rohc

Wrong W-LSB decoding if interpretation interval straddles the field boundaries

Bug #1209260 reported by Didier Barvaux on 2013-08-07

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
rohc	Status tracked in Rohc-main
Rohc-1.5.x	Fix Released	High	Didier Barvaux	rohc 1.5.3
Rohc-1.6.x	Fix Released	High	Didier Barvaux	rohc 1.6.1
Rohc-main	Fix Released	High	Didier Barvaux	rohc 1.7.0

Bug Description

When decoding at decompressor a value encoded width W-LSB, there is a special case if the interpretation interval the straddle the field boundaries. The code is copied below.

The decoded value is searched in the first part of the interval [min ; 0xffffffff], then in the 2nd part of the interval [0 ; max]. The algorithm does not take into account the integer overflow in the first for loop: expression "try <= 0xffffffff" is always true since 0xffffffff + 1 = 0x00000000.

      /* the interpretation interval does straddle the field boundaries:
       * search in the first part of the interval */
      for(try = min; try <= 0xffffffff; try++)
      {
         if((try & mask) == (m & mask))
         {
            /* corresponding value found */
            is_found = true;
            *decoded = try;
            break;
         }
      }
      /* then, if not successful, search in the last part of the interval */
      if(!is_found)
      {
         for(try = 0; try <= max; try++)
         {
            if((try & mask) == (m & mask))
            {
               /* corresponding value found */
               is_found = true;
               *decoded = try;
               break;
            }
         }
      }