From ee1c8c292e5bee4d07ff22bcc0d87215abfb81e3 Mon Sep 17 00:00:00 2001 From: yagoda Date: Wed, 31 Jan 2018 12:28:21 +0000 Subject: [PATCH 1/3] fixing coverity issues --- lib/src/phy/resampling/resample_arb.c | 2 +- srsenb/src/mac/ue.cc | 4 ++++ srsenb/test/upper/ip_test.cc | 3 ++- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/lib/src/phy/resampling/resample_arb.c b/lib/src/phy/resampling/resample_arb.c index 441e8c0dc..5cea28ed2 100644 --- a/lib/src/phy/resampling/resample_arb.c +++ b/lib/src/phy/resampling/resample_arb.c @@ -150,7 +150,7 @@ int srslte_resample_arb_compute(srslte_resample_arb_t *q, cf_t *input, cf_t *out res1 = srslte_resample_arb_dot_prod(filter_input, srslte_resample_arb_polyfilt[idx], SRSLTE_RESAMPLE_ARB_M); if(q->interpolate){ - res2 = srslte_resample_arb_dot_prod(filter_input, srslte_resample_arb_polyfilt[(idx%SRSLTE_RESAMPLE_ARB_N)+1], SRSLTE_RESAMPLE_ARB_M); + res2 = srslte_resample_arb_dot_prod(filter_input, srslte_resample_arb_polyfilt[(idx+1)%SRSLTE_RESAMPLE_ARB_N], SRSLTE_RESAMPLE_ARB_M); } if(idx == SRSLTE_RESAMPLE_ARB_N){ diff --git a/srsenb/src/mac/ue.cc b/srsenb/src/mac/ue.cc index d8ca3a8f2..3f3657594 100644 --- a/srsenb/src/mac/ue.cc +++ b/srsenb/src/mac/ue.cc @@ -279,6 +279,10 @@ bool ue::process_ce(srslte::sch_subh *subh) { case srslte::sch_subh::TRUNC_BSR: case srslte::sch_subh::SHORT_BSR: idx = subh->get_bsr(buff_size); + if(idx == -1){ + Error("Invalid Index Passed to lc groups\n"); + break; + } for (uint32_t i=0;iul_bsr(rnti, lc_groups[idx][i], buff_size[idx]); diff --git a/srsenb/test/upper/ip_test.cc b/srsenb/test/upper/ip_test.cc index 2b789cf27..190478f0d 100644 --- a/srsenb/test/upper/ip_test.cc +++ b/srsenb/test/upper/ip_test.cc @@ -642,6 +642,7 @@ int setup_if_addr(char *ip_addr) perror("ioctl"); return -1; } - + + close(sock); return(tun_fd); } From 2dcee59fb2031102d2f1d001eed58af9031d81e9 Mon Sep 17 00:00:00 2001 From: yagoda Date: Wed, 31 Jan 2018 12:41:24 +0000 Subject: [PATCH 2/3] minor warning fix --- srsenb/src/mac/ue.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/srsenb/src/mac/ue.cc b/srsenb/src/mac/ue.cc index b5ecc9df4..166be24f1 100644 --- a/srsenb/src/mac/ue.cc +++ b/srsenb/src/mac/ue.cc @@ -256,7 +256,7 @@ void ue::push_pdu(uint32_t tti, uint32_t len) bool ue::process_ce(srslte::sch_subh *subh) { uint32_t buff_size[4] = {0, 0, 0, 0}; float phr = 0; - uint32_t idx = 0; + int32_t idx = 0; uint16_t old_rnti = 0; bool is_bsr = false; switch(subh->ce_type()) { From 8daa834607cdd5ce706b23c0e44d5e4c8a6c5424 Mon Sep 17 00:00:00 2001 From: Andre Puschmann Date: Wed, 31 Jan 2018 15:05:17 +0100 Subject: [PATCH 3/3] fix ASN1 s1ap code by checking upper bound of buffer --- lib/src/asn1/liblte_s1ap.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/src/asn1/liblte_s1ap.cc b/lib/src/asn1/liblte_s1ap.cc index 31c7391ab..530767c2f 100644 --- a/lib/src/asn1/liblte_s1ap.cc +++ b/lib/src/asn1/liblte_s1ap.cc @@ -2243,6 +2243,12 @@ LIBLTE_ERROR_ENUM liblte_s1ap_pack_imsi( if(ie != NULL && ptr != NULL) { + // max length of IE buffer is 32, so limit + if (ie->n_octets > 31) { + printf("Length in struct exceeds buffer (%d > 31).\n", ie->n_octets); + return LIBLTE_ERROR_ENCODE_FAIL; + } + // Dynamic octet string - IMSI // Length if(ie->n_octets < 128) {