From a1d8109c8fa8c10e3ce5ed67cda03b3b557608ff Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Fri, 1 Mar 2013 11:35:05 +0000 Subject: [PATCH] rxgen: Don't overflow PackageIndex MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit PackageIndex++ returns the pre-index value of PackageIndex, so the error statement isn't run when PackageIndex == MAX_PACKAGES. This means we go on to overflow all of the arrays that are MAX_PACKAGES in size. Caught by coverity (#985583, #985584, #985585, #985586, #985587, #985588, #985589) Change-Id: If81f9ff89edc4cfd56677ff51cea71281ebe1e3b Reviewed-on: http://gerrit.openafs.org/9325 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Derrick Brashear --- src/rxgen/rpc_parse.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/rxgen/rpc_parse.c b/src/rxgen/rpc_parse.c index b8bf6e127..9c3d133ed 100644 --- a/src/rxgen/rpc_parse.c +++ b/src/rxgen/rpc_parse.c @@ -584,8 +584,11 @@ def_package(definition * defp) scan(TOK_IDENT, &tok); defp->def_name = tok.str; no_of_stat_funcs = 0; - if (PackageIndex++ >= MAX_PACKAGES) + + PackageIndex++; + if (PackageIndex >= MAX_PACKAGES) error("Exceeded upper limit of package statements\n"); + function_list_index = 0; PackagePrefix[PackageIndex] = tok.str; if (MasterPrefix == NULL) -- 2.39.5