sndcp: Fixups for sndcp layer based on coverity-scan suggestions
- missing break in gprs_sndcp_pcomp.c, line 143
- string overflow in slhc_test.c, line 211
- sizeof mismatch in gprs_sndcp_xid.c, line 1369 and 1378
- mismatching signedness in gprs_sndcp_xid.c, line 1377
- needless < 0 comparison in gprs_sndcp_xid.c, line 477
- needless < 0 comparison in gprs_sndcp_xid.c, line 209
- missing returncode check in v42bis_test.c, line 320
- wrong pointer dereferentialization in gprs_sndcp_comp.c, line 73
Change-Id: I4f9adf251f5119e67ffe76baad6f1f996ac8dbad
diff --git a/openbsc/src/gprs/gprs_sndcp_comp.c b/openbsc/src/gprs/gprs_sndcp_comp.c
index b13cb8b..cae0039 100644
--- a/openbsc/src/gprs/gprs_sndcp_comp.c
+++ b/openbsc/src/gprs/gprs_sndcp_comp.c
@@ -70,7 +70,7 @@
comp_field->v42bis_params->nsapi,
sizeof(comp_entity->nsapi));
} else if (comp_field->v44_params) {
- comp_entity->nsapi_len = comp_field->v42bis_params->nsapi_len;
+ comp_entity->nsapi_len = comp_field->v44_params->nsapi_len;
memcpy(comp_entity->nsapi,
comp_field->v42bis_params->nsapi,
sizeof(comp_entity->nsapi));
diff --git a/openbsc/src/gprs/gprs_sndcp_pcomp.c b/openbsc/src/gprs/gprs_sndcp_pcomp.c
index 5f6fb2c..493b263 100644
--- a/openbsc/src/gprs/gprs_sndcp_pcomp.c
+++ b/openbsc/src/gprs/gprs_sndcp_pcomp.c
@@ -141,6 +141,7 @@
switch (pcomp_index) {
case 0:
type = SL_TYPE_IP;
+ break;
case 1:
type = SL_TYPE_UNCOMPRESSED_TCP;
break;
diff --git a/openbsc/src/gprs/gprs_sndcp_xid.c b/openbsc/src/gprs/gprs_sndcp_xid.c
index 270bdee..bb43eab 100644
--- a/openbsc/src/gprs/gprs_sndcp_xid.c
+++ b/openbsc/src/gprs/gprs_sndcp_xid.c
@@ -206,7 +206,6 @@
/* Bail if number of ROHC profiles exceeds limit
* (ROHC supports only a maximum of 16 different profiles) */
- OSMO_ASSERT(params->profile_len >= 0);
OSMO_ASSERT(params->profile_len <= 16);
/* Zero out buffer */
@@ -475,8 +474,7 @@
for (i = 0; i < comp_field->comp_len; i++) {
/* Check if submitted PCOMP/DCOMP
values are within bounds */
- if ((comp_field->comp[i] < 0)
- || (comp_field->comp[i] > 0x0F))
+ if (comp_field->comp[i] > 0x0F)
return -EINVAL;
if (i & 1) {
@@ -1360,26 +1358,29 @@
{
struct gprs_sndcp_comp_field *comp_field;
int i = 0;
+ int rc;
if (!comp_fields)
return -EINVAL;
if (!lt)
return -EINVAL;
- memset(lt, 0, lt_len * sizeof(lt));
+ memset(lt, 0, sizeof(*lt));
llist_for_each_entry(comp_field, comp_fields, list) {
+ if (comp_field->algo >= 0) {
+ lt[i].entity = comp_field->entity;
+ lt[i].algo = comp_field->algo;
+ rc = gprs_sndcp_get_compression_class(comp_field);
- lt[i].entity = comp_field->entity;
- lt[i].algo = comp_field->algo;
- lt[i].compclass = gprs_sndcp_get_compression_class(comp_field);
+ if (rc < 0) {
+ memset(lt, 0, sizeof(*lt));
+ return -EINVAL;
+ }
- if (lt[i].compclass < 0) {
- memset(lt, 0, lt_len * sizeof(lt));
- return -EINVAL;
+ lt[i].compclass = rc;
+ i++;
}
-
- i++;
}
return i;