Coverity issues in gsm_rlcmac.cpp

Ivan Kluchnikov Ivan.Kluchnikov at fairwaves.ru
Tue Nov 12 13:29:57 UTC 2013


Hi Holger,

2013/11/11 Holger Hans Peter Freyther <hfreyther at sysmocom.de>:
>
> Uninitialized scalar variable:
> gsm_rlcmac.cpp:5321 ar.direction not initialized
> gsm_rlcmac.cpp:5039 ar.direction not initialized
> gsm_rlcmac.cpp:5155 ar.direction not initialized
> gsm_rlcmac.cpp:4872 ar.direction not initialized
>
> Just initialize it in csnStreamInit?

Yes.

>
> Out-of-bounds read:
> gsm_rlcmac.cpp:5502 " Overrunning array "data->RLC_DATA" of 20 bytes
> at byte offset 22 using index "i" (which evaluates to 22)."
>
> gsm_rlcmac.cpp:5440 "  Overrunning array "data->RLC_DATA" of 20 bytes
> at byte offset 22 using index "i" (which evaluates to 22)."
>
> Maybe just add an assert that dataNumOctets <= 20?

Yes, it makes sense.




-- 
Regards,
Ivan Kluchnikov.
http://fairwaves.ru




More information about the osmocom-net-gprs mailing list