Fix a segfault in ctfmerge due to a bug in gcc.

GCC can generate bogus dwarf attributes with DW_AT_byte_size
set to 0xFFFFFFFF.
The issue was originaly detected in NetBSD but it has been
adapted for portability and to avoid compiler warnings.

Reference:
https://www.illumos.org/issues/3776

Obtained from:	NetBSD
MFC after:	1 month

1 files changed, 12 insertions, 1 deletions

diff --git a/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c b/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
index 77b4989..c8048c7 100644
--- a/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
+++ b/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
@@ -52,6 +52,8 @@ static char *curfile;
 #define	CTF_BUF_CHUNK_SIZE	(64 * 1024)
 #define	RES_BUF_CHUNK_SIZE	(64 * 1024)
 
+static int ntypes=0;		/* The number of types. */
+
 struct ctf_buf {
 	strtab_t ctb_strtab;	/* string table */
 	caddr_t ctb_base;	/* pointer to base of buffer */
@@ -1143,6 +1145,10 @@ resurrect_types(ctf_header_t *h, tdata_t *td, tdesc_t **tdarr, int tdsize,
 					(*mpp)->ml_type = tdarr[ctm->ctm_type];
 					(*mpp)->ml_offset = ctm->ctm_offset;
 					(*mpp)->ml_size = 0;
+					if (ctm->ctm_type > ntypes) {
+						parseterminate("Invalid member type ctm_type=%d",
+						    ctm->ctm_type);
+					}
 				}
 			} else {
 				for (i = 0, mpp = &tdp->t_members; i < vlen;
@@ -1159,6 +1165,10 @@ resurrect_types(ctf_header_t *h, tdata_t *td, tdesc_t **tdarr, int tdsize,
 					(*mpp)->ml_offset =
 					    (int)CTF_LMEM_OFFSET(ctlm);
 					(*mpp)->ml_size = 0;
+					if (ctlm->ctlm_type > ntypes) {
+						parseterminate("Invalid lmember type ctlm_type=%d",
+						    ctlm->ctlm_type);
+					}
 				}
 			}
 
@@ -1272,9 +1282,10 @@ ctf_parse(ctf_header_t *h, caddr_t buf, symit_data_t *si, char *label)
 {
 	tdata_t *td = tdata_new();
 	tdesc_t **tdarr;
-	int ntypes = count_types(h, buf);
 	int idx, i;
 
+	ntypes = count_types(h, buf);
+
 	/* shudder */
 	tdarr = xcalloc(sizeof (tdesc_t *) * (ntypes + 1));
 	tdarr[0] = NULL;