Allocating clusters to the main bitmap may imply updating the bitmap
itself within a cluster not yet allocated. This can turn into endless
recursions and has to be rejected. Currently the bitmap is assumed
to be fully allocated.
The count of free clusters may be updated while mounting before it
has been initialized, which may lead to irrelevant error messages.
Moreover the count is not computed at all in some ntfsprogs utilities.
So set up a flags to avoid outputting irrelevant errors.
Make sure the used part of an index block fits into the allocated buffer.
Note : a negative size may cause overflow on 32-bit cpus.
(contributed by Rakesh Pandit)
The standard size is 2560 bytes. It can be extended for specific purposes,
but its former limit to 32 bits was unreasonable. Anyway ntfs-3g is
not committed to support non-standard situations.
Checked that attributes are [non-]resident when they have to be, and
grouped consistency checks on each of them in a dedicated function.
Consequenly request the checks where needed and remove existing index
checks.
The standard information of the MFT must be its first attribute in the
base record. If it is not accessible initially, we end up searching it
in an extent before the MFT struct is ready for that.
The end of the attributes must be checked against the space in use
rather than the allocated space. This contributes to the safety of
subsequent attribute resizing.
Make sure the attribute designated to readall() has a reasonable size.
Apart from a bitmap, in a valid call, the attribute size is limited to
65536, and bitmaps are limited by the number of cluster.
When appending to an existing compressed file, the last block must first
be decompressed. When doing so, clear the tail of buffer in order to not
leak unrelated data.
Reject updating uninitialized MFTMirr because it leads to endless
recursions as updating the MFTMirr entry of MFT implies further updating
MFTMirr.
This is probably specific to ntfsfix, as mounts are normally rejected
when MFTMirr does not match MFT.
Make sure the attributes fully lie within the MFT record, and make sure
their variable components (name, runlist, value) fully lie within the
attribute.
The consistency check on the upcase size was laxist.
The unicode points are limited to 1048575 (20 bits), but there is no
provision to support code points beyond 65535.
In the current implementation the upcase size must be even and <= 131072.
Optionally record the special files (symlinks, fifos, sockets, character
and block devices) using reparse points instead of using Interix representation.
Doing so, the special files are interoperable with Windows Subsystem for
linux (WSL).
Windows traditionally rejected having both EA and reparse data assigned
to a file, but Windows 10 has dropped the constraint and it uses this
condition massively, so do the same. Note that pre-Windows 10 chkdsk.exe
removes the EA' on reparse points, potentially damaging more recent
volumes.
The Windows Subsystem for Linux (WSL) of Windows 10 uses reparse points
to record special files (symlinks, fifos, sockets, char or block devices).
Honor such reparse points with the same meaning as WSL.
Currently memory allocations are done through ntfs_malloc() and
ntfs_calloc(), but releases are done through free(3). Defining an
ntfs_free() relay facilitates the debugging of memory leaks in
plugins.
When building a symlink to emulate a Windows junction or absolute
symlink, use the mount point recorded in the volume attributes.
This enables the plugins to emulate object as symlinks.
When filling a hole in a sparse file, the beginning of the runlist
does not need to be updated. However the allocated size is within
the extent holding its beginning and it needs to be updated.
In rare situations, removing an entry from an index root while
rebalancing the index tree, its space was not recovered from the index
root, causing chkdsk to complain. Truncate the index root when this
happens.
When the mount option "posix_nlink" is used, the number of links
returned by stat complies with Posix : the legacy 8.3 names are not
taken into account, and the subdirectories are taken into account
for directories. This causes some overhead for recomputing the
number of links.
When a compressed file has been deteriorated through hardware error
or accidental overwriting, some unrelated data could be leaked.
Make sure to zero fill the buffer when this happens.
The translations of Windows paths designed for translating Windows symlinks
and mount points may also be used in plugins for translation execlinks,
so make them available.
The types of reparse point objects cannot be decided upon the data
available in a directory, so we must delegate their determination to a
specific plugin when available, and be consistent if there is none.
Jean-Pierre André
Jean-Pierre André