[PATCH 3/4] libctf, ld: diagnose corrupted CTF header cth_strlen

[Nick Alcock]

On 21 Mar 2022, Nick Alcock via Binutils outgrape:

> The last section in a CTF dict is the string table, at an offset
> represented by the cth_stroff header field.  Its length is recorded in
> the next field, cth_strlen, and the two added together are taken as the
> size of the CTF dict.  Upon opening a dict, we check that none of the
> header offsets exceed this size, and we check when uncompressing a
> compressed dict that the result of the uncompression is the same length:
> but CTF dicts need not be compressed, and short ones are not.
> Uncompressed dicts just use the ctf_size without checking it.  This
> field is thankfully almost unused: it is mostly used when reserializing
> a dict, which can't be done to dicts read off disk since they're
> read-only.

I'll backport this commit, but not any of the others, to 2.38 shortly
(got to do at least some testing on it first).

I could backport to 2.37 as well if anyone thinks this
really-rather-unlikely-to-happen overrun is worth it (you have to
transport CTF written on a machine with the opposite endianness *and* it
has to be small enough to be uncompressed, which is distinctly rare...)