edge: Fix data block decoder (Coverity)
Use a signed integer instead of an unsigned one for num_chunks
which can set to a negative value on error.
Ensure that chunks is not dereferenced if it is NULL. In fact
that will not happen currently, since num_chunks is now always
<= 0 if chunks == NULL.
Fixes: Coverity CID 1347433, 1347434, 1347435
Sponsored-by: On-Waves ehf
diff --git a/src/decoding.cpp b/src/decoding.cpp
index a26377b..007522c 100644
--- a/src/decoding.cpp
+++ b/src/decoding.cpp
@@ -194,7 +194,7 @@
{
uint8_t e;
unsigned int data_len = rdbi->data_len;
- unsigned int num_chunks = 0, i;
+ int num_chunks = 0, i;
unsigned int offs = 0;
bool is_last_block = (rdbi->cv == 0);
@@ -225,6 +225,9 @@
chunks, chunks_size);
}
+ if (num_chunks < 0)
+ return num_chunks;
+
/* TLLI */
if (rdbi->ti) {
uint32_t tlli_enc;
@@ -258,6 +261,9 @@
/* TODO: Skip all extensions with E=0 (see TS 44.060, 10.4.11 */
}
+ if (chunks_size == 0)
+ return num_chunks;
+
/* LLC */
for (i = 0; i < num_chunks; i++) {
chunks[i].offset = offs;