libctf: Fix an out-of-bounds read in ctf_lookup_by_name()

When prefixes such as struct, union, etc. are compared with the current
type (e.g. struct foo), a comparison is made with the prefix.  The code
currently assumes that every type is a valid C type with a prefix,
however at times, garbage ends up in this function causing an
unpredictable crash with DTrace due to the isspace(*p) call or
subsequent calls. An example that I've seen of this is the letter 's'
being passed in, comparing true with struct as the comparison size was
(q - p) == 1, but then we increment p with the length of "struct",
resulting in an out of bounds read.

Reviewed by:	markj
Differential Revision:	https://reviews.freebsd.org/D29435

(cherry picked from commit 410556f1f10fd35b350102725fd8504c3cb0afc8)

0 files changed, 0 insertions, 0 deletions