Resolve multiple issues in PCP result PDU decoding routine

Resolve multiple issues in PCP result PDU decoding routine

The value of numpmid was not validated against the overall PDU size.
Processing a crafted PDU could read past the end of the PDU, crashing
the process or disclosing information.

The embedded numval counts are not checked, either, with similar results.

In the valfmt != PM_VAL_INSITU case, the extracted pointer may point
outside the area which holds such values.  This can result in crashes
or information disclosure.  The length field inside the value is not
validated against the PDU size.  Values could be made to overlap with
each other or with other parts of the PDU, which is also a problem.

pmcd uses __pmDecodeResult, but only after store authorization, so the
function is only exposed to localhost in the default configuration.

Original report and fixes reviewed by Florian Weimer of the Red Hat
Security team.  Red Hat bugzilla bug #841159.

Security advisory CVE-2012-3418.