Bug 258940

Summary:

sysutils/fusefs-ntfs: ntfs-3g can seg-fault if the attribute MFT record is corrupt

Product:

Ports & Packages

Reporter:

Robert Morris <rtm>

Component:

Individual Port(s)

Assignee:

freebsd-ports-bugs (Nobody) <ports-bugs>

Status:

New ---

Severity:

Affects Only Me

CC:

freebsd

Priority:

---

Flags:

bugzilla: maintainer-feedback? (freebsd)

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
sysutils/fusefs-ntfs: an NTFS disk image whose corrupt attribute MFT record causes a seg-fault	none

Description Robert Morris 2021-10-05 08:34:28 UTC

Created attachment 228456 [details]
sysutils/fusefs-ntfs: an NTFS disk image whose corrupt attribute MFT record causes a seg-fault

A corrupt MFT attribute record can cause ntfs_mount() to return
a NULL volume pointer but leave errno = 0. This causes ntfs_open()
to return zero (indicating no error) but leave ctx->vol == NULL.
main() then tries to use ctx->vol.

I've attached a demo disk image:

% gunzip ntx8.img.gz 
% sudo mdconfig -f ntx8.img
md0
% sudo ntfs-3g /dev/md0p1 /mnt
Failed to open $AttrDef: No error: 0
Failed to mount '/dev/md0p1': No error: 0
Segmentation fault
% ntfs-3g --version
ntfs-3g 2017.3.23 external FUSE 29
% uname -a
FreeBSD xxx 13.0-RELEASE-p4 FreeBSD 13.0-RELEASE-p4 #0: Tue Aug 24 07:33:27 UTC 2021     root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

The backtrace:

0x0000000000015c14 in main (argc=<optimized out>, argv=<optimized out>) at ntfs-3g.c:4193
4193            if (!ctx->ro && NVolReadOnly(ctx->vol)) {