From ead5e4724cd15846e23eebceec37563caf041d5c Mon Sep 17 00:00:00 2001
From: Jacob Erlbeck <jerlbeck@sysmocom.de>
Date: Fri, 8 Jan 2016 10:14:50 +0100
Subject: edge: Fix data block decoder (Coverity)

Use a signed integer instead of an unsigned one for num_chunks
which can set to a negative value on error.

Ensure that chunks is not dereferenced if it is NULL. In fact
that will not happen currently, since num_chunks is now always
<= 0 if chunks == NULL.

Fixes: Coverity CID 1347433, 1347434, 1347435

Sponsored-by: On-Waves ehf
---
 src/decoding.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/decoding.cpp')

diff --git a/src/decoding.cpp b/src/decoding.cpp
index a26377bb..007522cc 100644
--- a/src/decoding.cpp
+++ b/src/decoding.cpp
@@ -194,7 +194,7 @@ int Decoding::rlc_data_from_ul_data(
 {
 	uint8_t e;
 	unsigned int data_len = rdbi->data_len;
-	unsigned int num_chunks = 0, i;
+	int num_chunks = 0, i;
 	unsigned int offs = 0;
 	bool is_last_block = (rdbi->cv == 0);
 
@@ -225,6 +225,9 @@ int Decoding::rlc_data_from_ul_data(
 			chunks, chunks_size);
 	}
 
+	if (num_chunks < 0)
+		return num_chunks;
+
 	/* TLLI */
 	if (rdbi->ti) {
 		uint32_t tlli_enc;
@@ -258,6 +261,9 @@ int Decoding::rlc_data_from_ul_data(
 		/* TODO: Skip all extensions with E=0 (see TS 44.060, 10.4.11 */
 	}
 
+	if (chunks_size == 0)
+		return num_chunks;
+
 	/* LLC */
 	for (i = 0; i < num_chunks; i++) {
 		chunks[i].offset = offs;
-- 
cgit v1.2.3