2006-07-18  Nathan Sidwell  <nathan@codesourcery.com>

	* remote-fileio.c (remote_fileio_func_rename): Reorder to process
	input buffer before reading memory.
	(remote_fileio_func_stat): Likewise.

Index: remote-fileio.c
===================================================================
RCS file: /cvs/src/src/gdb/remote-fileio.c,v
retrieving revision 1.19
diff -c -3 -p -r1.19 remote-fileio.c
*** remote-fileio.c	13 Jun 2006 08:55:21 -0000	1.19
--- remote-fileio.c	18 Jul 2006 07:32:36 -0000
*************** remote_fileio_func_lseek (char *buf)
*** 929,964 ****
  static void
  remote_fileio_func_rename (char *buf)
  {
!   CORE_ADDR ptrval;
!   int length, retlength;
    char *oldpath, *newpath;
    int ret, of, nf;
    struct stat ost, nst;
  
    /* 1. Parameter: Ptr to oldpath / length incl. trailing zero */
!   if (remote_fileio_extract_ptr_w_len (&buf, &ptrval, &length))
      {
        remote_fileio_ioerror ();
        return;
      }
!   /* Request oldpath using 'm' packet */
!   oldpath = alloca (length);
!   retlength = remote_read_bytes (ptrval, (gdb_byte *) oldpath, length);
!   if (retlength != length)
      {
        remote_fileio_ioerror ();
        return;
      }
!   /* 2. Parameter: Ptr to newpath / length incl. trailing zero */
!   if (remote_fileio_extract_ptr_w_len (&buf, &ptrval, &length))
      {
        remote_fileio_ioerror ();
        return;
      }
    /* Request newpath using 'm' packet */
!   newpath = alloca (length);
!   retlength = remote_read_bytes (ptrval, (gdb_byte *) newpath, length);
!   if (retlength != length)
      {
        remote_fileio_ioerror ();
        return;
--- 929,967 ----
  static void
  remote_fileio_func_rename (char *buf)
  {
!   CORE_ADDR old_ptr, new_ptr;
!   int old_len, new_len, retlength;
    char *oldpath, *newpath;
    int ret, of, nf;
    struct stat ost, nst;
  
    /* 1. Parameter: Ptr to oldpath / length incl. trailing zero */
!   if (remote_fileio_extract_ptr_w_len (&buf, &old_ptr, &old_len))
      {
        remote_fileio_ioerror ();
        return;
      }
!   
!   /* 2. Parameter: Ptr to newpath / length incl. trailing zero */
!   if (remote_fileio_extract_ptr_w_len (&buf, &new_ptr, &new_len))
      {
        remote_fileio_ioerror ();
        return;
      }
!   
!   /* Request oldpath using 'm' packet */
!   oldpath = alloca (old_len);
!   retlength = remote_read_bytes (old_ptr, (gdb_byte *) oldpath, old_len);
!   if (retlength != old_len)
      {
        remote_fileio_ioerror ();
        return;
      }
+   
    /* Request newpath using 'm' packet */
!   newpath = alloca (new_len);
!   retlength = remote_read_bytes (new_ptr, (gdb_byte *) newpath, new_len);
!   if (retlength != new_len)
      {
        remote_fileio_ioerror ();
        return;
*************** remote_fileio_func_unlink (char *buf)
*** 1061,1095 ****
  static void
  remote_fileio_func_stat (char *buf)
  {
!   CORE_ADDR ptrval;
!   int ret, length, retlength;
    char *pathname;
    LONGEST lnum;
    struct stat st;
    struct fio_stat fst;
  
    /* 1. Parameter: Ptr to pathname / length incl. trailing zero */
!   if (remote_fileio_extract_ptr_w_len (&buf, &ptrval, &length))
      {
        remote_fileio_ioerror ();
        return;
      }
!   /* Request pathname using 'm' packet */
!   pathname = alloca (length);
!   retlength = remote_read_bytes (ptrval, (gdb_byte *) pathname, length);
!   if (retlength != length)
      {
        remote_fileio_ioerror ();
        return;
      }
! 
!   /* 2. Parameter: Ptr to struct stat */
!   if (remote_fileio_extract_long (&buf, &lnum))
      {
        remote_fileio_ioerror ();
        return;
      }
-   ptrval = (CORE_ADDR) lnum;
  
    remote_fio_no_longjmp = 1;
    ret = stat (pathname, &st);
--- 1064,1099 ----
  static void
  remote_fileio_func_stat (char *buf)
  {
!   CORE_ADDR statptr, nameptr;
!   int ret, namelength, retlength;
    char *pathname;
    LONGEST lnum;
    struct stat st;
    struct fio_stat fst;
  
    /* 1. Parameter: Ptr to pathname / length incl. trailing zero */
!   if (remote_fileio_extract_ptr_w_len (&buf, &nameptr, &namelength))
      {
        remote_fileio_ioerror ();
        return;
      }
! 
!   /* 2. Parameter: Ptr to struct stat */
!   if (remote_fileio_extract_long (&buf, &lnum))
      {
        remote_fileio_ioerror ();
        return;
      }
!   statptr = (CORE_ADDR) lnum;
!   
!   /* Request pathname using 'm' packet */
!   pathname = alloca (namelength);
!   retlength = remote_read_bytes (nameptr, (gdb_byte *) pathname, namelength);
!   if (retlength != namelength)
      {
        remote_fileio_ioerror ();
        return;
      }
  
    remote_fio_no_longjmp = 1;
    ret = stat (pathname, &st);
*************** remote_fileio_func_stat (char *buf)
*** 1105,1116 ****
        remote_fileio_reply (-1, FILEIO_EACCES);
        return;
      }
!   if (ptrval)
      {
        remote_fileio_to_fio_stat (&st, &fst);
        remote_fileio_to_fio_uint (0, fst.fst_dev);
        
!       retlength = remote_fileio_write_bytes (ptrval, (gdb_byte *) &fst, sizeof fst);
        if (retlength != sizeof fst)
  	{
  	  remote_fileio_return_errno (-1);
--- 1109,1121 ----
        remote_fileio_reply (-1, FILEIO_EACCES);
        return;
      }
!   if (statptr)
      {
        remote_fileio_to_fio_stat (&st, &fst);
        remote_fileio_to_fio_uint (0, fst.fst_dev);
        
!       retlength = remote_fileio_write_bytes (statptr,
! 					     (gdb_byte *) &fst, sizeof fst);
        if (retlength != sizeof fst)
  	{
  	  remote_fileio_return_errno (-1);