From 59e425608fea666c3d35e0b4c7aeafa2848e6506 Mon Sep 17 00:00:00 2001
From: Paul Sutton <suttonpd@gmail.com>
Date: Mon, 12 Feb 2018 12:44:55 +0000
Subject: [PATCH] Better fix for buffer size issue

---
 lib/src/upper/rlc_am.cc | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/src/upper/rlc_am.cc b/lib/src/upper/rlc_am.cc
index e4a6242fa..26f42af84 100644
--- a/lib/src/upper/rlc_am.cc
+++ b/lib/src/upper/rlc_am.cc
@@ -587,7 +587,8 @@ int rlc_am::build_segment(uint8_t *payload, uint32_t nof_bytes, rlc_amd_retx_t r
                  rrc->get_rb_name(lcid).c_str(), nof_bytes, head_len);
     return 0;
   }
-  pdu_space = nof_bytes-head_len-2;
+
+  pdu_space = nof_bytes-head_len;
   if(pdu_space < (retx.so_end-retx.so_start))
     retx.so_end = retx.so_start+pdu_space;
 
@@ -603,10 +604,13 @@ int rlc_am::build_segment(uint8_t *payload, uint32_t nof_bytes, rlc_amd_retx_t r
     if(lower >= retx.so_end)
       break;
 
+    if(pdu_space <= 2)
+      break;
+
     upper += old_header.li[i];
 
     head_len    = rlc_am_packed_length(&new_header);
-    pdu_space   = nof_bytes-head_len-2;
+    pdu_space   = nof_bytes-head_len;
     if(pdu_space < (retx.so_end-retx.so_start))
       retx.so_end = retx.so_start+pdu_space;