Fix off-by-one errors in *scanf format strings.

In the first hunk, the format string was off-by-one for cmd, and cmd
itself was larger than the maximum size required.  cmd was reduced in
size and the format string adjusted.

In the second hunk, the format string was off-by-one for local_address,
remote_address and extra, although the buffers for the two addresses
were large enough for this not to matter.  The specifiers for the two
addresses was corrected, and a number of unused variables including
extra were suppressed from parsing.

In the third hunk, the format string was off-by-one for name,
dependencies and status.  This code was rewritten using strtok since
dependencies can be arbitrarily long.

gdb/
2013-10-23  Gary Benson  <gbenson@redhat.com>

	PR 16013
	* common/linux-osdata.c (command_from_pid): Reduced size of cmd
	from 32 to 18.  Adjusted fscanf format string accordingly.
	(Avoids leaving cmd unterminated.)
	(print_sockets): Do not parse tlen, inode, sl, timeout, txq, rxq,
	trun, retn or extra.  (Avoids leaving extra unterminated.)  Check
	that local_address and remote_address will not overflow.
	(linux_xfer_osdata_modules): Parse lines using strtok to avoid
	leaving dependencies unterminated.  Parse size as "%u" to match
	definition.

2 files changed, 54 insertions, 25 deletions

diff --git a/gdb/ChangeLog b/gdb/ChangeLog
index d0854a8..1c70fac 100644
--- a/gdb/ChangeLog
+++ b/gdb/ChangeLog
@@ -1,3 +1,16 @@
+2013-10-23  Gary Benson  <gbenson@redhat.com>
+
+	PR 16013
+	* common/linux-osdata.c (command_from_pid): Reduced size of cmd
+	from 32 to 18.  Adjusted fscanf format string accordingly.
+	(Avoids leaving cmd unterminated.)
+	(print_sockets): Do not parse tlen, inode, sl, timeout, txq, rxq,
+	trun, retn or extra.  (Avoids leaving extra unterminated.)  Check
+	that local_address and remote_address will not overflow.
+	(linux_xfer_osdata_modules): Parse lines using strtok to avoid
+	leaving dependencies unterminated.  Parse size as "%u" to match
+	definition.
+
 2013-10-22  Pedro Alves  <palves@redhat.com>
 
 	* infrun.c (handle_inferior_event) <thread hop>: Don't clear or
diff --git a/gdb/common/linux-osdata.c b/gdb/common/linux-osdata.c
index 9723839..37a31f2 100644
--- a/gdb/common/linux-osdata.c
+++ b/gdb/common/linux-osdata.c
@@ -135,9 +135,9 @@ command_from_pid (char *command, int maxlen, PID_T pid)
       /* sizeof (cmd) should be greater or equal to TASK_COMM_LEN (in
 	 include/linux/sched.h in the Linux kernel sources) plus two
 	 (for the brackets).  */
-      char cmd[32]; 
+      char cmd[18];
       PID_T stat_pid;
-      int items_read = fscanf (fp, "%lld %32s", &stat_pid, cmd);
+      int items_read = fscanf (fp, "%lld %17s", &stat_pid, cmd);
 	  
       if (items_read == 2 && pid == stat_pid)
 	{
@@ -871,29 +871,22 @@ print_sockets (unsigned short family, int tcp, struct buffer *buffer)
 	  if (fgets (buf, sizeof (buf), fp))
 	    {
 	      uid_t uid;
-	      unsigned long tlen, inode;
-	      int sl, timeout;
 	      unsigned int local_port, remote_port, state;
-	      unsigned int txq, rxq, trun, retn;
 	      char local_address[NI_MAXHOST], remote_address[NI_MAXHOST];
-	      char extra[512];
 	      int result;
 
+#if NI_MAXHOST <= 32
+#error "local_address and remote_address buffers too small"
+#endif
+
 	      result = sscanf (buf,
-			       "%d: %33[0-9A-F]:%X %33[0-9A-F]:%X %X %X:%X %X:%lX %X %d %d %lu %512s\n",
-			       &sl,
+			       "%*d: %32[0-9A-F]:%X %32[0-9A-F]:%X %X %*X:%*X %*X:%*X %*X %d %*d %*u %*s\n",
 			       local_address, &local_port,
 			       remote_address, &remote_port,
 			       &state,
-			       &txq, &rxq,
-			       &trun, &tlen,
-			       &retn,
-			       &uid,
-			       &timeout,
-			       &inode,
-			       extra);
+			       &uid);
 	      
-	      if (result == 15)
+	      if (result == 6)
 		{
 		  union socket_addr locaddr, remaddr;
 		  size_t addr_size;
@@ -1464,19 +1457,42 @@ linux_xfer_osdata_modules (gdb_byte *readbuf,
 	    {
 	      if (fgets (buf, sizeof (buf), fp))
 		{
-		  char name[64], dependencies[256], status[16];
+		  char *name, *dependencies, *status, *tmp;
 		  unsigned int size;
 		  unsigned long long address;
 		  int uses;
-		  int items_read;
-		  
-		  items_read = sscanf (buf,
-				       "%64s %d %d %256s %16s 0x%llx",
-				       name, &size, &uses,
-				       dependencies, status, &address);
 
-		  if (items_read == 6)
-		    buffer_xml_printf (
+		  name = strtok (buf, " ");
+		  if (name == NULL)
+		    continue;
+
+		  tmp = strtok (NULL, " ");
+		  if (tmp == NULL)
+		    continue;
+		  if (sscanf (tmp, "%u", &size) != 1)
+		    continue;
+
+		  tmp = strtok (NULL, " ");
+		  if (tmp == NULL)
+		    continue;
+		  if (sscanf (tmp, "%d", &uses) != 1)
+		    continue;
+
+		  dependencies = strtok (NULL, " ");
+		  if (dependencies == NULL)
+		    continue;
+
+		  status = strtok (NULL, " ");
+		  if (status == NULL)
+		    continue;
+
+		  tmp = strtok (NULL, "\n");
+		  if (tmp == NULL)
+		    continue;
+		  if (sscanf (tmp, "%llx", &address) != 1)
+		    continue;
+
+		  buffer_xml_printf (
 			&buffer,
 			"<item>"
 			"<column name=\"name\">%s</column>"