From b42dc41d6a75a43b04673c95b17c11138a6be818 Mon Sep 17 00:00:00 2001
From: "cantab.net!aia21" <cantab.net!aia21>
Date: Thu, 13 Feb 2003 10:27:33 +0000
Subject: [PATCH] ntfs_mft_records_write(): stupid buffer overflow bug (ouch!)

(Logical change 1.121)
---
 libntfs/mft.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libntfs/mft.c b/libntfs/mft.c
index 28f2646e..aedef1b9 100644
--- a/libntfs/mft.c
+++ b/libntfs/mft.c
@@ -1,7 +1,7 @@
 /*
  * mft.c - Mft record handling code. Part of the Linux-NTFS project.
  *
- * Copyright (c) 2000-2002 Anton Altaparmakov
+ * Copyright (c) 2000-2003 Anton Altaparmakov
  *
  * This program/include file is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License as published
@@ -119,6 +119,8 @@ int ntfs_mft_records_write(const ntfs_volume *vol, const MFT_REF mref,
 	m = MREF(mref);
 	if (m < vol->mftmirr_size) {
 		cnt = vol->mftmirr_size - m;
+		if (cnt > count)
+			cnt = count;
 		bmirr = malloc(cnt * vol->mft_record_size);
 		if (!bmirr)
 			return -1;