Bug 258940 - sysutils/fusefs-ntfs: ntfs-3g can seg-fault if the attribute MFT record is corrupt
Summary: sysutils/fusefs-ntfs: ntfs-3g can seg-fault if the attribute MFT record is co...
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-05 08:34 UTC by Robert Morris
Modified: 2021-10-05 08:34 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (freebsd)

Attachments
sysutils/fusefs-ntfs: an NTFS disk image whose corrupt attribute MFT record causes a seg-fault (121.57 KB, application/x-gzip)
2021-10-05 08:34 UTC, Robert Morris 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Morris 2021-10-05 08:34:28 UTC 
Created attachment 228456 [details]
sysutils/fusefs-ntfs: an NTFS disk image whose corrupt attribute MFT record causes a seg-fault

A corrupt MFT attribute record can cause ntfs_mount() to return
a NULL volume pointer but leave errno = 0. This causes ntfs_open()
to return zero (indicating no error) but leave ctx->vol == NULL.
main() then tries to use ctx->vol.

I've attached a demo disk image:

% gunzip ntx8.img.gz 
% sudo mdconfig -f ntx8.img
md0
% sudo ntfs-3g /dev/md0p1 /mnt
Failed to open $AttrDef: No error: 0
Failed to mount '/dev/md0p1': No error: 0
Segmentation fault
% ntfs-3g --version
ntfs-3g 2017.3.23 external FUSE 29
% uname -a
FreeBSD xxx 13.0-RELEASE-p4 FreeBSD 13.0-RELEASE-p4 #0: Tue Aug 24 07:33:27 UTC 2021     root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

The backtrace:

0x0000000000015c14 in main (argc=<optimized out>, argv=<optimized out>) at ntfs-3g.c:4193
4193            if (!ctx->ro && NVolReadOnly(ctx->vol)) {