Coverity issues in gsm_rlcmac.cpp

Holger Hans Peter Freyther hfreyther at sysmocom.de
Mon Nov 11 19:24:08 UTC 2013


Dear Ivan,

could you please have a look at the coverity issues in the gsm_rlcmac.cpp
routines? 

Uninitialized scalar variable:
gsm_rlcmac.cpp:5321 ar.direction not initialized
gsm_rlcmac.cpp:5039 ar.direction not initialized
gsm_rlcmac.cpp:5155 ar.direction not initialized
gsm_rlcmac.cpp:4872 ar.direction not initialized

Just initialize it in csnStreamInit?


Out-of-bounds read:
gsm_rlcmac.cpp:5502 " Overrunning array "data->RLC_DATA" of 20 bytes
at byte offset 22 using index "i" (which evaluates to 22)."

gsm_rlcmac.cpp:5440 "  Overrunning array "data->RLC_DATA" of 20 bytes
at byte offset 22 using index "i" (which evaluates to 22)."

Maybe just add an assert that dataNumOctets <= 20?



-- 
- Holger Freyther <hfreyther at sysmocom.de>       http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Schivelbeiner Str. 5
* 10439 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschaeftsfuehrer / Managing Directors: Holger Freyther, Harald Welte





More information about the osmocom-net-gprs mailing list