From b76b80bb08173edb5d2423c4edcd951b6630c679 Mon Sep 17 00:00:00 2001 From: Simon Wilkinson Date: Fri, 1 Mar 2013 11:35:05 +0000 Subject: [PATCH] rxgen: Don't overflow PackageIndex MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit PackageIndex++ returns the pre-index value of PackageIndex, so the error statement isn't run when PackageIndex == MAX_PACKAGES. This means we go on to overflow all of the arrays that are MAX_PACKAGES in size. Caught by coverity (#985583, #985584, #985585, #985586, #985587, #985588, #985589) Reviewed-on: http://gerrit.openafs.org/9325 Tested-by: BuildBot Reviewed-by: Jeffrey Altman Reviewed-by: Derrick Brashear (cherry picked from commit a1d8109c8fa8c10e3ce5ed67cda03b3b557608ff) Change-Id: I5278bff5fe6be1bf127b240f7752c69385a9da24 Reviewed-on: http://gerrit.openafs.org/11033 Tested-by: BuildBot Reviewed-by: Andrew Deason Reviewed-by: Chas Williams - CONTRACTOR Reviewed-by: Stephan Wiesand --- src/rxgen/rpc_parse.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/rxgen/rpc_parse.c b/src/rxgen/rpc_parse.c index 8ce005d90..5d7a2ca3f 100644 --- a/src/rxgen/rpc_parse.c +++ b/src/rxgen/rpc_parse.c @@ -569,8 +569,11 @@ def_package(definition * defp) scan(TOK_IDENT, &tok); defp->def_name = tok.str; no_of_stat_funcs = 0; - if (PackageIndex++ >= MAX_PACKAGES) + + PackageIndex++; + if (PackageIndex >= MAX_PACKAGES) error("Exceeded upper limit of package statements\n"); + function_list_index = 0; PackagePrefix[PackageIndex] = tok.str; if (MasterPrefix == NULL) -- 2.39.5