Re: [PATCH] ntfs: detect mapping-pairs LCN accumulator overflow

Next message: Jason Gunthorpe: "Re: [PATCH rc v2 0/4] iommufd: Fix veventq_depth boundary"
Previous message: Google: "Re: [PATCH] rethook: Use tsk-&gt;on_cpu to check task execution state"
In reply to: Samuel Moelius: "[PATCH] ntfs: detect mapping-pairs LCN accumulator overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Namjae Jeon

Date: Fri Jun 05 2026 - 09:45:52 EST

On Thu, Jun 4, 2026 at 2:41 AM Samuel Moelius
<sam.moelius@xxxxxxxxxxxxxxx> wrote:
>
> The NTFS mapping-pairs parser accumulates relative LCN deltas in a
> signed integer. A corrupted attribute can drive that addition past
> the representable range.
>
> One corrupt runlist shape sets the accumulated LCN to S64_MAX and
> then adds a delta of 1 in the next mapping-pairs entry.
>
> Signed overflow is undefined and can turn an invalid runlist into a
> different set of physical clusters.
>
> Check the LCN addition for overflow before storing the next run.
>
> Assisted-by: Codex:gpt-5.5-cyber-preview
> Signed-off-by: Samuel Moelius <sam.moelius@xxxxxxxxxxxxxxx>
Applied it to #ntfs-next.
Thanks!