rlc v2: some fixes for 'bugs' found by coverity scan

Minor fixes, doesn't change anything. Not sure these are 'bugs' either,
but let's be polite with coverity scan...

One thing was not changed.
Coverity scan says:
*** CID 357991:  Memory - illegal accesses  (USE_AFTER_FREE)
/home/carabe/raphael/openairinterface5g/openair2/LAYER2/rlc_v2/rlc_entity_am.c: 507 in tx_list_remove_sn()
501         } else {
502           prev = cur;
503           cur = cur->next;
504         }
505       }
506
>>>     CID 357991:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Using freed pointer "head.next".
507       return head.next;
508     }
509
510     void cleanup_sdu_list(rlc_entity_am_t *entity)
511     {
512       rlc_sdu_t head;

But as far as I understand, there is no problem. We don't access
head.next at all if it has been freed. Or is there some aliasing
going on there (pointer aliasing)? I doubt it. False positive?

openair2/LAYER2/rlc_v2/rlc_entity_um.c

@@ -360,6 +360,7 @@ static tx_pdu_size_t tx_pdu_size(rlc_entity_um_t *entity, int maxsize)
   ret.data_size = 0;
   ret.header_size = 0;
   ret.last_sdu_is_full = 1;
+  ret.first_sdu_length = 0;
 
   /* TX PDU - let's make the biggest PDU we can with the SDUs we have */
   sdu_count = 0;

openair2/LAYER2/rlc_v2/rlc_oai_api.c

@@ -134,7 +134,10 @@ tbs_size_t mac_rlc_data_req(
   }
 
   if (MBMS_flagP == MBMS_FLAG_YES) {
-    rb = ue->drb[channel_idP - 1];
+    if (channel_idP >= 1 && channel_idP <= 5)
+      rb = ue->drb[channel_idP - 1];
+    else
+      rb = NULL;
   }
 
 
@@ -192,7 +195,10 @@ mac_rlc_status_resp_t mac_rlc_status_ind(
   }
 
   if (MBMS_flagP == MBMS_FLAG_YES) {
-    rb = ue->drb[channel_idP - 1];
+    if (channel_idP >= 1 && channel_idP <= 5)
+      rb = ue->drb[channel_idP - 1];
+    else
+      rb = NULL;
   }
 
   if (rb != NULL) {
@@ -316,7 +322,9 @@ rlc_op_status_t rlc_data_req     (const protocol_ctxt_t *const ctxt_pP,
     if (rb_idP >= 1 && rb_idP <= 5)
       rb = ue->drb[rb_idP - 1];
   }
+
   if( MBMS_flagP == MBMS_FLAG_YES) {
+    if (rb_idP >= 1 && rb_idP <= 5)
       rb = ue->drb[rb_idP - 1];
   }
 
@@ -875,12 +883,19 @@ rlc_op_status_t rrc_rlc_config_asn1_req (const protocol_ctxt_t   * const ctxt_pP
         mbms_service_id    = MBMS_SessionInfo_p->tmgi_r9.serviceId_r9.buf[2]; //serviceId is 3-octet string
 //        mbms_service_id    = j;
 
+#if 0
+        /* TODO: check if this code should stay there
+         * as it is both enb and ue cases do the same thing
+         */
         // can set the mch_id = i
         if (ctxt_pP->enb_flag) {
           drb_id =  (mbms_service_id * LTE_maxSessionPerPMCH ) + mbms_session_id;//+ (LTE_maxDRB + 3) * MAX_MOBILES_PER_ENB; // 1
         } else {
           drb_id =  (mbms_service_id * LTE_maxSessionPerPMCH ) + mbms_session_id; // + (LTE_maxDRB + 3); // 15
         }
+#endif
+
+        drb_id =  (mbms_service_id * LTE_maxSessionPerPMCH ) + mbms_session_id;
 
         LOG_I(RLC, PROTOCOL_CTXT_FMT" CONFIG REQ MBMS ASN1 LC ID %u RB ID %u SESSION ID %u SERVICE ID %u, mbms_rnti %x\n",
               PROTOCOL_CTXT_ARGS(ctxt_pP),