a huge ntfs log file can cause log_read_rst() to loop forever

rtm@xxxxxxxxxxxxx · Mon, 29 Jan 2024 13:21:49 -0500

I've attached an ntfs image that causes log_read_rst() to loop forever.

If the ntfs log file has a length near 2^32, then this for-loop in log_read_rst():

        u32 skip, vbo;

        if (first) {
                vbo = 0;
                skip = 512;
        } else {
                vbo = 512;
                skip = 0;
        }

        for (; vbo < l_size; vbo = 2 * vbo + skip, skip = 0) {

will cause vbo to wrap around to zero, at which point (since skip will
also be zero) the loop won't terminate.

# uname -a
Linux ubuntu66 6.7.0-11091-g296455ade1fd #5 SMP PREEMPT_DYNAMIC Fri Jan 19 15:38:07 EST 2024 x86_64 x86_64 x86_64 GNU/Linux
# gunzip -c < ntfs39a.img.gz > ntfs39a.img
# mount -t ntfs3 -o loop,rw junk /mnt
... never returns

Robert Morris
rtm@xxxxxxxxxxxxx

Attachment:
ntfs39a.img.gz

Description: Binary data