[Bug 258940] sysutils/fusefs-ntfs: ntfs-3g can seg-fault if the attribute MFT record is corrupt

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258940

            Bug ID: 258940
           Summary: sysutils/fusefs-ntfs: ntfs-3g can seg-fault if the
                    attribute MFT record is corrupt
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: rtm@lcs.mit.edu
                CC: freebsd@dussan.org
             Flags: maintainer-feedback?(freebsd@dussan.org)
                CC: freebsd@dussan.org

Created attachment 228456
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=228456&action=edit
sysutils/fusefs-ntfs: an NTFS disk image whose corrupt attribute MFT record
causes a seg-fault

A corrupt MFT attribute record can cause ntfs_mount() to return
a NULL volume pointer but leave errno = 0. This causes ntfs_open()
to return zero (indicating no error) but leave ctx->vol == NULL.
main() then tries to use ctx->vol.

I've attached a demo disk image:

% gunzip ntx8.img.gz 
% sudo mdconfig -f ntx8.img
md0
% sudo ntfs-3g /dev/md0p1 /mnt
Failed to open $AttrDef: No error: 0
Failed to mount '/dev/md0p1': No error: 0
Segmentation fault
% ntfs-3g --version
ntfs-3g 2017.3.23 external FUSE 29
% uname -a
FreeBSD xxx 13.0-RELEASE-p4 FreeBSD 13.0-RELEASE-p4 #0: Tue Aug 24 07:33:27 UTC
2021    
root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC 
amd64

The backtrace:

0x0000000000015c14 in main (argc=<optimized out>, argv=<optimized out>) at
ntfs-3g.c:4193
4193            if (!ctx->ro && NVolReadOnly(ctx->vol)) {

-- 
You are receiving this mail because:
You are the assignee for the bug.