Possible buffer overrun in CLI parsing

[apconole]

parse_cli.l:497:

<getup2tc>[0-7]         { up2tc_a[up2tc_idx] = atoi(yytext);
                up2tc_idx++;

up2tc_idx is possibly outside bounds. Needs closer inspection.

[penguin359]

My [f]lex knowledge is a little weak, but I don't see an immediate issue. This is the only place that variable is incremented and elsewhere, it's reset to zero. Comments I would make around there is that 8 should be replaced by the correct constant and, perhaps, up2tc_idx should be reset to zero when it hits the end in case this state gets triggered again:

<getup2tc>[0-7]                 { up2tc_a[up2tc_idx] = atoi(yytext);
                                up2tc_idx++;
                                if (up2tc_idx == MAX_USER_PRIORITIES) {
                                        up2tc_idx = 0;
                                        BEGIN(getpgargs);
                                }
                                }