edge: Fix data block decoder (Coverity) Use a signed integer instead of an unsigned one for num_chunks which can set to a negative value on error. Ensure that chunks is not dereferenced if it is NULL. In fact that will not happen currently, since num_chunks is now always <= 0 if chunks == NULL. Fixes: Coverity CID 1347433, 1347434, 1347435 Sponsored-by: On-Waves ehf

commit: ead5e4724cd15846e23eebceec37563caf041d5c [log] [tgz]
author: Jacob Erlbeck <jerlbeck@sysmocom.de> Fri Jan 08 10:14:50 2016 +0100
committer: Jacob Erlbeck <jerlbeck@sysmocom.de> Fri Jan 08 10:14:50 2016 +0100
tree: c4c1e14af95c0d0f0ea5ac8221d88b0d4483d5c2
parent: 6e75bc7fe304eec274f6e485a8b23a164fd4e28e [diff] [blame]
diff --git a/src/decoding.cpp b/src/decoding.cpp
index a26377b..007522c 100644
--- a/src/decoding.cpp
+++ b/src/decoding.cpp

@@ -194,7 +194,7 @@
 {
 	uint8_t e;
 	unsigned int data_len = rdbi->data_len;
-	unsigned int num_chunks = 0, i;
+	int num_chunks = 0, i;
 	unsigned int offs = 0;
 	bool is_last_block = (rdbi->cv == 0);
 
@@ -225,6 +225,9 @@
 			chunks, chunks_size);
 	}
 
+	if (num_chunks < 0)
+		return num_chunks;
+
 	/* TLLI */
 	if (rdbi->ti) {
 		uint32_t tlli_enc;
@@ -258,6 +261,9 @@
 		/* TODO: Skip all extensions with E=0 (see TS 44.060, 10.4.11 */
 	}
 
+	if (chunks_size == 0)
+		return num_chunks;
+
 	/* LLC */
 	for (i = 0; i < num_chunks; i++) {
 		chunks[i].offset = offs;
commit	ead5e4724cd15846e23eebceec37563caf041d5c	[log] [tgz]
author	Jacob Erlbeck <jerlbeck@sysmocom.de>	Fri Jan 08 10:14:50 2016 +0100
committer	Jacob Erlbeck <jerlbeck@sysmocom.de>	Fri Jan 08 10:14:50 2016 +0100
tree	c4c1e14af95c0d0f0ea5ac8221d88b0d4483d5c2
parent	6e75bc7fe304eec274f6e485a8b23a164fd4e28e [diff] [blame]