Leading zeros in the Cluster Chain Run of an NTFS MFT record?

Question

I have an example pulled from a hard disk at my house where the NTFS $MFT file contains zeros in the least-significant places of the Cluster Chain Run. Interpreted little-endian, this doesn't make any sense and I'm confused. Can someone explain why these bytes would be here since the field could simply be shorter without them?

In the image below, the large outlines are the FILE header and the Attribute Blocks. In teal, I've highligted the fixup values. In yellow, I've highlighted the pieces of the Cluster Chain Run of the Data attribute block. In red, I've circled two bytes that don't make sense being zeros. Can this be explained?

Caveat: The reason I got into this is because this hard disk experienced thousands of bad sectors. I'm sluething around trying to learn about how a person might recover data. So, if your answer is "you have corruption on the disk", technically that could be a valid answer, but it doesn't seem likely since the fixup values are correct.

Answer 1

I believe the reason is that those numbers are signed. If the leading zeros were missing, they could be interpreted as negative numbers, because their first bit is 1.

For example, in your first red circle, we have the beginning of the number 0x00cc1b1d which is equal to 13,376,285 decimal.

If you removed the leading zeros, you would get 0xcc1b1d, and since it's signed, its value would be -3,400,931. When you have a signed number, by adding leading zeros, you can essentially unsign it.

Another way to put it is that with 3 bytes, you can represent values from 0 to 16,777,215. But if it's signed, the values you can represent are from -8,388,608 to 8,388,607 so the value 13,376,285 we need in this example can not be represented unless you add a 4th byte.