From: Simon Wilkinson <sxw@your-file-system.com>
Date: Fri, 1 Mar 2013 11:35:05 +0000 (+0000)
Subject: rxgen: Don't overflow PackageIndex
X-Git-Tag: upstream/1.6.10_pre1^2~156
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=b76b80bb08173edb5d2423c4edcd951b6630c679;p=packages%2Fo%2Fopenafs.git

rxgen: Don't overflow PackageIndex

PackageIndex++ returns the pre-index value of PackageIndex, so the
error statement isn't run when PackageIndex == MAX_PACKAGES. This
means we go on to overflow all of the arrays that are MAX_PACKAGES
in size.

Caught by coverity (#985583, #985584, #985585, #985586,
                    #985587, #985588, #985589)

Reviewed-on: http://gerrit.openafs.org/9325
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
(cherry picked from commit a1d8109c8fa8c10e3ce5ed67cda03b3b557608ff)

Change-Id: I5278bff5fe6be1bf127b240f7752c69385a9da24
Reviewed-on: http://gerrit.openafs.org/11033
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Chas Williams - CONTRACTOR <chas@cmf.nrl.navy.mil>
Reviewed-by: Stephan Wiesand <stephan.wiesand@desy.de>
---

diff --git a/src/rxgen/rpc_parse.c b/src/rxgen/rpc_parse.c
index 8ce005d90..5d7a2ca3f 100644
--- a/src/rxgen/rpc_parse.c
+++ b/src/rxgen/rpc_parse.c
@@ -569,8 +569,11 @@ def_package(definition * defp)
     scan(TOK_IDENT, &tok);
     defp->def_name = tok.str;
     no_of_stat_funcs = 0;
-    if (PackageIndex++ >= MAX_PACKAGES)
+
+    PackageIndex++;
+    if (PackageIndex >= MAX_PACKAGES)
 	error("Exceeded upper limit of package statements\n");
+
     function_list_index = 0;
     PackagePrefix[PackageIndex] = tok.str;
     if (MasterPrefix == NULL)