From: Simon Wilkinson <sxw@your-file-system.com>
Date: Fri, 1 Mar 2013 11:35:05 +0000 (+0000)
Subject: rxgen: Don't overflow PackageIndex
X-Git-Tag: upstream/1.8.0_pre1^2~1369
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=a1d8109c8fa8c10e3ce5ed67cda03b3b557608ff;p=packages%2Fo%2Fopenafs.git

rxgen: Don't overflow PackageIndex

PackageIndex++ returns the pre-index value of PackageIndex, so the
error statement isn't run when PackageIndex == MAX_PACKAGES. This
means we go on to overflow all of the arrays that are MAX_PACKAGES
in size.

Caught by coverity (#985583, #985584, #985585, #985586,
                    #985587, #985588, #985589)

Change-Id: If81f9ff89edc4cfd56677ff51cea71281ebe1e3b
Reviewed-on: http://gerrit.openafs.org/9325
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
---

diff --git a/src/rxgen/rpc_parse.c b/src/rxgen/rpc_parse.c
index b8bf6e127..9c3d133ed 100644
--- a/src/rxgen/rpc_parse.c
+++ b/src/rxgen/rpc_parse.c
@@ -584,8 +584,11 @@ def_package(definition * defp)
     scan(TOK_IDENT, &tok);
     defp->def_name = tok.str;
     no_of_stat_funcs = 0;
-    if (PackageIndex++ >= MAX_PACKAGES)
+
+    PackageIndex++;
+    if (PackageIndex >= MAX_PACKAGES)
 	error("Exceeded upper limit of package statements\n");
+
     function_list_index = 0;
     PackagePrefix[PackageIndex] = tok.str;
     if (MasterPrefix == NULL)