aboutsummaryrefslogtreecommitdiff
path: root/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
diff options
context:
space:
mode:
Diffstat (limited to 'cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c')
-rw-r--r--cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c b/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
index 77b49895a571..c8048c70e0b3 100644
--- a/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
+++ b/cddl/contrib/opensolaris/tools/ctf/cvt/ctf.c
@@ -52,6 +52,8 @@ static char *curfile;
#define CTF_BUF_CHUNK_SIZE (64 * 1024)
#define RES_BUF_CHUNK_SIZE (64 * 1024)
+static int ntypes=0; /* The number of types. */
+
struct ctf_buf {
strtab_t ctb_strtab; /* string table */
caddr_t ctb_base; /* pointer to base of buffer */
@@ -1143,6 +1145,10 @@ resurrect_types(ctf_header_t *h, tdata_t *td, tdesc_t **tdarr, int tdsize,
(*mpp)->ml_type = tdarr[ctm->ctm_type];
(*mpp)->ml_offset = ctm->ctm_offset;
(*mpp)->ml_size = 0;
+ if (ctm->ctm_type > ntypes) {
+ parseterminate("Invalid member type ctm_type=%d",
+ ctm->ctm_type);
+ }
}
} else {
for (i = 0, mpp = &tdp->t_members; i < vlen;
@@ -1159,6 +1165,10 @@ resurrect_types(ctf_header_t *h, tdata_t *td, tdesc_t **tdarr, int tdsize,
(*mpp)->ml_offset =
(int)CTF_LMEM_OFFSET(ctlm);
(*mpp)->ml_size = 0;
+ if (ctlm->ctlm_type > ntypes) {
+ parseterminate("Invalid lmember type ctlm_type=%d",
+ ctlm->ctlm_type);
+ }
}
}
@@ -1272,9 +1282,10 @@ ctf_parse(ctf_header_t *h, caddr_t buf, symit_data_t *si, char *label)
{
tdata_t *td = tdata_new();
tdesc_t **tdarr;
- int ntypes = count_types(h, buf);
int idx, i;
+ ntypes = count_types(h, buf);
+
/* shudder */
tdarr = xcalloc(sizeof (tdesc_t *) * (ntypes + 1));
tdarr[0] = NULL;