fs/ntfs3: fix mount failure for sparse runs in run_unpack()

Some NTFS volumes failed to mount because sparse data runs were not
handled correctly during runlist unpacking. The code performed arithmetic
on the special SPARSE_LCN64 marker, leading to invalid LCN values and
mount errors.

Add an explicit check for the case described above, marking the run as
sparse without applying arithmetic.

Fixes: 736fc7bf5f68 ("fs: ntfs3: Fix integer overflow in run_unpack()")
Cc: stable@vger.kernel.org
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>

diff --git a/fs/ntfs3/run.c b/fs/ntfs3/run.c
index 88550085f7457579c2fab9e2ebf2347ef1b4c7e4..5df55e4adbb114eac49e38ab2c3da6485abb45d4 100644 (file)
--- a/fs/ntfs3/run.c
+++ b/fs/ntfs3/run.c
@@ -984,8 +984,12 @@ int run_unpack(struct runs_tree *run, struct ntfs_sb_info *sbi, CLST ino,
                        if (!dlcn)
                                return -EINVAL;
 
-                       if (check_add_overflow(prev_lcn, dlcn, &lcn))
+                       /* Check special combination: 0 + SPARSE_LCN64. */
+                       if (!prev_lcn && dlcn == SPARSE_LCN64) {
+                               lcn = SPARSE_LCN64;
+                       } else if (check_add_overflow(prev_lcn, dlcn, &lcn)) {
                                return -EINVAL;
+                       }
                        prev_lcn = lcn;
                } else {
                        /* The size of 'dlcn' can't be > 8. */