ntfswipe.c: Fixed writing incorrect $MFTMirr entries in wipe_mft.

The dereferencing of 'offset' and 'usa' from the MFT record wasn't an
le16* dereference but a u8* dereference, leading to only the least
significant byte (little-endian systems) or the most significant byte
(big-endian systems) being part of the value. (So while this bug could
go unnoticed on little-endian systems for volumes with small values of
'usa', it caused even more significant problems on big-endian systems.)

Fixed by properly casting the address to le16* before dereferencing.

diff --git a/ntfsprogs/ntfswipe.c b/ntfsprogs/ntfswipe.c
index d3e8f1e..9abb6c6 100644 (file)
--- a/ntfsprogs/ntfswipe.c
+++ b/ntfsprogs/ntfswipe.c
@@ -739,8 +739,8 @@ static s64 wipe_mft(ntfs_volume *vol, int byte, enum action act)
                                // We have to reduce the update sequence number, or else...
                                u16 offset;
                                u16 usa;
-                               offset = le16_to_cpu(*(buffer + 0x04));
-                               usa = le16_to_cpu(*(buffer + offset));
+                               offset = le16_to_cpu(*((le16*)(buffer + 0x04)));
+                               usa = le16_to_cpu(*((le16*)(buffer + offset)));
                                *((u16*) (buffer + offset)) = cpu_to_le16(usa - 1);
 
                                result = ntfs_attr_mst_pwrite(vol->mftmirr_na, vol->mft_record_size * i,