!15724 CVE-2024-52560

		if (err)

			goto out;

		attr = mi_find_attr(mi, NULL, type, name, name_len, &le->id);

		attr = mi_find_attr(ni, mi, NULL, type, name, name_len,

				    &le->id);

		if (!attr) {

			err = -EINVAL;

			goto bad_inode;

			goto out;

		}

		attr = mi_find_attr(mi, NULL, ATTR_DATA, NULL, 0, &le->id);

		attr = mi_find_attr(ni, mi, NULL, ATTR_DATA, NULL, 0, &le->id);

		if (!attr) {

			err = -EINVAL;

			goto out;

	 */

	if (!attr->non_res) {

		if (vbo[1] + bytes_per_off > le32_to_cpu(attr->res.data_size)) {

			ntfs_inode_err(&ni->vfs_inode, "is corrupted");

			_ntfs_bad_inode(&ni->vfs_inode);

			return -EINVAL;

		}

		addr = resident_data(attr);

				goto out;

			}

			attr = mi_find_attr(mi, NULL, ATTR_DATA, NULL, 0,

			attr = mi_find_attr(ni, mi, NULL, ATTR_DATA, NULL, 0,

					    &le->id);

			if (!attr) {

				err = -EINVAL;

				}

				/* Look for required attribute. */

				attr = mi_find_attr(mi, NULL, ATTR_DATA, NULL,

						    0, &le->id);

				attr = mi_find_attr(ni, mi, NULL, ATTR_DATA,

						    NULL, 0, &le->id);

				if (!attr) {

					err = -EINVAL;

					goto out;

		ctx->pos = pos;

	} else if (err < 0) {

		if (err == -EINVAL)

			ntfs_inode_err(dir, "directory corrupted");

			_ntfs_bad_inode(dir);

		ctx->pos = eod;

	}

{

	const struct ATTRIB *attr;

	attr = mi_find_attr(&ni->mi, NULL, ATTR_STD, NULL, 0, NULL);

	attr = mi_find_attr(ni, &ni->mi, NULL, ATTR_STD, NULL, 0, NULL);

	return attr ? resident_data_ex(attr, sizeof(struct ATTR_STD_INFO)) :

		      NULL;

}

{

	const struct ATTRIB *attr;

	attr = mi_find_attr(&ni->mi, NULL, ATTR_STD, NULL, 0, NULL);

	attr = mi_find_attr(ni, &ni->mi, NULL, ATTR_STD, NULL, 0, NULL);

	return attr ? resident_data_ex(attr, sizeof(struct ATTR_STD_INFO5)) :

		      NULL;

		goto out;

	err = mi_get(ni->mi.sbi, rno, &r);

	if (err)

	if (err) {

		_ntfs_bad_inode(&ni->vfs_inode);

		return err;

	}

	ni_add_mi(ni, r);

			*mi = &ni->mi;

		/* Look for required attribute in primary record. */

		return mi_find_attr(&ni->mi, attr, type, name, name_len, NULL);

		return mi_find_attr(ni, &ni->mi, attr, type, name, name_len,

				    NULL);

	}

	/* First look for list entry of required type. */

		return NULL;

	/* Look for required attribute. */

	attr = mi_find_attr(m, NULL, type, name, name_len, &le->id);

	attr = mi_find_attr(ni, m, NULL, type, name, name_len, &le->id);

	if (!attr)

		goto out;

	return attr;

out:

	ntfs_inode_err(&ni->vfs_inode, "failed to parse mft record");

	ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR);

	_ntfs_bad_inode(&ni->vfs_inode);

	return NULL;

}

		if (mi)

			*mi = &ni->mi;

		/* Enum attributes in primary record. */

		return mi_enum_attr(&ni->mi, attr);

		return mi_enum_attr(ni, &ni->mi, attr);

	}

	/* Get next list entry. */

		*mi = mi2;

	/* Find attribute in loaded record. */

	return rec_find_attr_le(mi2, le2);

	return rec_find_attr_le(ni, mi2, le2);

}

/*

	if (!ni->attr_list.size) {

		if (pmi)

			*pmi = &ni->mi;

		return mi_find_attr(&ni->mi, NULL, type, name, name_len, NULL);

		return mi_find_attr(ni, &ni->mi, NULL, type, name, name_len,

				    NULL);

	}

	le = al_find_ex(ni, NULL, type, name, name_len, NULL);

	if (pmi)

		*pmi = mi;

	attr = mi_find_attr(mi, NULL, type, name, name_len, &le->id);

	attr = mi_find_attr(ni, mi, NULL, type, name, name_len, &le->id);

	if (!attr)

		return NULL;

	    vcn <= le64_to_cpu(attr->nres.evcn))

		return attr;

	_ntfs_bad_inode(&ni->vfs_inode);

	return NULL;

}

	int diff;

	if (base_only || type == ATTR_LIST || !ni->attr_list.size) {

		attr = mi_find_attr(&ni->mi, NULL, type, name, name_len, id);

		attr = mi_find_attr(ni, &ni->mi, NULL, type, name, name_len,

				    id);

		if (!attr)

			return -ENOENT;

		al_remove_le(ni, le);

		attr = mi_find_attr(mi, NULL, type, name, name_len, id);

		attr = mi_find_attr(ni, mi, NULL, type, name, name_len, id);

		if (!attr)

			return -ENOENT;

		name = le->name;

	}

	attr = mi_insert_attr(mi, type, name, name_len, asize, name_off);

	attr = mi_insert_attr(ni, mi, type, name, name_len, asize, name_off);

	if (!attr) {

		if (le_added)

			al_remove_le(ni, le);

	if (err)

		return err;

	attr_list = mi_find_attr(&ni->mi, NULL, ATTR_LIST, NULL, 0, NULL);

	attr_list = mi_find_attr(ni, &ni->mi, NULL, ATTR_LIST, NULL, 0, NULL);

	if (!attr_list)

		return 0;

		if (!mi)

			return 0;

		attr = mi_find_attr(mi, NULL, le->type, le_name(le),

		attr = mi_find_attr(ni, mi, NULL, le->type, le_name(le),

				    le->name_len, &le->id);

		if (!attr)

			return 0;

			goto out;

		}

		attr = mi_find_attr(mi, NULL, le->type, le_name(le),

		attr = mi_find_attr(ni, mi, NULL, le->type, le_name(le),

				    le->name_len, &le->id);

		if (!attr) {

			/* Should never happened, 'cause already checked. */

		asize = le32_to_cpu(attr->size);

		/* Insert into primary record. */

		attr_ins = mi_insert_attr(&ni->mi, le->type, le_name(le),

		attr_ins = mi_insert_attr(ni, &ni->mi, le->type, le_name(le),

					  le->name_len, asize,

					  le16_to_cpu(attr->name_off));

		if (!attr_ins) {

		if (!mi)

			continue;

		attr = mi_find_attr(mi, NULL, le->type, le_name(le),

		attr = mi_find_attr(ni, mi, NULL, le->type, le_name(le),

				    le->name_len, &le->id);

		if (!attr)

			continue;

	free_b = 0;

	attr = NULL;

	for (; (attr = mi_enum_attr(&ni->mi, attr)); le = Add2Ptr(le, sz)) {

	for (; (attr = mi_enum_attr(ni, &ni->mi, attr)); le = Add2Ptr(le, sz)) {

		sz = le_size(attr->name_len);

		le->type = attr->type;

		le->size = cpu_to_le16(sz);

		u32 asize = le32_to_cpu(b->size);

		u16 name_off = le16_to_cpu(b->name_off);

		attr = mi_insert_attr(mi, b->type, Add2Ptr(b, name_off),

		attr = mi_insert_attr(ni, mi, b->type, Add2Ptr(b, name_off),

				      b->name_len, asize, name_off);

		if (!attr)

			goto out;

			goto out;

	}

	attr = mi_insert_attr(&ni->mi, ATTR_LIST, NULL, 0,

	attr = mi_insert_attr(ni, &ni->mi, ATTR_LIST, NULL, 0,

			      lsize + SIZEOF_RESIDENT, SIZEOF_RESIDENT);

	if (!attr)

		goto out;

		mi = rb_entry(node, struct mft_inode, node);

		if (is_mft_data &&

		    (mi_enum_attr(mi, NULL) ||

		    (mi_enum_attr(ni, mi, NULL) ||

		     vbo <= ((u64)mi->rno << sbi->record_bits))) {

			/* We can't accept this record 'cause MFT's bootstrapping. */

			continue;

		}

		if (is_mft &&

		    mi_find_attr(mi, NULL, ATTR_DATA, NULL, 0, NULL)) {

		    mi_find_attr(ni, mi, NULL, ATTR_DATA, NULL, 0, NULL)) {

			/*

			 * This child record already has a ATTR_DATA.

			 * So it can't accept any other records.

		}

		if ((type != ATTR_NAME || name_len) &&

		    mi_find_attr(mi, NULL, type, name, name_len, NULL)) {

		    mi_find_attr(ni, mi, NULL, type, name, name_len, NULL)) {

			/* Only indexed attributes can share same record. */

			continue;

		}

	/* Estimate the result of moving all possible attributes away. */

	attr = NULL;

	while ((attr = mi_enum_attr(&ni->mi, attr))) {

	while ((attr = mi_enum_attr(ni, &ni->mi, attr))) {

		if (attr->type == ATTR_STD)

			continue;

		if (attr->type == ATTR_LIST)

	attr = NULL;

	for (;;) {

		attr = mi_enum_attr(&ni->mi, attr);

		attr = mi_enum_attr(ni, &ni->mi, attr);

		if (!attr) {

			/* We should never be here 'cause we have already check this case. */

			err = -EINVAL;

	for (node = rb_first(&ni->mi_tree); node; node = rb_next(node)) {

		mi = rb_entry(node, struct mft_inode, node);

		attr = mi_enum_attr(mi, NULL);

		attr = mi_enum_attr(ni, mi, NULL);

		if (!attr) {

			mft_min = mi->rno;

		ni_remove_mi(ni, mi_new);

	}

	attr = mi_find_attr(&ni->mi, NULL, ATTR_DATA, NULL, 0, NULL);

	attr = mi_find_attr(ni, &ni->mi, NULL, ATTR_DATA, NULL, 0, NULL);

	if (!attr) {

		err = -EINVAL;

		goto out;

			continue;

		/* Find attribute in primary record. */

		attr = rec_find_attr_le(&ni->mi, le);

		attr = rec_find_attr_le(ni, &ni->mi, le);

		if (!attr) {

			err = -EINVAL;

			goto out;

		roff = le16_to_cpu(attr->nres.run_off);

		if (roff > asize) {

			_ntfs_bad_inode(&ni->vfs_inode);

			return -EINVAL;

			/* ni_enum_attr_ex checks this case. */

			continue;

		}

		/* run==1 means unpack and deallocate. */

		if (!mi->dirty)

			continue;

		is_empty = !mi_enum_attr(mi, NULL);

		is_empty = !mi_enum_attr(ni, mi, NULL);

		if (is_empty)

			clear_rec_inuse(mi->mrec);

	ntfs_inode_err(inode, "%s", hint);

	make_bad_inode(inode);

	/* Avoid recursion if bad inode is $Volume. */

	if (inode->i_ino != MFT_REC_VOL &&

	    !(sbi->flags & NTFS_FLAGS_LOG_REPLAYING)) {

		ntfs_set_state(sbi, NTFS_DIRTY_ERROR);

	}

}

/*

 * ntfs_set_state

ok:

	if (!index_buf_check(ib, bytes, &vbn)) {

		ntfs_inode_err(&ni->vfs_inode, "directory corrupted");

		ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR);

		_ntfs_bad_inode(&ni->vfs_inode);

		err = -EINVAL;

		goto out;

	}

out:

	if (err == -E_NTFS_CORRUPT) {

		ntfs_inode_err(&ni->vfs_inode, "directory corrupted");

		ntfs_set_state(ni->mi.sbi, NTFS_DIRTY_ERROR);

		_ntfs_bad_inode(&ni->vfs_inode);

		err = -EINVAL;

	}