Coverity issues in gsm_rlcmac.cpp

Ivan Kluchnikov Ivan.Kluchnikov at fairwaves.ru
Tue Nov 12 13:44:43 UTC 2013


I will prepare patch for this issues soon.

2013/11/12 Ivan Kluchnikov <Ivan.Kluchnikov at fairwaves.ru>:
> Hi Holger,
>
> 2013/11/11 Holger Hans Peter Freyther <hfreyther at sysmocom.de>:
>>
>> Uninitialized scalar variable:
>> gsm_rlcmac.cpp:5321 ar.direction not initialized
>> gsm_rlcmac.cpp:5039 ar.direction not initialized
>> gsm_rlcmac.cpp:5155 ar.direction not initialized
>> gsm_rlcmac.cpp:4872 ar.direction not initialized
>>
>> Just initialize it in csnStreamInit?
>
> Yes.
>
>>
>> Out-of-bounds read:
>> gsm_rlcmac.cpp:5502 " Overrunning array "data->RLC_DATA" of 20 bytes
>> at byte offset 22 using index "i" (which evaluates to 22)."
>>
>> gsm_rlcmac.cpp:5440 "  Overrunning array "data->RLC_DATA" of 20 bytes
>> at byte offset 22 using index "i" (which evaluates to 22)."
>>
>> Maybe just add an assert that dataNumOctets <= 20?
>
> Yes, it makes sense.
>
>
>
>
> --
> Regards,
> Ivan Kluchnikov.
> http://fairwaves.ru



-- 
Regards,
Ivan Kluchnikov.
http://fairwaves.ru




More information about the osmocom-net-gprs mailing list