From 9f22e17a167f26cb2fbc5e85351793642fc8f22c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jean-Pierre=20Andr=C3=A9?= <jpandre@users.sourceforge.net>
Date: Wed, 30 Sep 2015 09:02:15 +0200
Subject: [PATCH] Improved the check for a valid $MFTMirr

The test for a valid $MFTMirr could segfault on a badly damaged partition.
Add safety checks.
---
 libntfs-3g/volume.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libntfs-3g/volume.c b/libntfs-3g/volume.c
index edd76979..9ae4c220 100644
--- a/libntfs-3g/volume.c
+++ b/libntfs-3g/volume.c
@@ -910,6 +910,7 @@ ntfs_volume *ntfs_device_mount(struct ntfs_device *dev, ntfs_mount_flags flags)
 	ATTR_RECORD *a;
 	VOLUME_INFORMATION *vinf;
 	ntfschar *vname;
+	u32 record_size;
 	int i, j, eo;
 	unsigned int k;
 	u32 u;
@@ -989,7 +990,10 @@ ntfs_volume *ntfs_device_mount(struct ntfs_device *dev, ntfs_mount_flags flags)
 				goto io_error_exit;
 			}
 		}
-		if (memcmp(mrec, mrec2, ntfs_mft_record_get_data_size(mrec))) {
+		record_size = ntfs_mft_record_get_data_size(mrec);
+		if ((record_size <= sizeof(MFT_RECORD))
+		    || (record_size > vol->mft_record_size)
+		    || memcmp(mrec, mrec2, record_size)) {
 			ntfs_log_error("$MFTMirr does not match $MFT (record "
 				       "%d).\n", i);
 			goto io_error_exit;