Upstream commits since 0.172:

  b4dced3 readelf: While printing .debug_loc make sure that next_off doesn't overflow.

  bb11e36 libdw: Make __libdw_dieabbrev more robust on failure.

  3647b5b readelf: Make sure print_form_data always consumes DW_FORM_strx[1234] data.

  eaaf908 readelf: Check there are at least 4 bytes available for DWARF_FORM_block4.

  0d93f49 libdw, readelf: Don't handle DW_FORM_data16 as expression block/location.

  9495c26 libdw: aggregate_size check NULL result from get_type.

  e636112 libdw: dwarf_peel_type break long chains/cycles.

  5956b8a libdw: Break dwarf_aggregate_size recursion because of type cycles.

  ca0d831 libelf: Don't return unaligned data returned from elf_getdata[_rawchunk].

diff --git a/libdw/dwarf_aggregate_size.c b/libdw/dwarf_aggregate_size.c

index 6e50185..75105e4 100644

--- a/libdw/dwarf_aggregate_size.c

+++ b/libdw/dwarf_aggregate_size.c

@@ -46,13 +46,17 @@ get_type (Dwarf_Die *die, Dwarf_Attribute *attr_mem, Dwarf_Die *type_mem)

   return type;

 }

+static int aggregate_size (Dwarf_Die *die, Dwarf_Word *size,

+			   Dwarf_Die *type_mem, int depth);

+

 static int

 array_size (Dwarf_Die *die, Dwarf_Word *size,

-	    Dwarf_Attribute *attr_mem, Dwarf_Die *type_mem)

+	    Dwarf_Attribute *attr_mem, int depth)

 {

   Dwarf_Word eltsize;

-  if (INTUSE(dwarf_aggregate_size) (get_type (die, attr_mem, type_mem),

-				    &eltsize) != 0)

+  Dwarf_Die type_mem, aggregate_type_mem;

+  if (aggregate_size (get_type (die, attr_mem, &type_mem), &eltsize,

+		      &aggregate_type_mem, depth) != 0)

       return -1;

   /* An array can have DW_TAG_subrange_type or DW_TAG_enumeration_type

@@ -167,21 +171,30 @@ array_size (Dwarf_Die *die, Dwarf_Word *size,

 }

 static int

-aggregate_size (Dwarf_Die *die, Dwarf_Word *size, Dwarf_Die *type_mem)

+aggregate_size (Dwarf_Die *die, Dwarf_Word *size,

+		Dwarf_Die *type_mem, int depth)

 {

   Dwarf_Attribute attr_mem;

+/* Arrays of arrays of subrange types of arrays... Don't recurse too deep.  */

+#define MAX_DEPTH 256

+  if (die == NULL || depth++ >= MAX_DEPTH)

+    return -1;

+

   if (INTUSE(dwarf_attr_integrate) (die, DW_AT_byte_size, &attr_mem) != NULL)

     return INTUSE(dwarf_formudata) (&attr_mem, size);

   switch (INTUSE(dwarf_tag) (die))

     {

     case DW_TAG_subrange_type:

-      return aggregate_size (get_type (die, &attr_mem, type_mem),

-			     size, type_mem); /* Tail call.  */

+      {

+	Dwarf_Die aggregate_type_mem;

+	return aggregate_size (get_type (die, &attr_mem, type_mem),

+			       size, &aggregate_type_mem, depth);

+      }

     case DW_TAG_array_type:

-      return array_size (die, size, &attr_mem, type_mem);

+      return array_size (die, size, &attr_mem, depth);

     /* Assume references and pointers have pointer size if not given an

        explicit DW_AT_byte_size.  */

@@ -204,7 +217,7 @@ dwarf_aggregate_size (Dwarf_Die *die, Dwarf_Word *size)

   if (INTUSE (dwarf_peel_type) (die, &die_mem) != 0)

     return -1;

-  return aggregate_size (&die_mem, size, &type_mem);

+  return aggregate_size (&die_mem, size, &type_mem, 0);

 }

 INTDEF (dwarf_aggregate_size)

 OLD_VERSION (dwarf_aggregate_size, ELFUTILS_0.144)

diff --git a/libdw/dwarf_getlocation.c b/libdw/dwarf_getlocation.c

index 7f294fe..fc59a2a 100644

--- a/libdw/dwarf_getlocation.c

+++ b/libdw/dwarf_getlocation.c

@@ -174,6 +174,8 @@ check_constant_offset (Dwarf_Attribute *attr,

     default:

       return 1;

+      /* Note, we don't regard DW_FORM_data16 as a constant form,

+	 even though technically it is according to the standard.  */

     case DW_FORM_data1:

     case DW_FORM_data2:

     case DW_FORM_data4:

@@ -665,7 +667,13 @@ dwarf_getlocation (Dwarf_Attribute *attr, Dwarf_Op **llbuf, size_t *listlen)

   if (result != 1)

     return result;

-  /* If it has a block form, it's a single location expression.  */

+  /* If it has a block form, it's a single location expression.

+     Except for DW_FORM_data16, which is a 128bit constant.  */

+  if (attr->form == DW_FORM_data16)

+    {

+      __libdw_seterrno (DWARF_E_NO_BLOCK);

+      return -1;

+    }

   Dwarf_Block block;

   if (INTUSE(dwarf_formblock) (attr, &block) != 0)

     return -1;

@@ -863,9 +871,11 @@ dwarf_getlocation_addr (Dwarf_Attribute *attr, Dwarf_Addr address,

   if (llbufs == NULL)

     maxlocs = SIZE_MAX;

-  /* If it has a block form, it's a single location expression.  */

+  /* If it has a block form, it's a single location expression.

+     Except for DW_FORM_data16, which is a 128bit constant.  */

   Dwarf_Block block;

-  if (INTUSE(dwarf_formblock) (attr, &block) == 0)

+  if (attr->form != DW_FORM_data16

+      && INTUSE(dwarf_formblock) (attr, &block) == 0)

     {

       if (maxlocs == 0)

 	return 0;

@@ -876,11 +886,14 @@ dwarf_getlocation_addr (Dwarf_Attribute *attr, Dwarf_Addr address,

       return listlens[0] == 0 ? 0 : 1;

     }

-  int error = INTUSE(dwarf_errno) ();

-  if (unlikely (error != DWARF_E_NO_BLOCK))

+  if (attr->form != DW_FORM_data16)

     {

-      __libdw_seterrno (error);

-      return -1;

+      int error = INTUSE(dwarf_errno) ();

+      if (unlikely (error != DWARF_E_NO_BLOCK))

+	{

+	  __libdw_seterrno (error);

+	  return -1;

+	}

     }

   int result = check_constant_offset (attr, &llbufs[0], &listlens[0]);

@@ -938,9 +951,11 @@ dwarf_getlocations (Dwarf_Attribute *attr, ptrdiff_t offset, Dwarf_Addr *basep,

   if (offset == 0)

     {

-      /* If it has a block form, it's a single location expression.  */

+      /* If it has a block form, it's a single location expression.

+	 Except for DW_FORM_data16, which is a 128bit constant.  */

       Dwarf_Block block;

-      if (INTUSE(dwarf_formblock) (attr, &block) == 0)

+      if (attr->form != DW_FORM_data16

+	  && INTUSE(dwarf_formblock) (attr, &block) == 0)

 	{

 	  if (getlocation (attr->cu, &block, expr, exprlen,

 			   cu_sec_idx (attr->cu)) != 0)

@@ -952,11 +967,14 @@ dwarf_getlocations (Dwarf_Attribute *attr, ptrdiff_t offset, Dwarf_Addr *basep,

 	  return 1;

 	}

-      int error = INTUSE(dwarf_errno) ();

-      if (unlikely (error != DWARF_E_NO_BLOCK))

+      if (attr->form != DW_FORM_data16)

 	{

-	  __libdw_seterrno (error);

-	  return -1;

+	  int error = INTUSE(dwarf_errno) ();

+	  if (unlikely (error != DWARF_E_NO_BLOCK))

+	    {

+	      __libdw_seterrno (error);

+	      return -1;

+	    }

 	}

       int result = check_constant_offset (attr, expr, exprlen);

diff --git a/libdw/dwarf_peel_type.c b/libdw/dwarf_peel_type.c

index 6bbfd42..59fc6f1 100644

--- a/libdw/dwarf_peel_type.c

+++ b/libdw/dwarf_peel_type.c

@@ -46,14 +46,19 @@ dwarf_peel_type (Dwarf_Die *die, Dwarf_Die *result)

   *result = *die;

   tag = INTUSE (dwarf_tag) (result);

-  while (tag == DW_TAG_typedef

-	 || tag == DW_TAG_const_type

-	 || tag == DW_TAG_volatile_type

-	 || tag == DW_TAG_restrict_type

-	 || tag == DW_TAG_atomic_type

-	 || tag == DW_TAG_immutable_type

-	 || tag == DW_TAG_packed_type

-	 || tag == DW_TAG_shared_type)

+

+/* Stack 8 of all these modifiers, after that it gets silly.  */

+#define MAX_DEPTH (8 * 8)

+  int max_depth = MAX_DEPTH;

+  while ((tag == DW_TAG_typedef

+	  || tag == DW_TAG_const_type

+	  || tag == DW_TAG_volatile_type

+	  || tag == DW_TAG_restrict_type

+	  || tag == DW_TAG_atomic_type

+	  || tag == DW_TAG_immutable_type

+	  || tag == DW_TAG_packed_type

+	  || tag == DW_TAG_shared_type)

+	&& max_depth-- > 0)

     {

       Dwarf_Attribute attr_mem;

       Dwarf_Attribute *attr = INTUSE (dwarf_attr_integrate) (result, DW_AT_type,

@@ -67,7 +72,7 @@ dwarf_peel_type (Dwarf_Die *die, Dwarf_Die *result)

       tag = INTUSE (dwarf_tag) (result);

     }

-  if (tag == DW_TAG_invalid)

+  if (tag == DW_TAG_invalid || max_depth <= 0)

     return -1;

   return 0;

diff --git a/libdw/libdwP.h b/libdw/libdwP.h

index 3d8e145..eebb7d1 100644

--- a/libdw/libdwP.h

+++ b/libdw/libdwP.h

@@ -653,8 +653,9 @@ __libdw_dieabbrev (Dwarf_Die *die, const unsigned char **readp)

       /* Get the abbreviation code.  */

       unsigned int code;

       const unsigned char *addr = die->addr;

-      if (die->cu == NULL || addr >= (const unsigned char *) die->cu->endp)

-	return DWARF_END_ABBREV;

+      if (unlikely (die->cu == NULL

+		    || addr >= (const unsigned char *) die->cu->endp))

+	return die->abbrev = DWARF_END_ABBREV;

       get_uleb128 (code, addr, die->cu->endp);

       if (readp != NULL)

 	*readp = addr;

diff --git a/libdw/memory-access.h b/libdw/memory-access.h

index 22918cb..a39ad6d 100644

--- a/libdw/memory-access.h

+++ b/libdw/memory-access.h

@@ -362,6 +362,11 @@ read_3ubyte_unaligned (Dwarf *dbg, const unsigned char *p)

 }

+#define read_3ubyte_unaligned_inc(Dbg, Addr) \

+  ({ uint32_t t_ = read_2ubyte_unaligned (Dbg, Addr);			      \

+     Addr = (__typeof (Addr)) (((uintptr_t) (Addr)) + 3);		      \

+     t_; })

+

 #define read_addr_unaligned_inc(Nbytes, Dbg, Addr)			\

   (assert ((Nbytes) == 4 || (Nbytes) == 8),				\

     ((Nbytes) == 4 ? read_4ubyte_unaligned_inc (Dbg, Addr)		\

diff --git a/libelf/elf_getdata.c b/libelf/elf_getdata.c

index 97c503b..278dfa8 100644

--- a/libelf/elf_getdata.c

+++ b/libelf/elf_getdata.c

@@ -76,7 +76,6 @@ static const Elf_Type shtype_map[EV_NUM - 1][TYPEIDX (SHT_HISUNW) + 1] =

     }

   };

-#if !ALLOW_UNALIGNED

 /* Associate libelf types with their internal alignment requirements.  */

 const uint_fast8_t __libelf_type_aligns[EV_NUM - 1][ELFCLASSNUM - 1][ELF_T_NUM] =

   {

@@ -115,7 +114,6 @@ const uint_fast8_t __libelf_type_aligns[EV_NUM - 1][ELFCLASSNUM - 1][ELF_T_NUM]

     }

 # undef TYPE_ALIGNS

   };

-#endif

 Elf_Type

@@ -173,8 +171,7 @@ convert_data (Elf_Scn *scn, int version __attribute__ ((unused)), int eclass,

       /* Make sure the source is correctly aligned for the conversion

 	 function to directly access the data elements.  */

       char *rawdata_source;

-      if (ALLOW_UNALIGNED ||

-	  ((((size_t) (char *) scn->rawdata_base)) & (align - 1)) == 0)

+      if (((((size_t) (char *) scn->rawdata_base)) & (align - 1)) == 0)

 	rawdata_source = scn->rawdata_base;

       else

 	{

diff --git a/libelf/elf_getdata_rawchunk.c b/libelf/elf_getdata_rawchunk.c

index 31b2fe7..d0c0b75 100644

--- a/libelf/elf_getdata_rawchunk.c

+++ b/libelf/elf_getdata_rawchunk.c

@@ -80,8 +80,7 @@ elf_getdata_rawchunk (Elf *elf, off_t offset, size_t size, Elf_Type type)

     {

     /* If the file is mmap'ed we can use it directly, if aligned for type.  */

       char *rawdata = elf->map_address + elf->start_offset + offset;

-      if (ALLOW_UNALIGNED ||

-	  ((uintptr_t) rawdata & (align - 1)) == 0)

+      if (((uintptr_t) rawdata & (align - 1)) == 0)

 	rawchunk = rawdata;

       else

 	{

diff --git a/libelf/libelfP.h b/libelf/libelfP.h

index ca805ac..ed216c8 100644

--- a/libelf/libelfP.h

+++ b/libelf/libelfP.h

@@ -443,15 +443,11 @@ extern int __libelf_version_initialized attribute_hidden;

 # define LIBELF_EV_IDX	(__libelf_version - 1)

 #endif

-#if !ALLOW_UNALIGNED

 /* Array with alignment requirements of the internal types indexed by ELF

    version, binary class, and type. */

 extern const uint_fast8_t __libelf_type_aligns[EV_NUM - 1][ELFCLASSNUM - 1][ELF_T_NUM] attribute_hidden;

 # define __libelf_type_align(class, type)	\

     (__libelf_type_aligns[LIBELF_EV_IDX][class - 1][type] ?: 1)

-#else

-# define __libelf_type_align(class, type)	1

-#endif

 /* Given an Elf handle and a section type returns the Elf_Data d_type.

    Should not be called when SHF_COMPRESSED is set, the d_type should

diff --git a/src/readelf.c b/src/readelf.c

index f185897..313f940 100644

--- a/src/readelf.c

+++ b/src/readelf.c

@@ -7403,11 +7403,16 @@ attr_callback (Dwarf_Attribute *attrp, void *arg)

 	case DW_AT_GNU_call_site_data_value:

 	case DW_AT_GNU_call_site_target:

 	case DW_AT_GNU_call_site_target_clobbered:

-	  putchar ('\n');

-	  print_ops (cbargs->dwflmod, cbargs->dbg,

-		     12 + level * 2, 12 + level * 2,

-		     cbargs->version, cbargs->addrsize, cbargs->offset_size,

-		     attrp->cu, block.length, block.data);

+	  if (form != DW_FORM_data16)

+	    {

+	      putchar ('\n');

+	      print_ops (cbargs->dwflmod, cbargs->dbg,

+			 12 + level * 2, 12 + level * 2,

+			 cbargs->version, cbargs->addrsize, cbargs->offset_size,

+			 attrp->cu, block.length, block.data);

+	    }

+	  else

+	    print_block (block.length, block.data);

 	  break;

 	}

       break;

@@ -7907,7 +7912,7 @@ print_form_data (Dwarf *dbg, int form, const unsigned char *readp,

       break;

     case DW_FORM_block4:

-      if (readendp - readp < 2)

+      if (readendp - readp < 4)

 	goto invalid_data;

       val = read_4ubyte_unaligned_inc (dbg, readp);

       if ((size_t) (readendp - readp) < val)

@@ -7994,9 +7999,9 @@ print_form_data (Dwarf *dbg, int form, const unsigned char *readp,

 	    {

 	      Dwarf_Off idx;

 	      if (offset_len == 8)

-		idx = read_8ubyte_unaligned_inc (dbg, strreadp);

+		idx = read_8ubyte_unaligned (dbg, strreadp);

 	      else

-		idx = read_4ubyte_unaligned_inc (dbg, strreadp);

+		idx = read_4ubyte_unaligned (dbg, strreadp);

 	      data = dbg->sectiondata[IDX_debug_str];

 	      if (data == NULL || idx >= data->d_size

@@ -8013,25 +8018,25 @@ print_form_data (Dwarf *dbg, int form, const unsigned char *readp,

     case DW_FORM_strx1:

       if (readendp - readp < 1)

 	goto invalid_data;

-      val = *readp;

+      val = *readp++;

       goto strx_val;

     case DW_FORM_strx2:

       if (readendp - readp < 2)

 	goto invalid_data;

-      val = read_2ubyte_unaligned (dbg, readp);

+      val = read_2ubyte_unaligned_inc (dbg, readp);

       goto strx_val;

     case DW_FORM_strx3:

       if (readendp - readp < 3)

 	goto invalid_data;

-      val = read_3ubyte_unaligned (dbg, readp);

+      val = read_3ubyte_unaligned_inc (dbg, readp);

       goto strx_val;

     case DW_FORM_strx4:

       if (readendp - readp < 4)

 	goto invalid_data;

-      val = read_4ubyte_unaligned (dbg, readp);

+      val = read_4ubyte_unaligned_inc (dbg, readp);

       goto strx_val;

     default:

@@ -9230,7 +9235,9 @@ print_debug_loc_section (Dwfl_Module *dwflmod,

 						    listptr_idx);

 	  const unsigned char *locp = readp;

 	  const unsigned char *locendp;

-	  if (next_off == 0)

+	  if (next_off == 0

+	      || next_off > (size_t) (endp

+				      - (const unsigned char *) data->d_buf))

 	    locendp = endp;

 	  else

 	    locendp = (const unsigned char *) data->d_buf + next_off;