From 2ede3b67eef84260d2955fb6d4429ccb2db1ab1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jpandre@users.sourceforge.net>
Date: Fri, 5 Mar 2021 10:21:36 +0100
Subject: [PATCH] Improved checking of the location of MFT

Terminate cleanly when the MFT is improperly located, by making sure it
is located within the volume and that it contains its own data.
---
 libntfs-3g/volume.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libntfs-3g/volume.c b/libntfs-3g/volume.c
index 7a1bcf29..416ebfb7 100644
--- a/libntfs-3g/volume.c
+++ b/libntfs-3g/volume.c
@@ -355,6 +355,11 @@ mft_has_no_attr_list:
 			ntfs_log_perror("ntfs_mapping_pairs_decompress() failed");
 			goto error_exit;
 		}
+		/* Make sure $DATA is the MFT itself */
+		if (nrl->lcn != vol->mft_lcn) {
+			ntfs_log_perror("The MFT is not self-contained");
+			goto error_exit;
+		}
 		vol->mft_na->rl = nrl;
 
 		/* Get the lowest vcn for the next extent. */
@@ -601,6 +606,10 @@ ntfs_volume *ntfs_volume_startup(struct ntfs_device *dev,
 	vol->mft_zone_end = vol->mft_lcn + mft_zone_size;
 	while (vol->mft_zone_end >= vol->nr_clusters) {
 		mft_zone_size >>= 1;
+		if (!mft_zone_size) {
+			errno = EINVAL;
+			goto error_exit;
+		}
 		vol->mft_zone_end = vol->mft_lcn + mft_zone_size;
 	}
 	ntfs_log_debug("mft_zone_end = 0x%llx\n", (long long)vol->mft_zone_end);