aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacob Erlbeck <jerlbeck@sysmocom.de>2016-01-08 10:14:50 +0100
committerJacob Erlbeck <jerlbeck@sysmocom.de>2016-01-08 10:14:50 +0100
commitead5e4724cd15846e23eebceec37563caf041d5c (patch)
treec4c1e14af95c0d0f0ea5ac8221d88b0d4483d5c2
parent6e75bc7fe304eec274f6e485a8b23a164fd4e28e (diff)
edge: Fix data block decoder (Coverity)
Use a signed integer instead of an unsigned one for num_chunks which can set to a negative value on error. Ensure that chunks is not dereferenced if it is NULL. In fact that will not happen currently, since num_chunks is now always <= 0 if chunks == NULL. Fixes: Coverity CID 1347433, 1347434, 1347435 Sponsored-by: On-Waves ehf
-rw-r--r--src/decoding.cpp8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/decoding.cpp b/src/decoding.cpp
index a26377b..007522c 100644
--- a/src/decoding.cpp
+++ b/src/decoding.cpp
@@ -194,7 +194,7 @@ int Decoding::rlc_data_from_ul_data(
{
uint8_t e;
unsigned int data_len = rdbi->data_len;
- unsigned int num_chunks = 0, i;
+ int num_chunks = 0, i;
unsigned int offs = 0;
bool is_last_block = (rdbi->cv == 0);
@@ -225,6 +225,9 @@ int Decoding::rlc_data_from_ul_data(
chunks, chunks_size);
}
+ if (num_chunks < 0)
+ return num_chunks;
+
/* TLLI */
if (rdbi->ti) {
uint32_t tlli_enc;
@@ -258,6 +261,9 @@ int Decoding::rlc_data_from_ul_data(
/* TODO: Skip all extensions with E=0 (see TS 44.060, 10.4.11 */
}
+ if (chunks_size == 0)
+ return num_chunks;
+
/* LLC */
for (i = 0; i < num_chunks; i++) {
chunks[i].offset = offs;