* [PATCH] ntfs: fix s64 overflow in ntfs_mapping_pairs_decompress() @ 2026-04-22 3:05 Zhan Xusheng 2026-04-22 7:45 ` Hyunchul Lee 0 siblings, 1 reply; 8+ messages in thread From: Zhan Xusheng @ 2026-04-22 3:05 UTC (permalink / raw) To: Namjae Jeon; +Cc: linux-fsdevel, linux-kernel, Zhan Xusheng In ntfs_mapping_pairs_decompress(), deltaxcn is decoded from the on-disk mapping pairs array and negative values are rejected, but large positive values up to S64_MAX pass through unchecked. The subsequent `vcn += deltaxcn` can then wrap the s64 accumulator to a negative value, breaking the monotonically-increasing VCN invariant that ntfs_rl_vcn_to_lcn() and related helpers rely on. A crafted NTFS image with a single 8-byte run-length of S64_MAX triggers this when lowest_vcn > 0, leading to incorrect LCN lookups and potential reads/writes to wrong disk sectors. Add an overflow check before the addition and treat the on-disk data as corrupt (-EIO) when the result would exceed S64_MAX. Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com> --- fs/ntfs/runlist.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c index b213b4976d2b..a32affb57d29 100644 --- a/fs/ntfs/runlist.c +++ b/fs/ntfs/runlist.c @@ -823,7 +823,16 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * * element. */ rl[rlpos].length = deltaxcn; - /* Increment the current vcn by the current run length. */ + /* + * Increment the current vcn by the current run length. + * Both are non-negative here; guard against s64 overflow + * from a crafted mapping pairs array to preserve the + * monotonically-increasing vcn invariant. + */ + if (unlikely(deltaxcn > S64_MAX - vcn)) { + ntfs_error(vol->sb, "VCN overflow in mapping pairs array."); + goto err_out; + } vcn += deltaxcn; /* * There might be no lcn change at all, as is the case for -- 2.43.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] ntfs: fix s64 overflow in ntfs_mapping_pairs_decompress() 2026-04-22 3:05 [PATCH] ntfs: fix s64 overflow in ntfs_mapping_pairs_decompress() Zhan Xusheng @ 2026-04-22 7:45 ` Hyunchul Lee 2026-04-22 9:47 ` [PATCH v2] ntfs: fix VCN " Zhan Xusheng 0 siblings, 1 reply; 8+ messages in thread From: Hyunchul Lee @ 2026-04-22 7:45 UTC (permalink / raw) To: Zhan Xusheng; +Cc: Namjae Jeon, linux-fsdevel, linux-kernel, Zhan Xusheng Hello Zhan, 2026년 4월 22일 (수) 오후 12:08, Zhan Xusheng <zhanxusheng1024@gmail.com>님이 작성: > > In ntfs_mapping_pairs_decompress(), deltaxcn is decoded from the > on-disk mapping pairs array and negative values are rejected, but > large positive values up to S64_MAX pass through unchecked. The > subsequent `vcn += deltaxcn` can then wrap the s64 accumulator to a > negative value, breaking the monotonically-increasing VCN invariant > that ntfs_rl_vcn_to_lcn() and related helpers rely on. > > A crafted NTFS image with a single 8-byte run-length of S64_MAX > triggers this when lowest_vcn > 0, leading to incorrect LCN lookups > and potential reads/writes to wrong disk sectors. > > Add an overflow check before the addition and treat the on-disk data > as corrupt (-EIO) when the result would exceed S64_MAX. > > Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com> > --- > fs/ntfs/runlist.c | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c > index b213b4976d2b..a32affb57d29 100644 > --- a/fs/ntfs/runlist.c > +++ b/fs/ntfs/runlist.c > @@ -823,7 +823,16 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * > * element. > */ > rl[rlpos].length = deltaxcn; > - /* Increment the current vcn by the current run length. */ > + /* > + * Increment the current vcn by the current run length. > + * Both are non-negative here; guard against s64 overflow > + * from a crafted mapping pairs array to preserve the > + * monotonically-increasing vcn invariant. > + */ > + if (unlikely(deltaxcn > S64_MAX - vcn)) { > + ntfs_error(vol->sb, "VCN overflow in mapping pairs array."); > + goto err_out; > + } > vcn += deltaxcn; Could you use check_add_overflow() here? In addition, attr->data.non_resident.lowest_vcn also needs to be validated with overflows_type(). > /* > * There might be no lcn change at all, as is the case for > -- > 2.43.0 > > -- Thanks, Hyunchul ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2] ntfs: fix VCN overflow in ntfs_mapping_pairs_decompress() 2026-04-22 7:45 ` Hyunchul Lee @ 2026-04-22 9:47 ` Zhan Xusheng 2026-04-22 23:57 ` Hyunchul Lee 0 siblings, 1 reply; 8+ messages in thread From: Zhan Xusheng @ 2026-04-22 9:47 UTC (permalink / raw) To: Hyunchul Lee; +Cc: linux-fsdevel, linux-kernel, Zhan Xusheng In ntfs_mapping_pairs_decompress(), lowest_vcn is read from on-disk metadata and used as the initial vcn without validation. A malformed value can introduce an invalid (e.g. negative) vcn, corrupting the runlist from the start. Additionally, the accumulation vcn += deltaxcn does not check for s64 overflow. A crafted mapping pairs array can wrap vcn to a negative value, breaking the monotonically- increasing invariant relied upon by ntfs_rl_vcn_to_lcn() and related helpers. Fix this by validating lowest_vcn and using check_add_overflow() for vcn accumulation. Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com> --- v2: - Validate lowest_vcn from on-disk metadata - Use check_add_overflow() for vcn accumulation --- fs/ntfs/runlist.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c index b213b4976d2b..ee68258ebffb 100644 --- a/fs/ntfs/runlist.c +++ b/fs/ntfs/runlist.c @@ -749,6 +749,12 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * #endif /* Start at vcn = lowest_vcn and lcn 0. */ vcn = le64_to_cpu(attr->data.non_resident.lowest_vcn); + /* Validate lowest_vcn from on-disk metadata to ensure it is sane. */ + if (unlikely(vcn < 0)) { + ntfs_error(vol->sb, "Invalid lowest_vcn in mapping pairs."); + goto err_out; + } + lcn = 0; /* Get start of the mapping pairs array. */ buf = (u8 *)attr + @@ -823,8 +829,17 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * * element. */ rl[rlpos].length = deltaxcn; - /* Increment the current vcn by the current run length. */ - vcn += deltaxcn; + /* + * Increment the current vcn by the current run length. + * Guard against s64 overflow from a crafted mapping + * pairs array to preserve the monotonically-increasing + * vcn invariant. + */ + if (unlikely(check_add_overflow(vcn, deltaxcn, &vcn))) { + ntfs_error(vol->sb, "VCN overflow in mapping pairs array."); + goto err_out; + } + /* * There might be no lcn change at all, as is the case for * sparse clusters on NTFS 3.0+, in which case we set the lcn -- 2.43.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v2] ntfs: fix VCN overflow in ntfs_mapping_pairs_decompress() 2026-04-22 9:47 ` [PATCH v2] ntfs: fix VCN " Zhan Xusheng @ 2026-04-22 23:57 ` Hyunchul Lee 2026-04-23 4:52 ` [PATCH v3] " Zhan Xusheng 2026-04-27 0:18 ` [PATCH v2] " Hyunchul Lee 0 siblings, 2 replies; 8+ messages in thread From: Hyunchul Lee @ 2026-04-22 23:57 UTC (permalink / raw) To: Zhan Xusheng; +Cc: linux-fsdevel, linux-kernel, Zhan Xusheng 2026년 4월 22일 (수) 오후 6:47, Zhan Xusheng <zhanxusheng1024@gmail.com>님이 작성: > > In ntfs_mapping_pairs_decompress(), lowest_vcn is read from > on-disk metadata and used as the initial vcn without validation. > A malformed value can introduce an invalid (e.g. negative) vcn, > corrupting the runlist from the start. > > Additionally, the accumulation > vcn += deltaxcn > > does not check for s64 overflow. A crafted mapping pairs array > can wrap vcn to a negative value, breaking the monotonically- > increasing invariant relied upon by ntfs_rl_vcn_to_lcn() and > related helpers. > > Fix this by validating lowest_vcn and using check_add_overflow() > for vcn accumulation. > > Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com> > --- > v2: > - Validate lowest_vcn from on-disk metadata > - Use check_add_overflow() for vcn accumulation > --- > fs/ntfs/runlist.c | 19 +++++++++++++++++-- > 1 file changed, 17 insertions(+), 2 deletions(-) > > diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c > index b213b4976d2b..ee68258ebffb 100644 > --- a/fs/ntfs/runlist.c > +++ b/fs/ntfs/runlist.c > @@ -749,6 +749,12 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * > #endif > /* Start at vcn = lowest_vcn and lcn 0. */ > vcn = le64_to_cpu(attr->data.non_resident.lowest_vcn); > + /* Validate lowest_vcn from on-disk metadata to ensure it is sane. */ > + if (unlikely(vcn < 0)) { > + ntfs_error(vol->sb, "Invalid lowest_vcn in mapping pairs."); > + goto err_out; > + } How about using overflows_type() ? And please include <linux/overflow.h>. > + > lcn = 0; > /* Get start of the mapping pairs array. */ > buf = (u8 *)attr + > @@ -823,8 +829,17 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * > * element. > */ > rl[rlpos].length = deltaxcn; > - /* Increment the current vcn by the current run length. */ > - vcn += deltaxcn; > + /* > + * Increment the current vcn by the current run length. > + * Guard against s64 overflow from a crafted mapping > + * pairs array to preserve the monotonically-increasing > + * vcn invariant. > + */ > + if (unlikely(check_add_overflow(vcn, deltaxcn, &vcn))) { > + ntfs_error(vol->sb, "VCN overflow in mapping pairs array."); > + goto err_out; > + } > + > /* > * There might be no lcn change at all, as is the case for > * sparse clusters on NTFS 3.0+, in which case we set the lcn > -- > 2.43.0 > -- Thanks, Hyunchul ^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v3] ntfs: fix VCN overflow in ntfs_mapping_pairs_decompress() 2026-04-22 23:57 ` Hyunchul Lee @ 2026-04-23 4:52 ` Zhan Xusheng 2026-04-27 4:52 ` Hyunchul Lee 2026-04-27 13:34 ` Namjae Jeon 2026-04-27 0:18 ` [PATCH v2] " Hyunchul Lee 1 sibling, 2 replies; 8+ messages in thread From: Zhan Xusheng @ 2026-04-23 4:52 UTC (permalink / raw) To: Konstantin Komarov; +Cc: linux-kernel, Zhan Xusheng In ntfs_mapping_pairs_decompress(), lowest_vcn is read from on-disk metadata and used as the initial vcn without validation. A malformed value can introduce an invalid (e.g. negative) vcn, corrupting the runlist from the start. Additionally, the accumulation vcn += deltaxcn does not check for s64 overflow. A crafted mapping pairs array can wrap vcn to a negative value, breaking the monotonically- increasing invariant relied upon by ntfs_rl_vcn_to_lcn() and related helpers. Fix this by validating lowest_vcn and using check_add_overflow() for vcn accumulation. Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com> --- v3: - Use overflows_type() for lowest_vcn validation (Hyunchul) v2: - Validate lowest_vcn from on-disk metadata - Use check_add_overflow() for vcn accumulation --- fs/ntfs/runlist.c | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c index b213b4976d2b..be6ca3d374bb 100644 --- a/fs/ntfs/runlist.c +++ b/fs/ntfs/runlist.c @@ -15,6 +15,8 @@ * Copyright (c) 2007-2022 Jean-Pierre Andre */ +#include <linux/overflow.h> + #include "ntfs.h" #include "attrib.h" @@ -739,6 +741,7 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * int rlsize; /* Size of runlist buffer. */ u16 rlpos; /* Current runlist position in units of struct runlist_elements. */ u8 b; /* Current byte offset in buf. */ + u64 lowest_vcn; /* Raw on-disk lowest_vcn. */ #ifdef DEBUG /* Make sure attr exists and is non-resident. */ @@ -747,8 +750,14 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * return ERR_PTR(-EINVAL); } #endif + lowest_vcn = le64_to_cpu(attr->data.non_resident.lowest_vcn); + /* Validate lowest_vcn from on-disk metadata to ensure it is sane. */ + if (overflows_type(lowest_vcn, vcn)) { + ntfs_error(vol->sb, "Invalid lowest_vcn in mapping pairs."); + goto err_out; + } /* Start at vcn = lowest_vcn and lcn 0. */ - vcn = le64_to_cpu(attr->data.non_resident.lowest_vcn); + vcn = lowest_vcn; lcn = 0; /* Get start of the mapping pairs array. */ buf = (u8 *)attr + @@ -823,8 +832,17 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * * element. */ rl[rlpos].length = deltaxcn; - /* Increment the current vcn by the current run length. */ - vcn += deltaxcn; + /* + * Increment the current vcn by the current run length. + * Guard against s64 overflow from a crafted mapping + * pairs array to preserve the monotonically-increasing + * vcn invariant. + */ + if (unlikely(check_add_overflow(vcn, deltaxcn, &vcn))) { + ntfs_error(vol->sb, "VCN overflow in mapping pairs array."); + goto err_out; + } + /* * There might be no lcn change at all, as is the case for * sparse clusters on NTFS 3.0+, in which case we set the lcn -- 2.43.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH v3] ntfs: fix VCN overflow in ntfs_mapping_pairs_decompress() 2026-04-23 4:52 ` [PATCH v3] " Zhan Xusheng @ 2026-04-27 4:52 ` Hyunchul Lee 2026-04-27 13:34 ` Namjae Jeon 1 sibling, 0 replies; 8+ messages in thread From: Hyunchul Lee @ 2026-04-27 4:52 UTC (permalink / raw) To: Zhan Xusheng; +Cc: linux-kernel, Zhan Xusheng, linkinjeon Hello Zhan, On Thu, Apr 23, 2026 at 12:52:26PM +0800, Zhan Xusheng wrote: > In ntfs_mapping_pairs_decompress(), lowest_vcn is read from > on-disk metadata and used as the initial vcn without validation. > A malformed value can introduce an invalid (e.g. negative) vcn, > corrupting the runlist from the start. > > Additionally, the accumulation > vcn += deltaxcn > > does not check for s64 overflow. A crafted mapping pairs array > can wrap vcn to a negative value, breaking the monotonically- > increasing invariant relied upon by ntfs_rl_vcn_to_lcn() and > related helpers. > > Fix this by validating lowest_vcn and using check_add_overflow() > for vcn accumulation. > > Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com> The recipient is wrong. Anyway looks good to me. Reviewed-by: Hyunchul Lee <hyc.lee@gmail.com> > --- > v3: > - Use overflows_type() for lowest_vcn validation (Hyunchul) > v2: > - Validate lowest_vcn from on-disk metadata > - Use check_add_overflow() for vcn accumulation > --- > fs/ntfs/runlist.c | 24 +++++++++++++++++++++--- > 1 file changed, 21 insertions(+), 3 deletions(-) > > diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c > index b213b4976d2b..be6ca3d374bb 100644 > --- a/fs/ntfs/runlist.c > +++ b/fs/ntfs/runlist.c > @@ -15,6 +15,8 @@ > * Copyright (c) 2007-2022 Jean-Pierre Andre > */ > > +#include <linux/overflow.h> > + > #include "ntfs.h" > #include "attrib.h" > > @@ -739,6 +741,7 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * > int rlsize; /* Size of runlist buffer. */ > u16 rlpos; /* Current runlist position in units of struct runlist_elements. */ > u8 b; /* Current byte offset in buf. */ > + u64 lowest_vcn; /* Raw on-disk lowest_vcn. */ > > #ifdef DEBUG > /* Make sure attr exists and is non-resident. */ > @@ -747,8 +750,14 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * > return ERR_PTR(-EINVAL); > } > #endif > + lowest_vcn = le64_to_cpu(attr->data.non_resident.lowest_vcn); > + /* Validate lowest_vcn from on-disk metadata to ensure it is sane. */ > + if (overflows_type(lowest_vcn, vcn)) { > + ntfs_error(vol->sb, "Invalid lowest_vcn in mapping pairs."); > + goto err_out; > + } > /* Start at vcn = lowest_vcn and lcn 0. */ > - vcn = le64_to_cpu(attr->data.non_resident.lowest_vcn); > + vcn = lowest_vcn; > lcn = 0; > /* Get start of the mapping pairs array. */ > buf = (u8 *)attr + > @@ -823,8 +832,17 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * > * element. > */ > rl[rlpos].length = deltaxcn; > - /* Increment the current vcn by the current run length. */ > - vcn += deltaxcn; > + /* > + * Increment the current vcn by the current run length. > + * Guard against s64 overflow from a crafted mapping > + * pairs array to preserve the monotonically-increasing > + * vcn invariant. > + */ > + if (unlikely(check_add_overflow(vcn, deltaxcn, &vcn))) { > + ntfs_error(vol->sb, "VCN overflow in mapping pairs array."); > + goto err_out; > + } > + > /* > * There might be no lcn change at all, as is the case for > * sparse clusters on NTFS 3.0+, in which case we set the lcn > -- > 2.43.0 > > -- Thanks, Hyunchul ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v3] ntfs: fix VCN overflow in ntfs_mapping_pairs_decompress() 2026-04-23 4:52 ` [PATCH v3] " Zhan Xusheng 2026-04-27 4:52 ` Hyunchul Lee @ 2026-04-27 13:34 ` Namjae Jeon 1 sibling, 0 replies; 8+ messages in thread From: Namjae Jeon @ 2026-04-27 13:34 UTC (permalink / raw) To: Zhan Xusheng; +Cc: linux-kernel, Zhan Xusheng, Hyunchul Lee On Thu, Apr 23, 2026 at 1:52 PM Zhan Xusheng <zhanxusheng1024@gmail.com> wrote: > > In ntfs_mapping_pairs_decompress(), lowest_vcn is read from > on-disk metadata and used as the initial vcn without validation. > A malformed value can introduce an invalid (e.g. negative) vcn, > corrupting the runlist from the start. > > Additionally, the accumulation > vcn += deltaxcn > > does not check for s64 overflow. A crafted mapping pairs array > can wrap vcn to a negative value, breaking the monotonically- > increasing invariant relied upon by ntfs_rl_vcn_to_lcn() and > related helpers. > > Fix this by validating lowest_vcn and using check_add_overflow() > for vcn accumulation. > > Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com> Applied it to #ntfs-next. Thanks! ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH v2] ntfs: fix VCN overflow in ntfs_mapping_pairs_decompress() 2026-04-22 23:57 ` Hyunchul Lee 2026-04-23 4:52 ` [PATCH v3] " Zhan Xusheng @ 2026-04-27 0:18 ` Hyunchul Lee 1 sibling, 0 replies; 8+ messages in thread From: Hyunchul Lee @ 2026-04-27 0:18 UTC (permalink / raw) To: Zhan Xusheng; +Cc: linux-fsdevel, linux-kernel, Zhan Xusheng, Namjae Jeon 2026년 4월 23일 (목) 오전 8:57, Hyunchul Lee <hyc.lee@gmail.com>님이 작성: > > 2026년 4월 22일 (수) 오후 6:47, Zhan Xusheng <zhanxusheng1024@gmail.com>님이 작성: > > > > In ntfs_mapping_pairs_decompress(), lowest_vcn is read from > > on-disk metadata and used as the initial vcn without validation. > > A malformed value can introduce an invalid (e.g. negative) vcn, > > corrupting the runlist from the start. > > > > Additionally, the accumulation > > vcn += deltaxcn > > > > does not check for s64 overflow. A crafted mapping pairs array > > can wrap vcn to a negative value, breaking the monotonically- > > increasing invariant relied upon by ntfs_rl_vcn_to_lcn() and > > related helpers. > > > > Fix this by validating lowest_vcn and using check_add_overflow() > > for vcn accumulation. > > > > Signed-off-by: Zhan Xusheng <zhanxusheng@xiaomi.com> > > --- > > v2: > > - Validate lowest_vcn from on-disk metadata > > - Use check_add_overflow() for vcn accumulation > > --- > > fs/ntfs/runlist.c | 19 +++++++++++++++++-- > > 1 file changed, 17 insertions(+), 2 deletions(-) > > > > diff --git a/fs/ntfs/runlist.c b/fs/ntfs/runlist.c > > index b213b4976d2b..ee68258ebffb 100644 > > --- a/fs/ntfs/runlist.c > > +++ b/fs/ntfs/runlist.c > > @@ -749,6 +749,12 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * > > #endif > > /* Start at vcn = lowest_vcn and lcn 0. */ > > vcn = le64_to_cpu(attr->data.non_resident.lowest_vcn); > > + /* Validate lowest_vcn from on-disk metadata to ensure it is sane. */ > > + if (unlikely(vcn < 0)) { > > + ntfs_error(vol->sb, "Invalid lowest_vcn in mapping pairs."); > > + goto err_out; > > + } > > How about using overflows_type() ? > And please include <linux/overflow.h>. Just a gentle ping. Please let me know your thoughts. > > > + > > lcn = 0; > > /* Get start of the mapping pairs array. */ > > buf = (u8 *)attr + > > @@ -823,8 +829,17 @@ struct runlist_element *ntfs_mapping_pairs_decompress(const struct ntfs_volume * > > * element. > > */ > > rl[rlpos].length = deltaxcn; > > - /* Increment the current vcn by the current run length. */ > > - vcn += deltaxcn; > > + /* > > + * Increment the current vcn by the current run length. > > + * Guard against s64 overflow from a crafted mapping > > + * pairs array to preserve the monotonically-increasing > > + * vcn invariant. > > + */ > > + if (unlikely(check_add_overflow(vcn, deltaxcn, &vcn))) { > > + ntfs_error(vol->sb, "VCN overflow in mapping pairs array."); > > + goto err_out; > > + } > > + > > /* > > * There might be no lcn change at all, as is the case for > > * sparse clusters on NTFS 3.0+, in which case we set the lcn > > -- > > 2.43.0 > > > > > -- > Thanks, > Hyunchul -- Thanks, Hyunchul ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2026-04-27 13:34 UTC | newest] Thread overview: 8+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2026-04-22 3:05 [PATCH] ntfs: fix s64 overflow in ntfs_mapping_pairs_decompress() Zhan Xusheng 2026-04-22 7:45 ` Hyunchul Lee 2026-04-22 9:47 ` [PATCH v2] ntfs: fix VCN " Zhan Xusheng 2026-04-22 23:57 ` Hyunchul Lee 2026-04-23 4:52 ` [PATCH v3] " Zhan Xusheng 2026-04-27 4:52 ` Hyunchul Lee 2026-04-27 13:34 ` Namjae Jeon 2026-04-27 0:18 ` [PATCH v2] " Hyunchul Lee
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox