From e249c5aa34ad42f61951d6d8334facac30c15f3e Mon Sep 17 00:00:00 2001
From: Brian Carrier <carrier@sleuthkit.org>
Date: Tue, 5 May 2009 00:37:06 +0000
Subject: [PATCH] Patch for 2786963 for NTFS infinite loop.

---
 CHANGES.txt    | 3 +++
 tsk3/fs/ntfs.c | 8 ++++++++
 2 files changed, 11 insertions(+)

diff --git a/CHANGES.txt b/CHANGES.txt
index 48f1f11a5..ab39b5b8d 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -94,6 +94,9 @@ for split image files.  Patch by Christopher Siwy.
 
 5/3/09: Update: Abstracted name comparison to file system-specific function.
 
+5/4/09: Bug Fix: NTFS compression infinite loop fix by Jamie Butler.
+Bug 2786963)
+
 ---------------- VERSION 3.0.0 -------------- 
 0/00/00: Update: Many, many, many API changes.
 
diff --git a/tsk3/fs/ntfs.c b/tsk3/fs/ntfs.c
index b8c705229..80b2ef225 100644
--- a/tsk3/fs/ntfs.c
+++ b/tsk3/fs/ntfs.c
@@ -1508,6 +1508,14 @@ ntfs_file_read_special(const TSK_FS_ATTR * a_fs_attr,
                     else {
                         cpylen = a_len - buf_idx;
                     }
+                    // Make sure not to return more bytes than are in the file
+                    if (cpylen >
+                        (a_fs_attr->fs_file->meta->size - (a_offset +
+                                buf_idx)))
+                        cpylen =
+                            (a_fs_attr->fs_file->meta->size - (a_offset +
+                                buf_idx));
+
                     memcpy(&a_buf[buf_idx], &comp.uncomp_buf[byteoffset],
                         cpylen);
 
-- 
GitLab