fxstat above and the
++		 memset below.  */
++	      errstring = N_("ELF load command past end of file");
++	      goto call_lose;
++	    }
+ 
+ 	  c = &loadcmds[nloadcmds++];
+ 	  c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1);
+Only in b/elf: dl-load.c.orig
diff --git a/glibc.spec b/glibc.spec
index e85d752..28d5626 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -28,7 +28,7 @@
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 9%{?dist}
+Release: 10%{?dist}
 # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
 # Things that are linked directly into dynamically linked programs
 # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
@@ -70,6 +70,8 @@ Patch17: %{name}-rh783979.patch
 # Needs to go upstream
 Patch18: %{name}-rh657588.patch
 Patch19: %{name}-rh787201.patch
+# Sent upstream, awaiting feedback
+Patch20: %{name}-rh741105.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Obsoletes: glibc-profile < 2.4
@@ -307,6 +309,7 @@ rm -rf %{glibcportsdir}
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
+%patch20 -p1
 
 # A lot of programs still misuse memcpy when they have to use
 # memmove. The memcpy implementation below is not tolerant at
@@ -1159,7 +1162,8 @@ rm -f *.filelist*
 %endif
 
 %changelog
-* Fri Feb 3 2012 Jeff Law <law@redhat.com> - 2.15-9
+* Fri Feb 3 2012 Jeff Law <law@redhat.com> - 2.15-10
+  - Avoid mapping past end of shared object (#741105)
   - Turn off -mno-minimal-toc on PPC (#787201)
   - Remove hunk from glibc-rh657588.patch that didn't belong