{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":343714504,"defaultBranch":"edge","name":"ntfs-3g","ownerLogin":"tuxera","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2021-03-02T09:21:27.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/699213?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1667211306.31724","currentOid":""},"activityList":{"items":[{"before":"1565b01e215c74e5c5f83f3ecde1ed682637dc5a","after":"75dcdc2cf37478fad6c0e3427403d198b554951d","ref":"refs/heads/edge","pushedAt":"2023-06-14T04:21:56.069Z","pushType":"push","commitsCount":3,"pusher":{"login":"unsound","name":"Erik Larsson","path":"/unsound","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/310440?s=80&v=4"},"commit":{"message":"unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'.\n\nIf 'utf8_to_unicode' throws an error due to an invalid UTF-8 sequence,\nthen 'n' will be less than 0 and the loop will terminate without storing\nanything in '*t'. After the loop the uppercase string's allocation is\nfreed, however after it is freed it is unconditionally accessed through\n'*t', which points into the freed allocation, for the purpose of NULL-\nterminating the string. This leads to a use-after-free.\nFixed by only NULL-terminating the string when no error has been thrown.\n\nThanks for Jeffrey Bencteux for reporting this issue:\nhttps://github.com/tuxera/ntfs-3g/issues/84","shortMessageHtmlLink":"unistr.c: Fix use-after-free in 'ntfs_uppercase_mbs'."}},{"before":"71ecccf279d3660812b18803a75f368d2f76eea6","after":"1565b01e215c74e5c5f83f3ecde1ed682637dc5a","ref":"refs/heads/edge","pushedAt":"2023-05-17T08:16:44.207Z","pushType":"push","commitsCount":4,"pusher":{"login":"unsound","name":"Erik Larsson","path":"/unsound","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/310440?s=80&v=4"},"commit":{"message":"mft.c: Fix broken free MFT records accounting during bitmap extension.\n\nWhen the bitmap needs extending, 'vol->free_mft_records' is incremented\nby 8*8=64 records. This is due to the bitmap's initialized area being\nextended 8 bytes at a time.\nHowever the way 'vol->free_mft_records' is being initialized is that all\nthe bits that are currently allocated to the MFT bitmap are already\ntaken into account at initialization time. This leads to a value for\n'vol->free_mft_records' that is larger than the actual available number\nof MFT records.\n\nFor example if there are 20 used MFT records and the bitmap has a 4096\nbyte allocation where 16 bytes are initialized, the number of free MFT\nrecords are ((8 * 16) - 20) + (8 * (4096 - 16)) = 32748 records\navailable.\nIf we now expand the bitmap by 8 initialized bytes, we'd be adding 64\nMFT entries according to the logic in the function\n'ntfs_mft_bitmap_extend_initialized'.\nHowever we are expanding it within the bounds of the existing allocation\nwhere there is (4096 - 16) bytes free, so they shouldn't be added at all\nat this stage.\n\nThe result is that our internal accounting is that we have 32748 + 64 =\n32812 available MFT records, but in reality we will have 32748 records\navailable all the time until we expand the allocation beyond 4096 bytes.\n\nFixed by incrementing 'vol->free_mft_records' when the allocation is\nexpanded, not when the initialized size is.","shortMessageHtmlLink":"mft.c: Fix broken free MFT records accounting during bitmap extension."}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAADQP-oNgA","startCursor":null,"endCursor":null}},"title":"Activity · tuxera/ntfs-3g"}