On 10/15/22 11:28, Dan Carpenter wrote:
There were two patches which addressed the same bug and added the same condition: commit 6db620863f85 ("fs/ntfs3: Validate data run offset") commit 887bfc546097 ("fs/ntfs3: Fix slab-out-of-bounds read in run_unpack") Delete one condition. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> --- I deleted this one because it was further away from the "roff = " assignement. fs/ntfs3/inode.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c index a31474d697e0..e6143da5b4d6 100644 --- a/fs/ntfs3/inode.c +++ b/fs/ntfs3/inode.c @@ -374,12 +374,6 @@ static struct inode *ntfs_read_mft(struct inode *inode,t64 = le64_to_cpu(attr->nres.svcn); - /* offset to packed runs is out-of-bounds */- if (roff > asize) { - err = -EINVAL; - goto out; - } - err = run_unpack_ex(run, sbi, ino, t64, le64_to_cpu(attr->nres.evcn), t64, Add2Ptr(attr, roff), asize - roff); if (err < 0)
I missed this situation when applying patches. Thanks for catching this.
