We had a request from a customer to fix CVE-2017-9778 (aka PR 
gdb/21600).  They don't really care about this particular bug, just that 
they can cross it off the list of known vulnerabilities in GDB.

This patch is based on the one attached to the issue.  I also cleaned up 
a bunch of pointless conversions between signed and unsigned 
representations of the length field, and made sure the length == 0 case 
retains its special meaning.

OK to commit?

-Sandra