}
a = ctx->attr;
/* Get the standard information attribute value. */
- if ((u8 *)a + le16_to_cpu(a->data.resident.value_offset)
- + le32_to_cpu(a->data.resident.value_length) >
- (u8 *)ctx->mrec + vol->mft_record_size) {
- ntfs_error(vi->i_sb, "Corrupt standard information attribute in inode.");
- goto unm_err_out;
- }
si = (struct standard_information *)((u8 *)a +
le16_to_cpu(a->data.resident.value_offset));
goto unm_err_out;
}
} else /* if (!a->non_resident) */ {
- if ((u8 *)a + le16_to_cpu(a->data.resident.value_offset)
- + le32_to_cpu(
- a->data.resident.value_length) >
- (u8 *)ctx->mrec + vol->mft_record_size) {
- ntfs_error(vi->i_sb, "Corrupt attribute list in inode.");
- goto unm_err_out;
- }
/* Now copy the attribute list. */
memcpy(ni->attr_list, (u8 *)a + le16_to_cpu(
a->data.resident.value_offset),
ir = (struct index_root *)((u8 *)a +
le16_to_cpu(a->data.resident.value_offset));
ir_end = (u8 *)ir + le32_to_cpu(a->data.resident.value_length);
- if (ir_end > (u8 *)ctx->mrec + vol->mft_record_size) {
- ntfs_error(vi->i_sb, "$INDEX_ROOT attribute is corrupt.");
- goto unm_err_out;
- }
index_end = (u8 *)&ir->index +
le32_to_cpu(ir->index.index_length);
if (index_end > ir_end) {
ir = (struct index_root *)((u8 *)a + le16_to_cpu(a->data.resident.value_offset));
ir_end = (u8 *)ir + le32_to_cpu(a->data.resident.value_length);
- if (ir_end > (u8 *)ctx->mrec + vol->mft_record_size) {
- ntfs_error(vi->i_sb, "$INDEX_ROOT attribute is corrupt.");
- goto unm_err_out;
- }
index_end = (u8 *)&ir->index + le32_to_cpu(ir->index.index_length);
if (index_end > ir_end) {
ntfs_error(vi->i_sb, "Index is corrupt.");
goto put_err_out;
}
} else /* if (!ctx.attr->non_resident) */ {
- if ((u8 *)a + le16_to_cpu(
- a->data.resident.value_offset) +
- le32_to_cpu(a->data.resident.value_length) >
- (u8 *)ctx->mrec + vol->mft_record_size) {
- ntfs_error(sb, "Corrupt attribute list attribute.");
- goto put_err_out;
- }
/* Now copy the attribute list. */
memcpy(ni->attr_list, (u8 *)a + le16_to_cpu(
a->data.resident.value_offset),
}
do {
struct attr_record *a;
- u32 val_len;
err = ntfs_attr_lookup(AT_FILE_NAME, NULL, 0, 0, 0,
NULL, 0, ctx);
a = ctx->attr;
if (a->non_resident || a->flags)
goto eio_err_out;
- val_len = le32_to_cpu(a->data.resident.value_length);
- if (le16_to_cpu(a->data.resident.value_offset) +
- val_len > le32_to_cpu(a->length))
- goto eio_err_out;
fn = (struct file_name_attr *)((u8 *)ctx->attr + le16_to_cpu(
ctx->attr->data.resident.value_offset));
- if ((u32)(fn->file_name_length * sizeof(__le16) +
- sizeof(struct file_name_attr)) > val_len)
- goto eio_err_out;
} while (fn->file_name_type != FILE_NAME_WIN32);
/* Convert the found WIN32 name to current NLS code page. */
if (ntfs_attr_lookup(AT_VOLUME_INFORMATION, NULL, 0, 0, 0, NULL, 0,
ctx) || ctx->attr->non_resident || ctx->attr->flags) {
-err_put_vol:
ntfs_attr_put_search_ctx(ctx);
get_ctx_vol_failed:
unmap_mft_record(NTFS_I(vol->vol_ino));
}
vi = (struct volume_information *)((char *)ctx->attr +
le16_to_cpu(ctx->attr->data.resident.value_offset));
- /* Some bounds checks. */
- if ((u8 *)vi < (u8 *)ctx->attr || (u8 *)vi +
- le32_to_cpu(ctx->attr->data.resident.value_length) >
- (u8 *)ctx->attr + le32_to_cpu(ctx->attr->length))
- goto err_put_vol;
/* Copy the volume flags and version to the struct ntfs_volume structure. */
vol->vol_flags = vi->flags;
vol->major_ver = vi->major_ver;
projects / thirdparty / kernel / linux.git / commitdiff
