[ntfs-3g-devel] [PATCH] Eliminate NTFS_BUG()

NTFS_BUG() was broken because it relied on dereferencing a NULL pointer. This is undefined behavior, and gcc was compiling out the statement. Crashing in library code is also unfriendly in general. There were only two users. Make them just use regular error handling. Signed-off-by: Eric Biggers

[ntfs-3g-devel] [PATCH] unistr.c: fix another buffer overrun in ntfs_utf16_to_utf8()

If an output buffer was provided, ntfs_utf16_to_utf8() limited the output string length without the terminating null to 'outs_len'. This was incorrect because a terminating null was always added to the string, causing a buffer overrun if the output string happened to have exactly the maximum

[ntfs-3g-devel] [PATCH] unistr.c: remove unused function ntfs_file_value_upcase()

ntfs_file_value_upcase() is not called from anywhere in NTFS-3G, seems unlikely to be used by third-party programs, and can be replaced with calling ntfs_name_upcase() directly. So remove it. Signed-off-by: Eric Biggers --- include/ntfs-3g/unistr.h | 3 ---

[ntfs-3g-devel] [PATCH] unistr.c: make utf16_to_utf8_size() always honor @outs_len

utf16_to_utf8_size() was not guaranteed to fail with ENAMETOOLONG if the computed length was greater than @outs_len. This could cause a buffer overrun in ntfs_utf16_to_utf8(). This was a bug introduced by the patches to allow broken Unicode. Fix it. Signed-off-by: Eric Biggers

[ntfs-3g-devel] [PATCH] reparse.c: validate minimum size of mountpoint/symlink reparse points

valid_reparse_data() would read past the end of the reparse point buffer if it was passed a malformed reparse point that had the tag for a mountpoint or a symlink but had a data buffer smaller than expected. Fix this by validating the buffer size. Signed-off-by: Eric Biggers