From 61134117c14302408e8a1520b6712ff2a3a41d4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= Date: Mon, 19 Jul 2021 09:23:23 +0200 Subject: [PATCH] Fixed checking the end of attrdef data Incomplete attribute definitions have to be rejected. --- libntfs-3g/attrib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libntfs-3g/attrib.c b/libntfs-3g/attrib.c index 66c1727d..3cb696e1 100644 --- a/libntfs-3g/attrib.c +++ b/libntfs-3g/attrib.c @@ -3767,8 +3767,9 @@ ATTR_DEF *ntfs_attr_find_in_attrdef(const ntfs_volume *vol, ntfs_log_perror("%s: type=%d", __FUNCTION__, le32_to_cpu(type)); return NULL; } - for (ad = vol->attrdef; (u8*)ad - (u8*)vol->attrdef < - vol->attrdef_len && ad->type; ++ad) { + for (ad = vol->attrdef; ((ptrdiff_t)((u8*)ad - (u8*)vol->attrdef + + sizeof(ATTR_DEF)) <= vol->attrdef_len) + && ad->type; ++ad) { /* We haven't found it yet, carry on searching. */ if (le32_to_cpu(ad->type) < le32_to_cpu(type)) continue;