Re: [PATCH v4 6/6] ntfs: validate resident index root values on lookup

Next message: Andrew Morton: "Re: [PATCH] lib/test_firmware: allocate the configured into_buf size"
Previous message: patchwork-bot+netdevbpf: "Re: [PATCH net-next] net: stmmac: dwmac4: Report DCB feature capability"
In reply to: Namjae Jeon: "Re: [PATCH v4 6/6] ntfs: validate resident index root values on lookup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Namjae Jeon

Date: Fri Jun 05 2026 - 21:41:24 EST

> +static bool ntfs_index_root_attr_value_is_valid(const u8 *value, const u32 value_length)
> +{
> + const struct index_root *ir;
> + u32 index_size;
> + u32 entries_offset;
> + u32 index_length;
> + u32 allocated_size;
> +
> + ir = (const struct index_root *)value;
> + index_size = value_length - offsetof(struct index_root, index);
> + entries_offset = le32_to_cpu(ir->index.entries_offset);
> + index_length = le32_to_cpu(ir->index.index_length);
> + allocated_size = le32_to_cpu(ir->index.allocated_size);
> +
> + if ((entries_offset | index_length | allocated_size) & 7 ||
> + entries_offset < sizeof(struct index_header) ||
> + entries_offset > index_length ||
> + index_length > allocated_size ||
> + allocated_size > index_size ||
If ntfs driver does not use the allocated_size field of index root,
how about removing the allocated_size checks ?
we can also skip the shrink/grow ordering adjustment in
ntfs_ir_truncate() in your 0005 patch.

> + index_length - entries_offset < sizeof(struct index_entry_header))
> + return false;
> +
> + return true;
> +}
> +