Crash on `Record::fixup` `sector_position_end` out of bounds of data length and about ntfs HOT 3 CLOSED

@ColinFinck Hey, thanks for all the explanations, make sense now. And ye this fixes all the new issues I had so you can make a minor bug fix with the changes.
I am fuzzing the latest version and it looks very promising ! No crashes nor infinite loops so far. I am gonna let it run for a while to see if it can found deeper bug but so far so good, I'll get back to you if I find something

from ntfs.

The fix 441ea7b for #24 introduced a new bug because sector_position_end still needs to be verified inside the loop because it is incremented at each iteration and so still needs to be checked.

sector_position begins at NTFS_BLOCK_SIZE - mem::size_of::<u16>().
sector_position_end begins at sector_position + mem::size_of::<u16>(), hence it effectively begins at NTFS_BLOCK_SIZE.

Both variables are incremented by NTFS_BLOCK_SIZE in each iteration.

The loop runs while array_position < array_end.
array_position begins at update_sequence_array_start(), which equals update_sequence_offset() + mem::size_of::<u16>().
array_end is set to update_sequence_offset() + update_sequence_size(), which equals update_sequence_offset() + update_sequence_count * mem::size_of::<u16>().
I'm incrementing array_position by mem::size_of::<u16>() in every iteration.

So to determine the number of iterations, we can calculate:

NumberOfIterations = (array_end - array_position) / mem::size_of::<u16>()
                   = (update_sequence_offset() + update_sequence_count * mem::size_of::<u16>() - update_sequence_offset() - mem::size_of::<u16>()) / mem::size_of::<u16>()
                   = (update_sequence_count * mem::size_of::<u16>() - mem::size_of::<u16>()) / mem::size_of::<u16>()
                   = update_sequence_count - 1

As a result, we know that sector_position_end will be set to (update_sequence_count - 1) * NTFS_BLOCK_SIZE at the end of the loop.
update_sequence_count - 1 is actually what I wanted to calculate in update_sequence_array_count().
Unfortunately, this also proves that I indeed messed up, because I'm subtracting mem::size_of::<u16>() there instead of just 1.
However, this calculation also shows that I can safely determine the final value of sector_position_end beforehand, which is what I'm doing with the newly introduced sectors_end variable in 441ea7b.

All of this can likely be simplified. But it's not necessary to check sector_position_end in every iteration when we know the final value beforehand and can just check that once.

from ntfs.

Fixed this and #26 in 5cc2416
Please let me know if that fixes the particular crash you were hitting, then I will publish a bugfix release 0.3.1

from ntfs.