From 84478c401236f3e4345174ea2b71f578aa45335d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= Date: Mon, 12 Jul 2021 08:31:18 +0200 Subject: [PATCH] Checked attributes layout against length actually used The end of the attributes must be checked against the space in use rather than the allocated space. This contributes to the safety of subsequent attribute resizing. --- libntfs-3g/attrib.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libntfs-3g/attrib.c b/libntfs-3g/attrib.c index 799f2ee4..caf0f4a0 100644 --- a/libntfs-3g/attrib.c +++ b/libntfs-3g/attrib.c @@ -2801,7 +2801,7 @@ static int ntfs_attr_find(const ATTR_TYPES type, const ntfschar *name, * and we can safely access its minimal fields. */ offs = p2n(a) - p2n(ctx->mrec); - space = le32_to_cpu(ctx->mrec->bytes_allocated) - offs; + space = le32_to_cpu(ctx->mrec->bytes_in_use) - offs; if ((offs < 0) || (((space < (ptrdiff_t)offsetof(ATTR_RECORD, resident_end)) @@ -3256,7 +3256,7 @@ do_next_attr_loop: * and we can safely access its minimal fields. */ offs = p2n(a) - p2n(ctx->mrec); - space = le32_to_cpu(ctx->mrec->bytes_allocated) - offs; + space = le32_to_cpu(ctx->mrec->bytes_in_use) - offs; if (offs < 0) break; if ((space >= 4) && (a->type == AT_END))