Hi,
the coverity tools points out that it might be possible to access
the si.buf atfer _MAX_SYSINFO_TYPE and before < 32. Looking at the
code I also notice that:
osmo_rsl2sitype takes an uint8_t but makes no range checking, same
goes for osmo_sitype2rsl.
I plan to apply the below patch for osmo-bts. This would resolve the
last open Coverity report for osmo-bts. It would be nice if we could
add range checking to osmo_rsl2sitype or check it in common/rsl.c of
osmo-bts.
diff --git a/src/common/sysinfo.c b/src/common/sysinfo.c
index 62d2af9..9e2d4bb 100644
--- a/src/common/sysinfo.c
+++ b/src/common/sysinfo.c
@@ -135,7 +135,7 @@ uint8_t *lchan_sacch_get(struct gsm_lchan *lchan, struct gsm_time
*g_time)
{
uint32_t tmp;
- for (tmp = lchan->si.last + 1; tmp != lchan->si.last; tmp = (tmp + 1) % 32)
{
+ for (tmp = lchan->si.last + 1; tmp != lchan->si.last; tmp = (tmp + 1) %
_MAX_SYSINFO_TYPE) {
if (lchan->si.valid & (1 << tmp)) {
lchan->si.last = tmp;
return lchan->si.buf[tmp];