Dear Ivan,
could you please have a look at the coverity issues in the gsm_rlcmac.cpp
routines?
Uninitialized scalar variable:
gsm_rlcmac.cpp:5321 ar.direction not initialized
gsm_rlcmac.cpp:5039 ar.direction not initialized
gsm_rlcmac.cpp:5155 ar.direction not initialized
gsm_rlcmac.cpp:4872 ar.direction not initialized
Just initialize it in csnStreamInit?
Out-of-bounds read:
gsm_rlcmac.cpp:5502 " Overrunning array "data->RLC_DATA" of 20 bytes
at byte offset 22 using index "i" (which evaluates to 22)."
gsm_rlcmac.cpp:5440 " Overrunning array "data->RLC_DATA" of 20 bytes
at byte offset 22 using index "i" (which evaluates to 22)."
Maybe just add an assert that dataNumOctets <= 20?
--
- Holger Freyther <hfreyther(a)sysmocom.de>
http://www.sysmocom.de/
=======================================================================
* sysmocom - systems for mobile communications GmbH
* Schivelbeiner Str. 5
* 10439 Berlin, Germany
* Sitz / Registered office: Berlin, HRB 134158 B
* Geschaeftsfuehrer / Managing Directors: Holger Freyther, Harald Welte