mac: convert rar_pdu_msg[] from vector into array and protect access

attempt to address ASAN detected issue:

RACH:  tti=821, cc=3, preamble=11, offset=0, temp_crnti=0x47
ASAN:DEADLYSIGNAL
=================================================================
m==25385==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000024 (pc 0x564b19a26c93 bp 0x7fa0e5f1a8c0 sp 0x7fa0e5f1a798 T8)
==25385==The signal is caused by a WRITE memory access.
==25385==Hint: address points to the zero page.

------DL--------------------------------UL------------------------------------
rnti cqi  ri mcs brate   ok  nok  (%)  snr  phr mcs brate   ok  nok  (%)   bsr
  46 0.10   0 0.0     0    0    0   0%    0  0.0   0     0    0    0   0%   0.0
  47 0.10   0 0.0     0    0    0   0%    0  0.0   0     0    0    0   0%   0.0
    #0 0x564b19a26c92 in srslte::rar_subh::set_ta_cmd(unsigned int) /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/lib/src/mac/pdu.cc:1136
    #1 0x564b19577f7e in srsenb::mac::assemble_rar(srsenb::sched_interface::dl_sched_rar_grant_t*, unsigned int, int, unsigned int, unsigned int) /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/srsenb/src/stack/mac/mac.cc:837
    #2 0x564b19591765 in srsenb::mac::get_dl_sched(unsigned int, std::vector<srsenb::mac_interface_phy_lte::dl_sched_t, std::allocator<srsenb::mac_interface_phy_lte::dl_sched_t> >&) /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/srsenb/src/stack/mac/mac.cc:653
    #3 0x564b19497ee2 in srsenb::lte::sf_worker::work_imp() /mnt/data/jenkins/workspace/srslte_ogt_manual_zmq/srsLTE/srsenb/src/phy/lte/sf_worker.cc:208
    #4 0x564b199f8db4 in

srsenb/hdr/stack/mac/mac.h

@@ -140,12 +140,12 @@ private:
 
   uint8_t* assemble_rar(sched_interface::dl_sched_rar_grant_t* grants,
                         uint32_t                               nof_grants,
-                        int                                    rar_idx,
+                        uint32_t                               rar_idx,
                         uint32_t                               pdu_len,
                         uint32_t                               tti);
 
   const static int             rar_payload_len = 128;
-  std::vector<srslte::rar_pdu> rar_pdu_msg;
+  std::array<srslte::rar_pdu, sched_interface::MAX_RAR_LIST> rar_pdu_msg;
   srslte::byte_buffer_t        rar_payload[sched_interface::MAX_RAR_LIST];
 
   const static int NOF_BCCH_DLSCH_MSG = sched_interface::MAX_SIBS;

srsenb/src/stack/mac/mac.cc

@@ -28,7 +28,6 @@ using namespace asn1::rrc;
 namespace srsenb {
 
 mac::mac(srslte::ext_task_sched_handle task_sched_) :
-  rar_pdu_msg(sched_interface::MAX_RAR_LIST),
   rar_payload(),
   common_buffers(SRSLTE_MAX_CARRIERS),
   task_sched(task_sched_)
@@ -821,12 +820,12 @@ int mac::get_mch_sched(uint32_t tti, bool is_mcch, dl_sched_list_t& dl_sched_res
 
 uint8_t* mac::assemble_rar(sched_interface::dl_sched_rar_grant_t* grants,
                            uint32_t                               nof_grants,
-                           int                                    rar_idx,
+                           uint32_t                               rar_idx,
                            uint32_t                               pdu_len,
                            uint32_t                               tti)
 {
   uint8_t grant_buffer[64] = {};
-  if (pdu_len < rar_payload_len) {
+  if (pdu_len < rar_payload_len && rar_idx < rar_pdu_msg.size()) {
     srslte::rar_pdu* pdu = &rar_pdu_msg[rar_idx];
     rar_payload[rar_idx].clear();
     pdu->init_tx(&rar_payload[rar_idx], pdu_len);
@@ -842,7 +841,7 @@ uint8_t* mac::assemble_rar(sched_interface::dl_sched_rar_grant_t* grants,
     pdu->write_packet(rar_payload[rar_idx].msg);
     return rar_payload[rar_idx].msg;
   } else {
-    Error("Assembling RAR: pdu_len > rar_payload_len (%d>%d)\n", pdu_len, rar_payload_len);
+    Error("Assembling RAR: rar_idx=%d, pdu_len > rar_payload_len (%d>%d)\n", rar_idx, pdu_len, rar_payload_len);
     return nullptr;
   }
 }