From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Date: Mon, 9 Feb 2026 15:07:32 +0000 (+0100)
Subject: fs/ntfs3: avoid calling run_get_entry() when run == NULL in ntfs_read_run_nb_ra()
X-Git-Tag: v6.19.6~441
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b8a4ef4b984b91a36b0fbd7ed14fcd983c5f348f;p=thirdparty%2Fkernel%2Fstable.git

fs/ntfs3: avoid calling run_get_entry() when run == NULL in ntfs_read_run_nb_ra()

[ Upstream commit c5226b96c08a010ebef5fdf4c90572bcd89e4299 ]

When ntfs_read_run_nb_ra() is invoked with run == NULL the code later
assumes run is valid and may call run_get_entry(NULL, ...), and also
uses clen/idx without initializing them. Smatch reported uninitialized
variable warnings and this can lead to undefined behaviour. This patch
fixes it.

Reported-by: kernel test robot <lkp@intel.com>
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/r/202512230646.v5hrYXL0-lkp@intel.com/
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/fs/ntfs3/fsntfs.c b/fs/ntfs3/fsntfs.c
index bd67ba7b50153..ea5b673462c35 100644
--- a/fs/ntfs3/fsntfs.c
+++ b/fs/ntfs3/fsntfs.c
@@ -1252,6 +1252,12 @@ int ntfs_read_run_nb(struct ntfs_sb_info *sbi, const struct runs_tree *run,
 
 		} while (len32);
 
+		if (!run) {
+			err = -EINVAL;
+			goto out;
+		}
+
+		/* Get next fragment to read. */
 		vcn_next = vcn + clen;
 		if (!run_get_entry(run, ++idx, &vcn, &lcn, &clen) ||
 		    vcn != vcn_next) {