From nobody Sat Oct 02 15:44:24 2021 X-Original-To: ports-bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B00B917E6DA9 for ; Sat, 2 Oct 2021 15:44:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HMB9h4VzJz4gJF for ; Sat, 2 Oct 2021 15:44:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7C31315B41 for ; Sat, 2 Oct 2021 15:44:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 192FiOpg094297 for ; Sat, 2 Oct 2021 15:44:24 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 192FiOVO094296 for ports-bugs@FreeBSD.org; Sat, 2 Oct 2021 15:44:24 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 258870] sysutils/fusefs-ntfs -- ntfs-3g can crash if MFT has unexpected attributes Date: Sat, 02 Oct 2021 15:44:24 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: rtm@lcs.mit.edu X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Ports bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-ports-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports-bugs@freebsd.org X-BeenThere: freebsd-ports-bugs@freebsd.org MIME-Version: 1.0 X-ThisMailContainsUnwantedMimeParts: N https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258870 Bug ID: 258870 Summary: sysutils/fusefs-ntfs -- ntfs-3g can crash if MFT has unexpected attributes Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: rtm@lcs.mit.edu CC: freebsd@dussan.org Flags: maintainer-feedback?(freebsd@dussan.org) CC: freebsd@dussan.org Created attachment 228379 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D228379&action= =3Dedit sysutils/fusefs-ntfs -- an NTFS disk image that causes ntfs-3g to crash The attached NTFS disk image causes ntfs-3g (from fusefs-ntfs-2017.3.23) to crash. % gunzip ntx3.img.gz % sudo mdconfig -f ntx3.img % sudo ntfs-3g /dev/md0p1 /mnt Segmentation fault It looks like the problem is that ntx3.img has attributes on the MFT which ntfs-3g doesn't expect; this causes ntfs_attr_lookup() to call ntfs_external_attr_find() (line 3395 of attrib.c) during mount, where I think the code is expecting no attributes and to call ntfs_attr_find(); because in this path vol->mft_na is still NULL (it hasn't yet been set by ntfs_mft_load()), ntfs_extent_inode_open() crashes when it tries to use vol->mft_na. The backtrace: #0 0x00000000400c31ee in ntfs_extent_inode_open (base_ni=3D0x408690a0, mref=3D281474976710655) at inode.c:604 #1 0x00000000400b0112 in ntfs_external_attr_find (type=3DAT_STANDARD_INFORMATION, name=3D0x1ce7c , name_len=3D0, ic=3DCASE_SENSITIVE,=20 lowest_vcn=3D, val=3D0x0, val_len=3D0, ctx=3D0x40819080)= at attrib.c:3177 #2 0x00000000400ad6c8 in ntfs_attr_lookup (type=3DAT_UNUSED, name=3D0xffffffffffff, name_len=3D1082413056, ic=3DCASE_SENSITIVE, lowest_v= cn=3D0,=20 val=3D0x409d8000 "\020", val_len=3D0, ctx=3D0x40819080) at attrib.c:3395 #3 0x00000000400ad196 in ntfs_attr_open (ni=3D0x408690a0, type=3DAT_STANDARD_INFORMATION, name=3D0x1ce7c , name_len=3D0) = at attrib.c:428 #4 0x00000000400b3ad4 in ntfs_attr_readall (ni=3D0x408690a0, type=3DAT_STANDARD_INFORMATION, name=3D0x40845000, name_len=3D0, data_size= =3D0x0) at attrib.c:6658 #5 0x00000000400d6c20 in ntfs_attr_setup_flag (ni=3D) at volume.c:228 #6 0x00000000400d4816 in ntfs_mft_load (vol=3D0x40845000) at volume.c:315 #7 0x00000000400d4640 in ntfs_volume_startup (dev=3D0x4083f030, flags=3D) at volume.c:625 #8 0x00000000400d52f2 in ntfs_device_mount (dev=3D0x0, flags=3D436207616) = at volume.c:929 #9 0x00000000400d63b0 in ntfs_mount (name=3D, flags=3D43620= 7616) at volume.c:1386 My machine: FreeBSD xxx 13.0-RELEASE-p4 FreeBSD 13.0-RELEASE-p4 #0: Tue Aug 24 07:33:27= UTC 2021=20=20=20=20 root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC= =20 amd64 --=20 You are receiving this mail because: You are the assignee for the bug.=