1 /*-
2 * Copyright (c) 2011 Michihiro NAKAJIMA
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26 #include "archive_platform.h"
27
28 #ifdef HAVE_ERRNO_H
29 #include <errno.h>
30 #endif
31 #if HAVE_STDINT_H
32 #include <stdint.h>
33 #endif
34 #ifdef HAVE_STDLIB_H
35 #include <stdlib.h>
36 #endif
37 #ifdef HAVE_BZLIB_H
38 #include <bzlib.h>
39 #endif
40 #ifdef HAVE_LZMA_H
41 #include <lzma.h>
42 #endif
43 #ifdef HAVE_ZLIB_H
44 #include <zlib.h>
45 #endif
46 #ifdef HAVE_ZSTD_H
47 #include <zstd.h>
48 #endif
49
50 #include "archive.h"
51 #include "archive_entry.h"
52 #include "archive_entry_locale.h"
53 #include "archive_ppmd7_private.h"
54 #include "archive_private.h"
55 #include "archive_read_private.h"
56 #include "archive_time_private.h"
57 #include "archive_endian.h"
58
59 #ifndef HAVE_ZLIB_H
60 #include "archive_crc32.h"
61 #endif
62
63 #define _7ZIP_SIGNATURE "7z\xBC\xAF\x27\x1C"
64 #define SFX_MIN_ADDR 0x27000
65 #define SFX_MAX_ADDR 0x60000
66 #define SFX_MAX_OFFSET (SFX_MAX_ADDR - SFX_MIN_ADDR)
67
68 /*
69 * PE format
70 */
71 #define PE_DOS_HDR_LEN 0x40
72 #define PE_DOS_HDR_ELFANEW_OFFSET 0x3c
73 #define PE_COFF_HDR_LEN 0x18
74 #define PE_COFF_HDR_SEC_CNT_OFFSET 0x6
75 #define PE_COFF_HDR_OPT_SZ_OFFSET 0x14
76 #define PE_SEC_HDR_LEN 0x28
77 #define PE_SEC_HDR_RAW_ADDR_OFFSET 0x14
78 #define PE_SEC_HDR_RAW_SZ_OFFSET 0x10
79
80 /*
81 * ELF format
82 */
83 #define ELF_HDR_MIN_LEN 0x3f
84 #define ELF_HDR_EI_CLASS_OFFSET 0x04
85 #define ELF_HDR_EI_DATA_OFFSET 0x05
86
87 /*
88 * Codec ID
89 */
90 #define _7Z_COPY 0
91 #define _7Z_LZMA 0x030101
92 #define _7Z_LZMA2 0x21
93 #define _7Z_DEFLATE 0x040108
94 #define _7Z_BZ2 0x040202
95 #define _7Z_PPMD 0x030401
96 #define _7Z_DELTA 0x03
97 #define _7Z_CRYPTO_MAIN_ZIP 0x06F10101 /* Main Zip crypto algo */
98 #define _7Z_CRYPTO_RAR_29 0x06F10303 /* Rar29 AES-128 + (modified SHA-1) */
99 #define _7Z_CRYPTO_AES_256_SHA_256 0x06F10701 /* AES-256 + SHA-256 */
100
101
102 #define _7Z_X86 0x03030103
103 #define _7Z_X86_BCJ2 0x0303011B
104 #define _7Z_POWERPC 0x03030205
105 #define _7Z_IA64 0x03030401
106 #define _7Z_ARM 0x03030501
107 #define _7Z_ARMTHUMB 0x03030701
108 #define _7Z_ARM64 0xa
109 #define _7Z_RISCV 0xb
110 #define _7Z_SPARC 0x03030805
111
112 #define _7Z_ZSTD 0x4F71101 /* Copied from https://github.com/mcmilk/7-Zip-zstd.git */
113
114 /*
115 * 7-Zip header property IDs.
116 */
117 #define kEnd 0x00
118 #define kHeader 0x01
119 #define kArchiveProperties 0x02
120 #define kAdditionalStreamsInfo 0x03
121 #define kMainStreamsInfo 0x04
122 #define kFilesInfo 0x05
123 #define kPackInfo 0x06
124 #define kUnPackInfo 0x07
125 #define kSubStreamsInfo 0x08
126 #define kSize 0x09
127 #define kCRC 0x0A
128 #define kFolder 0x0B
129 #define kCodersUnPackSize 0x0C
130 #define kNumUnPackStream 0x0D
131 #define kEmptyStream 0x0E
132 #define kEmptyFile 0x0F
133 #define kAnti 0x10
134 #define kName 0x11
135 #define kCTime 0x12
136 #define kATime 0x13
137 #define kMTime 0x14
138 #define kAttributes 0x15
139 #define kEncodedHeader 0x17
140 #define kDummy 0x19
141
142 // Check that some windows file attribute constants are defined.
143 // Reference: https://learn.microsoft.com/en-us/windows/win32/fileio/file-attribute-constants
144 #ifndef FILE_ATTRIBUTE_READONLY
145 #define FILE_ATTRIBUTE_READONLY 0x00000001
146 #endif
147
148 #ifndef FILE_ATTRIBUTE_HIDDEN
149 #define FILE_ATTRIBUTE_HIDDEN 0x00000002
150 #endif
151
152 #ifndef FILE_ATTRIBUTE_SYSTEM
153 #define FILE_ATTRIBUTE_SYSTEM 0x00000004
154 #endif
155
156 #ifndef FILE_ATTRIBUTE_DIRECTORY
157 #define FILE_ATTRIBUTE_DIRECTORY 0x00000010
158 #endif
159
160 // This value is defined in 7zip with the comment "trick for Unix".
161 //
162 // 7z archives created on unix have this bit set in the high 16 bits of
163 // the attr field along with the unix permissions.
164 #define FILE_ATTRIBUTE_UNIX_EXTENSION 0x8000
165
166 struct _7z_digests {
167 unsigned char *defineds;
168 uint32_t *digests;
169 };
170
171 struct _7z_folder {
172 uint64_t numCoders;
173 struct _7z_coder {
174 unsigned long codec;
175 uint64_t numInStreams;
176 uint64_t numOutStreams;
177 uint64_t propertiesSize;
178 unsigned char *properties;
179 } *coders;
180 uint64_t numBindPairs;
181 struct {
182 uint64_t inIndex;
183 uint64_t outIndex;
184 } *bindPairs;
185 uint64_t numPackedStreams;
186 uint64_t *packedStreams;
187 uint64_t numInStreams;
188 uint64_t numOutStreams;
189 uint64_t *unPackSize;
190 unsigned char digest_defined;
191 uint32_t digest;
192 uint64_t numUnpackStreams;
193 uint32_t packIndex;
194 /* Unoperated bytes. */
195 uint64_t skipped_bytes;
196 };
197
198 struct _7z_coders_info {
199 uint64_t numFolders;
200 struct _7z_folder *folders;
201 uint64_t dataStreamIndex;
202 };
203
204 struct _7z_pack_info {
205 uint64_t pos;
206 uint64_t numPackStreams;
207 uint64_t *sizes;
208 struct _7z_digests digest;
209 /* Calculated from pos and numPackStreams. */
210 uint64_t *positions;
211 };
212
213 struct _7z_substream_info {
214 size_t unpack_streams;
215 uint64_t *unpackSizes;
216 unsigned char *digestsDefined;
217 uint32_t *digests;
218 };
219
220 struct _7z_stream_info {
221 struct _7z_pack_info pi;
222 struct _7z_coders_info ci;
223 struct _7z_substream_info ss;
224 };
225
226 struct _7z_header_info {
227 uint64_t dataIndex;
228
229 unsigned char *emptyStreamBools;
230 unsigned char *emptyFileBools;
231 unsigned char *antiBools;
232 unsigned char *attrBools;
233 };
234
235 struct _7zip_entry {
236 size_t name_len;
237 unsigned char *utf16name;
238 #if defined(_WIN32) && !defined(__CYGWIN__) && defined(_DEBUG)
239 const wchar_t *wname;
240 #endif
241 uint32_t folderIndex;
242 uint32_t ssIndex;
243 unsigned flg;
244 #define MTIME_IS_SET (1<<0)
245 #define ATIME_IS_SET (1<<1)
246 #define CTIME_IS_SET (1<<2)
247 #define CRC32_IS_SET (1<<3)
248 #define HAS_STREAM (1<<4)
249
250 int64_t mtime;
251 int64_t atime;
252 int64_t ctime;
253 uint32_t mtime_ns;
254 uint32_t atime_ns;
255 uint32_t ctime_ns;
256 __LA_MODE_T mode;
257 uint32_t attr;
258 };
259
260 struct _7zip {
261 /* Structural information about the archive. */
262 struct _7z_stream_info si;
263
264 int header_is_being_read;
265 int header_is_encoded;
266 uint64_t header_bytes_remaining;
267 unsigned long header_crc32;
268 /* Header offset to check that reading points of the file contents
269 * will not exceed the header. */
270 uint64_t header_offset;
271 /* Base offset of the archive file for a seek in case reading SFX. */
272 uint64_t seek_base;
273
274 /* List of entries */
275 size_t entries_remaining;
276 uint64_t numFiles;
277 struct _7zip_entry *entries;
278 struct _7zip_entry *entry;
279 unsigned char *entry_names;
280
281 /* entry_bytes_remaining is the number of bytes we expect. */
282 int64_t entry_offset;
283 uint64_t entry_bytes_remaining;
284
285 /* Running CRC32 of the decompressed data */
286 unsigned long entry_crc32;
287
288 /* Flags to mark progress of decompression. */
289 char end_of_entry;
290
291 /* Uncompressed buffer control. */
292 #define UBUFF_SIZE (64 * 1024)
293 unsigned char *uncompressed_buffer;
294 unsigned char *uncompressed_buffer_pointer;
295 size_t uncompressed_buffer_size;
296 size_t uncompressed_buffer_bytes_remaining;
297
298 /* Offset of the compressed data. */
299 int64_t stream_offset;
300
301 /*
302 * Decompressing control data.
303 */
304 unsigned folder_index;
305 uint64_t folder_outbytes_remaining;
306 unsigned pack_stream_index;
307 unsigned pack_stream_remaining;
308 uint64_t pack_stream_inbytes_remaining;
309 size_t pack_stream_bytes_unconsumed;
310
311 /* The codec information of a folder. */
312 unsigned long codec;
313 unsigned long codec2;
314
315 /*
316 * Decompressor controllers.
317 */
318 /* Decoding LZMA1 and LZMA2 data. */
319 #ifdef HAVE_LZMA_H
320 lzma_stream lzstream;
321 int lzstream_valid;
322 #endif
323 /* Decoding bzip2 data. */
324 #if defined(HAVE_BZLIB_H) && defined(BZ_CONFIG_ERROR)
325 bz_stream bzstream;
326 int bzstream_valid;
327 #endif
328 /* Decoding deflate data. */
329 #ifdef HAVE_ZLIB_H
330 z_stream stream;
331 int stream_valid;
332 #endif
333 /* Decoding Zstandard data. */
334 #if HAVE_ZSTD_H
335 ZSTD_DStream *zstd_dstream;
336 int zstdstream_valid;
337 #endif
338 /* Decoding PPMd data. */
339 int ppmd7_stat;
340 CPpmd7 ppmd7_context;
341 CPpmd7z_RangeDec range_dec;
342 IByteIn bytein;
343 struct {
344 const unsigned char *next_in;
345 int64_t avail_in;
346 int64_t total_in;
347 int64_t stream_in;
348 unsigned char *next_out;
349 int64_t avail_out;
350 int64_t total_out;
351 int overconsumed;
352 } ppstream;
353 int ppmd7_valid;
354
355 /* Decoding BCJ and BCJ2 data. */
356 uint32_t bcj_state;
357 size_t odd_bcj_size;
358 unsigned char odd_bcj[4];
359 /* Decoding BCJ data. */
360 size_t bcj_prevPosT;
361 uint32_t bcj_prevMask;
362 uint32_t bcj_ip;
363
364 /* Decoding BCJ2 data. */
365 size_t main_stream_bytes_remaining;
366 unsigned char *sub_stream_buff[3];
367 size_t sub_stream_size[3];
368 size_t sub_stream_bytes_remaining[3];
369 unsigned char *tmp_stream_buff;
370 size_t tmp_stream_buff_size;
371 size_t tmp_stream_bytes_avail;
372 size_t tmp_stream_bytes_remaining;
373 #ifdef _LZMA_PROB32
374 #define CProb uint32_t
375 #else
376 #define CProb uint16_t
377 #endif
378 CProb bcj2_p[256 + 2];
379 uint8_t bcj2_prevByte;
380 uint32_t bcj2_range;
381 uint32_t bcj2_code;
382 uint64_t bcj2_outPos;
383
384 /* Filename character-set conversion data. */
385 struct archive_string_conv *sconv;
386
387 char format_name[64];
388
389 /* Custom value that is non-zero if this archive contains encrypted entries. */
390 int has_encrypted_entries;
391 };
392
393 /* Maximum entry size. This limitation prevents reading intentional
394 * corrupted 7-zip files on assuming there are not so many entries in
395 * the files. */
396 #define UMAX_ENTRY ARCHIVE_LITERAL_ULL(100000000)
397
398 static int archive_read_format_7zip_has_encrypted_entries(struct archive_read *);
399 static int archive_read_support_format_7zip_capabilities(struct archive_read *a);
400 static int archive_read_format_7zip_bid(struct archive_read *, int);
401 static int archive_read_format_7zip_cleanup(struct archive_read *);
402 static int archive_read_format_7zip_read_data(struct archive_read *,
403 const void **, size_t *, int64_t *);
404 static int archive_read_format_7zip_read_data_skip(struct archive_read *);
405 static int archive_read_format_7zip_read_header(struct archive_read *,
406 struct archive_entry *);
407 static int check_7zip_header_in_sfx(const char *);
408 static unsigned long decode_codec_id(const unsigned char *, size_t);
409 static int decode_encoded_header_info(struct archive_read *,
410 struct _7z_stream_info *);
411 static int decompress(struct archive_read *, struct _7zip *,
412 void *, size_t *, const void *, size_t *);
413 static ssize_t extract_pack_stream(struct archive_read *, size_t);
414 static uint64_t folder_uncompressed_size(struct _7z_folder *);
415 static void free_CodersInfo(struct _7z_coders_info *);
416 static void free_Digest(struct _7z_digests *);
417 static void free_Folder(struct _7z_folder *);
418 static void free_Header(struct _7z_header_info *);
419 static void free_PackInfo(struct _7z_pack_info *);
420 static void free_StreamsInfo(struct _7z_stream_info *);
421 static void free_SubStreamsInfo(struct _7z_substream_info *);
422 static int free_decompression(struct archive_read *, struct _7zip *);
423 static ssize_t get_uncompressed_data(struct archive_read *, const void **,
424 size_t, size_t);
425 static const unsigned char * header_bytes(struct archive_read *, size_t);
426 static int init_decompression(struct archive_read *, struct _7zip *,
427 const struct _7z_coder *, const struct _7z_coder *);
428 static int parse_7zip_uint64(struct archive_read *, uint64_t *);
429 static int read_Bools(struct archive_read *, unsigned char *, size_t);
430 static int read_CodersInfo(struct archive_read *,
431 struct _7z_coders_info *);
432 static int read_Digests(struct archive_read *, struct _7z_digests *,
433 size_t);
434 static int read_Folder(struct archive_read *, struct _7z_folder *);
435 static int read_Header(struct archive_read *, struct _7z_header_info *,
436 int);
437 static int read_PackInfo(struct archive_read *, struct _7z_pack_info *);
438 static int read_StreamsInfo(struct archive_read *,
439 struct _7z_stream_info *);
440 static int read_SubStreamsInfo(struct archive_read *,
441 struct _7z_substream_info *, struct _7z_folder *, size_t);
442 static int read_Times(struct archive_read *, struct _7z_header_info *,
443 int);
444 static void read_consume(struct archive_read *);
445 static ssize_t read_stream(struct archive_read *, const void **, size_t,
446 size_t);
447 static int seek_pack(struct archive_read *);
448 static int64_t skip_stream(struct archive_read *, size_t);
449 static int skip_sfx(struct archive_read *, const ssize_t);
450 static ssize_t find_pe_overlay(struct archive_read *);
451 static ssize_t find_elf_data_sec(struct archive_read *);
452 static int slurp_central_directory(struct archive_read *, struct _7zip *,
453 struct _7z_header_info *);
454 static int setup_decode_folder(struct archive_read *, struct _7z_folder *,
455 int);
456 static void x86_Init(struct _7zip *);
457 static size_t x86_Convert(struct _7zip *, uint8_t *, size_t);
458 static void arm_Init(struct _7zip *);
459 static size_t arm_Convert(struct _7zip *, uint8_t *, size_t);
460 static size_t arm64_Convert(struct _7zip *, uint8_t *, size_t);
461 static ssize_t Bcj2_Decode(struct _7zip *, uint8_t *, size_t);
462 static size_t sparc_Convert(struct _7zip *, uint8_t *, size_t);
463 static size_t powerpc_Convert(struct _7zip *, uint8_t *, size_t);
464
465
466 int
archive_read_support_format_7zip(struct archive * _a)467 archive_read_support_format_7zip(struct archive *_a)
468 {
469 struct archive_read *a = (struct archive_read *)_a;
470 struct _7zip *zip;
471 int r;
472
473 archive_check_magic(_a, ARCHIVE_READ_MAGIC,
474 ARCHIVE_STATE_NEW, "archive_read_support_format_7zip");
475
476 zip = calloc(1, sizeof(*zip));
477 if (zip == NULL) {
478 archive_set_error(&a->archive, ENOMEM,
479 "Can't allocate 7zip data");
480 return (ARCHIVE_FATAL);
481 }
482
483 /*
484 * Until enough data has been read, we cannot tell about
485 * any encrypted entries yet.
486 */
487 zip->has_encrypted_entries = ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
488
489
490 r = __archive_read_register_format(a,
491 zip,
492 "7zip",
493 archive_read_format_7zip_bid,
494 NULL,
495 archive_read_format_7zip_read_header,
496 archive_read_format_7zip_read_data,
497 archive_read_format_7zip_read_data_skip,
498 NULL,
499 archive_read_format_7zip_cleanup,
500 archive_read_support_format_7zip_capabilities,
501 archive_read_format_7zip_has_encrypted_entries);
502
503 if (r != ARCHIVE_OK)
504 free(zip);
505 return (ARCHIVE_OK);
506 }
507
508 static int
archive_read_support_format_7zip_capabilities(struct archive_read * a)509 archive_read_support_format_7zip_capabilities(struct archive_read * a)
510 {
511 (void)a; /* UNUSED */
512 return (ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA |
513 ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA);
514 }
515
516
517 static int
archive_read_format_7zip_has_encrypted_entries(struct archive_read * _a)518 archive_read_format_7zip_has_encrypted_entries(struct archive_read *_a)
519 {
520 if (_a && _a->format) {
521 struct _7zip * zip = (struct _7zip *)_a->format->data;
522 if (zip) {
523 return zip->has_encrypted_entries;
524 }
525 }
526 return ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
527 }
528
529 static int
archive_read_format_7zip_bid(struct archive_read * a,int best_bid)530 archive_read_format_7zip_bid(struct archive_read *a, int best_bid)
531 {
532 const char *p;
533
534 /* If someone has already bid more than 32, then avoid
535 trashing the look-ahead buffers with a seek. */
536 if (best_bid > 32)
537 return (-1);
538
539 if ((p = __archive_read_ahead(a, 6, NULL)) == NULL)
540 return (0);
541
542 /* If first six bytes are the 7-Zip signature,
543 * return the bid right now. */
544 if (memcmp(p, _7ZIP_SIGNATURE, 6) == 0)
545 return (48);
546
547 /*
548 * It may a 7-Zip SFX archive file. If first two bytes are
549 * 'M' and 'Z' available on Windows or first four bytes are
550 * "\x7F\x45LF" available on posix like system, seek the 7-Zip
551 * signature. While find_pe_overlay can be performed without
552 * performing a seek, find_elf_data_sec requires one,
553 * thus a performance difference between the two is expected.
554 */
555 if ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0) {
556 const ssize_t min_addr = p[0] == 'M' ? find_pe_overlay(a) :
557 find_elf_data_sec(a);
558 ssize_t offset = min_addr;
559 ssize_t window = 4096;
560 ssize_t bytes_avail;
561 while (offset + window <= (min_addr + SFX_MAX_OFFSET)) {
562 const char *buff = __archive_read_ahead(a,
563 offset + window, &bytes_avail);
564 if (buff == NULL) {
565 /* Remaining bytes are less than window. */
566 window >>= 1;
567 if (window < 0x40)
568 return (0);
569 continue;
570 }
571 p = buff + offset;
572 while (p + 32 < buff + bytes_avail) {
573 int step = check_7zip_header_in_sfx(p);
574 if (step == 0)
575 return (48);
576 p += step;
577 }
578 offset = p - buff;
579 }
580 }
581 return (0);
582 }
583
584 static int
check_7zip_header_in_sfx(const char * p)585 check_7zip_header_in_sfx(const char *p)
586 {
587 switch ((unsigned char)p[5]) {
588 case 0x1C:
589 if (memcmp(p, _7ZIP_SIGNATURE, 6) != 0)
590 return (6);
591 /*
592 * Test the CRC because its extraction code has 7-Zip
593 * Magic Code, so we should do this in order not to
594 * make a mis-detection.
595 */
596 if (crc32(0, (const unsigned char *)p + 12, 20)
597 != archive_le32dec(p + 8))
598 return (6);
599 /* Hit the header! */
600 return (0);
601 case 0x37: return (5);
602 case 0x7A: return (4);
603 case 0xBC: return (3);
604 case 0xAF: return (2);
605 case 0x27: return (1);
606 default: return (6);
607 }
608 }
609
610 static int
skip_sfx(struct archive_read * a,const ssize_t min_addr)611 skip_sfx(struct archive_read *a, const ssize_t min_addr)
612 {
613 const void *h;
614 const char *p, *q;
615 size_t skip, offset;
616 ssize_t bytes, window;
617
618 if (__archive_read_seek(a, min_addr, SEEK_SET) < 0)
619 return (ARCHIVE_FATAL);
620
621 offset = 0;
622 window = 1;
623 while (offset + window <= SFX_MAX_ADDR - SFX_MIN_ADDR) {
624 h = __archive_read_ahead(a, window, &bytes);
625 if (h == NULL) {
626 /* Remaining bytes are less than window. */
627 window >>= 1;
628 if (window < 0x40)
629 goto fatal;
630 continue;
631 }
632 if (bytes < 6) {
633 /* This case might happen when window == 1. */
634 window = 4096;
635 continue;
636 }
637 p = (const char *)h;
638 q = p + bytes;
639
640 /*
641 * Scan ahead until we find something that looks
642 * like the 7-Zip header.
643 */
644 while (p + 32 < q) {
645 int step = check_7zip_header_in_sfx(p);
646 if (step == 0) {
647 struct _7zip *zip =
648 (struct _7zip *)a->format->data;
649 skip = p - (const char *)h;
650 __archive_read_consume(a, skip);
651 zip->seek_base = min_addr + offset + skip;
652 return (ARCHIVE_OK);
653 }
654 p += step;
655 }
656 skip = p - (const char *)h;
657 __archive_read_consume(a, skip);
658 offset += skip;
659 if (window == 1)
660 window = 4096;
661 }
662 fatal:
663 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
664 "Couldn't find out 7-Zip header");
665 return (ARCHIVE_FATAL);
666 }
667
668 static ssize_t
find_pe_overlay(struct archive_read * a)669 find_pe_overlay(struct archive_read *a)
670 {
671 const char *h;
672 ssize_t bytes, max_offset, offset, sec_end;
673 ssize_t opt_hdr_sz, sec_cnt;
674
675 for (;;) {
676 /*
677 * Read Dos header to find e_lfanew
678 */
679 h = __archive_read_ahead(a, PE_DOS_HDR_LEN, &bytes);
680 if (h == NULL || h[0] != 'M' || h[1] != 'Z') {
681 break;
682 }
683 offset = archive_le32dec(h + PE_DOS_HDR_ELFANEW_OFFSET);
684
685 /*
686 * Read COFF header to find opt header size and sec cnt
687 */
688 if (bytes < offset + PE_COFF_HDR_LEN) {
689 h = __archive_read_ahead(a, offset + PE_COFF_HDR_LEN,
690 &bytes);
691 if (h == NULL || h[offset] != 'P' ||
692 h[offset + 1] != 'E') {
693 break;
694 }
695 }
696 sec_cnt = archive_le16dec(
697 h + offset + PE_COFF_HDR_SEC_CNT_OFFSET);
698 opt_hdr_sz = archive_le16dec(
699 h + offset + PE_COFF_HDR_OPT_SZ_OFFSET);
700
701 /*
702 * Skip optional header
703 */
704 if (opt_hdr_sz != 0) {
705 offset += PE_COFF_HDR_LEN + opt_hdr_sz;
706 } else {
707 break;
708 }
709
710 /*
711 * Traverse sec table to find max raw offset (i.e., overlay)
712 */
713 if (bytes < offset + sec_cnt * PE_SEC_HDR_LEN) {
714 h = __archive_read_ahead(a,
715 offset + sec_cnt * PE_SEC_HDR_LEN, NULL);
716 if (h == NULL) {
717 break;
718 }
719 }
720 max_offset = offset;
721 while (sec_cnt > 0) {
722 sec_end = archive_le32dec(
723 h + offset + PE_SEC_HDR_RAW_SZ_OFFSET) +
724 archive_le32dec(
725 h + offset + PE_SEC_HDR_RAW_ADDR_OFFSET);
726 if (sec_end > max_offset) {
727 max_offset = sec_end;
728 }
729 offset += PE_SEC_HDR_LEN;
730 sec_cnt--;
731 }
732 return (max_offset);
733 }
734
735 /*
736 * If encounter any weirdness, revert to old brute-force style search
737 */
738 return (SFX_MIN_ADDR);
739 }
740
741 static ssize_t
find_elf_data_sec(struct archive_read * a)742 find_elf_data_sec(struct archive_read *a)
743 {
744 const char *h;
745 char big_endian, format_64;
746 ssize_t bytes, min_addr = SFX_MIN_ADDR;
747 ssize_t request;
748 uint64_t e_shoff, strtab_offset, strtab_size;
749 uint16_t e_shentsize, e_shnum, e_shstrndx;
750 uint16_t (*dec16)(const void *);
751 uint32_t (*dec32)(const void *);
752 uint64_t (*dec64)(const void *);
753
754 for (;;) {
755 /*
756 * Read Elf header to find bitness & endianness
757 */
758 h = __archive_read_ahead(a, ELF_HDR_MIN_LEN, &bytes);
759 if (h == NULL || memcmp(h, "\x7F\x45LF", 4) != 0) {
760 break;
761 }
762 format_64 = h[ELF_HDR_EI_CLASS_OFFSET] == 0x2;
763 big_endian = h[ELF_HDR_EI_DATA_OFFSET] == 0x2;
764 if (big_endian) {
765 dec16 = &archive_be16dec;
766 dec32 = &archive_be32dec;
767 dec64 = &archive_be64dec;
768 } else {
769 dec16 = &archive_le16dec;
770 dec32 = &archive_le32dec;
771 dec64 = &archive_le64dec;
772 }
773
774 /*
775 * Read section header table info
776 */
777 if (format_64) {
778 e_shoff = (*dec64)(h + 0x28);
779 e_shentsize = (*dec16)(h + 0x3A);
780 e_shnum = (*dec16)(h + 0x3C);
781 e_shstrndx = (*dec16)(h + 0x3E);
782 if (e_shnum < e_shstrndx || e_shentsize < 0x28)
783 break;
784
785 } else {
786 e_shoff = (*dec32)(h + 0x20);
787 e_shentsize = (*dec16)(h + 0x2E);
788 e_shnum = (*dec16)(h + 0x30);
789 e_shstrndx = (*dec16)(h + 0x32);
790 if (e_shnum < e_shstrndx || e_shentsize < 0x18)
791 break;
792 }
793
794 /*
795 * Reading the section table to find strtab section
796 */
797 if (__archive_read_seek(a, e_shoff, SEEK_SET) < 0) {
798 break;
799 }
800 if (format_64) {
801 request = (size_t)e_shnum * (size_t)e_shentsize + 0x28;
802 } else {
803 request = (size_t)e_shnum * (size_t)e_shentsize + 0x18;
804 }
805 h = __archive_read_ahead(a, request, &bytes);
806 if (h == NULL) {
807 break;
808 }
809 if (format_64) {
810 strtab_offset = (*dec64)(
811 h + e_shstrndx * e_shentsize + 0x18);
812 strtab_size = (*dec64)(
813 h + e_shstrndx * e_shentsize + 0x20);
814 } else {
815 strtab_offset = (*dec32)(
816 h + e_shstrndx * e_shentsize + 0x10);
817 strtab_size = (*dec32)(
818 h + e_shstrndx * e_shentsize + 0x14);
819 }
820 if (strtab_size < 6 || strtab_size > SIZE_MAX)
821 break;
822
823 /*
824 * Read the STRTAB section to find the .data offset
825 */
826 if (__archive_read_seek(a, strtab_offset, SEEK_SET) < 0) {
827 break;
828 }
829 h = __archive_read_ahead(a, strtab_size, NULL);
830 if (h == NULL) {
831 break;
832 }
833 ssize_t data_sym_offset = -1;
834 for (size_t offset = 0; offset < strtab_size - 6; offset++) {
835 if (memcmp(h + offset, ".data\00", 6) == 0) {
836 data_sym_offset = offset;
837 break;
838 }
839 }
840 if (data_sym_offset == -1) {
841 break;
842 }
843
844 /*
845 * Find the section with the .data name
846 */
847 if (__archive_read_seek(a, e_shoff, SEEK_SET) < 0) {
848 break;
849 }
850 h = __archive_read_ahead(a, (size_t)e_shnum * (size_t)e_shentsize, NULL);
851 if (h == NULL) {
852 break;
853 }
854 ssize_t sec_tbl_offset = 0, name_offset;
855 while (e_shnum > 0) {
856 name_offset = (*dec32)(h + sec_tbl_offset);
857 if (name_offset == data_sym_offset) {
858 if (format_64) {
859 min_addr = (*dec64)(
860 h + sec_tbl_offset + 0x18);
861 } else {
862 min_addr = (*dec32)(
863 h + sec_tbl_offset + 0x10);
864 }
865 break;
866 }
867 sec_tbl_offset += e_shentsize;
868 e_shnum--;
869 }
870 break;
871 }
872
873 __archive_read_seek(a, 0, SEEK_SET);
874 return (min_addr);
875 }
876
877 static int
archive_read_format_7zip_read_header(struct archive_read * a,struct archive_entry * entry)878 archive_read_format_7zip_read_header(struct archive_read *a,
879 struct archive_entry *entry)
880 {
881 struct _7zip *zip = (struct _7zip *)a->format->data;
882 struct _7zip_entry *zip_entry;
883 int r, ret = ARCHIVE_OK;
884 struct _7z_folder *folder = 0;
885 uint64_t fidx = 0;
886
887 /*
888 * It should be sufficient to call archive_read_next_header() for
889 * a reader to determine if an entry is encrypted or not. If the
890 * encryption of an entry is only detectable when calling
891 * archive_read_data(), so be it. We'll do the same check there
892 * as well.
893 */
894 if (zip->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
895 zip->has_encrypted_entries = 0;
896 }
897
898 a->archive.archive_format = ARCHIVE_FORMAT_7ZIP;
899 if (a->archive.archive_format_name == NULL)
900 a->archive.archive_format_name = "7-Zip";
901
902 if (zip->entries == NULL) {
903 struct _7z_header_info header;
904
905 memset(&header, 0, sizeof(header));
906 r = slurp_central_directory(a, zip, &header);
907 free_Header(&header);
908 if (r != ARCHIVE_OK)
909 return (r);
910 zip->entries_remaining = (size_t)zip->numFiles;
911 zip->entry = zip->entries;
912 } else {
913 ++zip->entry;
914 }
915 zip_entry = zip->entry;
916
917 if (zip->entries_remaining <= 0 || zip_entry == NULL)
918 return ARCHIVE_EOF;
919 --zip->entries_remaining;
920
921 zip->entry_offset = 0;
922 zip->end_of_entry = 0;
923 zip->entry_crc32 = crc32(0, NULL, 0);
924
925 /* Setup a string conversion for a filename. */
926 if (zip->sconv == NULL) {
927 zip->sconv = archive_string_conversion_from_charset(
928 &a->archive, "UTF-16LE", 1);
929 if (zip->sconv == NULL)
930 return (ARCHIVE_FATAL);
931 }
932
933 /* Figure out if the entry is encrypted by looking at the folder
934 that is associated to the current 7zip entry. If the folder
935 has a coder with a _7Z_CRYPTO codec then the folder is encrypted.
936 Hence the entry must also be encrypted. */
937 if (zip_entry && zip_entry->folderIndex < zip->si.ci.numFolders) {
938 folder = &(zip->si.ci.folders[zip_entry->folderIndex]);
939 for (fidx=0; folder && fidx<folder->numCoders; fidx++) {
940 switch(folder->coders[fidx].codec) {
941 case _7Z_CRYPTO_MAIN_ZIP:
942 case _7Z_CRYPTO_RAR_29:
943 case _7Z_CRYPTO_AES_256_SHA_256: {
944 archive_entry_set_is_data_encrypted(entry, 1);
945 zip->has_encrypted_entries = 1;
946 break;
947 }
948 }
949 }
950 }
951
952 /* Now that we've checked for encryption, if there were still no
953 * encrypted entries found we can say for sure that there are none.
954 */
955 if (zip->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
956 zip->has_encrypted_entries = 0;
957 }
958
959 if (archive_entry_copy_pathname_l(entry,
960 (const char *)zip_entry->utf16name,
961 zip_entry->name_len, zip->sconv) != 0) {
962 if (errno == ENOMEM) {
963 archive_set_error(&a->archive, ENOMEM,
964 "Can't allocate memory for Pathname");
965 return (ARCHIVE_FATAL);
966 }
967 archive_set_error(&a->archive,
968 ARCHIVE_ERRNO_FILE_FORMAT,
969 "Pathname cannot be converted "
970 "from %s to current locale.",
971 archive_string_conversion_charset_name(zip->sconv));
972 ret = ARCHIVE_WARN;
973 }
974
975 /* Populate some additional entry fields: */
976 archive_entry_set_mode(entry, zip_entry->mode);
977 if (zip_entry->flg & MTIME_IS_SET)
978 archive_entry_set_mtime(entry, zip_entry->mtime,
979 zip_entry->mtime_ns);
980 if (zip_entry->flg & CTIME_IS_SET)
981 archive_entry_set_ctime(entry, zip_entry->ctime,
982 zip_entry->ctime_ns);
983 if (zip_entry->flg & ATIME_IS_SET)
984 archive_entry_set_atime(entry, zip_entry->atime,
985 zip_entry->atime_ns);
986 if (zip_entry->ssIndex != (uint32_t)-1) {
987 zip->entry_bytes_remaining =
988 zip->si.ss.unpackSizes[zip_entry->ssIndex];
989 archive_entry_set_size(entry, zip->entry_bytes_remaining);
990 } else {
991 zip->entry_bytes_remaining = 0;
992 archive_entry_set_size(entry, 0);
993 }
994
995 // These attributes are supported by the windows implementation of archive_write_disk.
996 const int supported_attrs = FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM;
997
998 if (zip_entry->attr & supported_attrs) {
999 char *fflags_text, *ptr;
1000 /* allocate for ",rdonly,hidden,system" */
1001 fflags_text = malloc(22 * sizeof(*fflags_text));
1002 if (fflags_text != NULL) {
1003 ptr = fflags_text;
1004 if (zip_entry->attr & FILE_ATTRIBUTE_READONLY) {
1005 strcpy(ptr, ",rdonly");
1006 ptr = ptr + 7;
1007 }
1008 if (zip_entry->attr & FILE_ATTRIBUTE_HIDDEN) {
1009 strcpy(ptr, ",hidden");
1010 ptr = ptr + 7;
1011 }
1012 if (zip_entry->attr & FILE_ATTRIBUTE_SYSTEM) {
1013 strcpy(ptr, ",system");
1014 ptr = ptr + 7;
1015 }
1016 if (ptr > fflags_text) {
1017 archive_entry_copy_fflags_text(entry,
1018 fflags_text + 1);
1019 }
1020 free(fflags_text);
1021 }
1022 }
1023
1024 /* If there's no body, force read_data() to return EOF immediately. */
1025 if (zip->entry_bytes_remaining < 1)
1026 zip->end_of_entry = 1;
1027
1028 if ((zip_entry->mode & AE_IFMT) == AE_IFLNK) {
1029 unsigned char *symname = NULL;
1030 size_t symsize = 0;
1031
1032 /*
1033 * Symbolic-name is recorded as its contents. We have to
1034 * read the contents at this time.
1035 */
1036 while (zip->entry_bytes_remaining > 0) {
1037 const void *buff;
1038 unsigned char *mem;
1039 size_t size;
1040 int64_t offset;
1041
1042 r = archive_read_format_7zip_read_data(a, &buff,
1043 &size, &offset);
1044 if (r < ARCHIVE_WARN) {
1045 free(symname);
1046 return (r);
1047 }
1048 mem = realloc(symname, symsize + size + 1);
1049 if (mem == NULL) {
1050 free(symname);
1051 archive_set_error(&a->archive, ENOMEM,
1052 "Can't allocate memory for Symname");
1053 return (ARCHIVE_FATAL);
1054 }
1055 symname = mem;
1056 memcpy(symname+symsize, buff, size);
1057 symsize += size;
1058 }
1059 if (symsize == 0) {
1060 /* If there is no symname, handle it as a regular
1061 * file. */
1062 zip_entry->mode &= ~AE_IFMT;
1063 zip_entry->mode |= AE_IFREG;
1064 archive_entry_set_mode(entry, zip_entry->mode);
1065 } else {
1066 struct archive_string_conv* utf8_conv;
1067
1068 symname[symsize] = '\0';
1069
1070 /* Symbolic links are embedded as UTF-8 strings */
1071 utf8_conv = archive_string_conversion_from_charset(&a->archive,
1072 "UTF-8", 1);
1073 if (utf8_conv == NULL) {
1074 free(symname);
1075 return ARCHIVE_FATAL;
1076 }
1077
1078 archive_entry_copy_symlink_l(entry, (const char*)symname, symsize,
1079 utf8_conv);
1080 }
1081 free(symname);
1082 archive_entry_set_size(entry, 0);
1083 }
1084
1085 /* Set up a more descriptive format name. */
1086 snprintf(zip->format_name, sizeof(zip->format_name), "7-Zip");
1087 a->archive.archive_format_name = zip->format_name;
1088
1089 return (ret);
1090 }
1091
1092 static int
archive_read_format_7zip_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1093 archive_read_format_7zip_read_data(struct archive_read *a,
1094 const void **buff, size_t *size, int64_t *offset)
1095 {
1096 struct _7zip *zip;
1097 ssize_t bytes;
1098 int ret = ARCHIVE_OK;
1099
1100 zip = (struct _7zip *)(a->format->data);
1101
1102 if (zip->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
1103 zip->has_encrypted_entries = 0;
1104 }
1105
1106 if (zip->pack_stream_bytes_unconsumed)
1107 read_consume(a);
1108
1109 *offset = zip->entry_offset;
1110 *size = 0;
1111 *buff = NULL;
1112 /*
1113 * If we hit end-of-entry last time, clean up and return
1114 * ARCHIVE_EOF this time.
1115 */
1116 if (zip->end_of_entry)
1117 return (ARCHIVE_EOF);
1118
1119 size_t bytes_to_read = 16 * 1024 * 1024; // Don't try to read more than 16 MB at a time
1120 if ((uint64_t)bytes_to_read > zip->entry_bytes_remaining) {
1121 bytes_to_read = (size_t)zip->entry_bytes_remaining;
1122 }
1123 bytes = read_stream(a, buff, bytes_to_read, 0);
1124 if (bytes < 0)
1125 return ((int)bytes);
1126 if (bytes == 0) {
1127 archive_set_error(&a->archive,
1128 ARCHIVE_ERRNO_FILE_FORMAT,
1129 "Truncated 7-Zip file body");
1130 return (ARCHIVE_FATAL);
1131 }
1132 zip->entry_bytes_remaining -= bytes;
1133 if (zip->entry_bytes_remaining == 0)
1134 zip->end_of_entry = 1;
1135
1136 /* Update checksum */
1137 if ((zip->entry->flg & CRC32_IS_SET) && bytes)
1138 zip->entry_crc32 = crc32(zip->entry_crc32, *buff,
1139 (unsigned)bytes);
1140
1141 /* If we hit the end, swallow any end-of-data marker. */
1142 if (zip->end_of_entry) {
1143 /* Check computed CRC against file contents. */
1144 if ((zip->entry->flg & CRC32_IS_SET) &&
1145 zip->si.ss.digests[zip->entry->ssIndex] !=
1146 zip->entry_crc32) {
1147 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1148 "7-Zip bad CRC: 0x%lx should be 0x%lx",
1149 (unsigned long)zip->entry_crc32,
1150 (unsigned long)zip->si.ss.digests[
1151 zip->entry->ssIndex]);
1152 ret = ARCHIVE_WARN;
1153 }
1154 }
1155
1156 *size = bytes;
1157 *offset = zip->entry_offset;
1158 zip->entry_offset += bytes;
1159
1160 return (ret);
1161 }
1162
1163 static int
archive_read_format_7zip_read_data_skip(struct archive_read * a)1164 archive_read_format_7zip_read_data_skip(struct archive_read *a)
1165 {
1166 struct _7zip *zip;
1167 int64_t bytes_skipped;
1168
1169 zip = (struct _7zip *)(a->format->data);
1170
1171 if (zip->pack_stream_bytes_unconsumed)
1172 read_consume(a);
1173
1174 /* If we've already read to end of data, we're done. */
1175 if (zip->end_of_entry)
1176 return (ARCHIVE_OK);
1177
1178 /*
1179 * If the length is at the beginning, we can skip the
1180 * compressed data much more quickly.
1181 */
1182 bytes_skipped = skip_stream(a, (size_t)zip->entry_bytes_remaining);
1183 if (bytes_skipped < 0)
1184 return (ARCHIVE_FATAL);
1185 zip->entry_bytes_remaining = 0;
1186
1187 /* This entry is finished and done. */
1188 zip->end_of_entry = 1;
1189 return (ARCHIVE_OK);
1190 }
1191
1192 static int
archive_read_format_7zip_cleanup(struct archive_read * a)1193 archive_read_format_7zip_cleanup(struct archive_read *a)
1194 {
1195 struct _7zip *zip;
1196
1197 zip = (struct _7zip *)(a->format->data);
1198 free_StreamsInfo(&(zip->si));
1199 free(zip->entries);
1200 free(zip->entry_names);
1201 free_decompression(a, zip);
1202 free(zip->uncompressed_buffer);
1203 free(zip->sub_stream_buff[0]);
1204 free(zip->sub_stream_buff[1]);
1205 free(zip->sub_stream_buff[2]);
1206 free(zip->tmp_stream_buff);
1207 free(zip);
1208 (a->format->data) = NULL;
1209 return (ARCHIVE_OK);
1210 }
1211
1212 static void
read_consume(struct archive_read * a)1213 read_consume(struct archive_read *a)
1214 {
1215 struct _7zip *zip = (struct _7zip *)a->format->data;
1216
1217 if (zip->pack_stream_bytes_unconsumed) {
1218 __archive_read_consume(a, zip->pack_stream_bytes_unconsumed);
1219 zip->stream_offset += zip->pack_stream_bytes_unconsumed;
1220 zip->pack_stream_bytes_unconsumed = 0;
1221 }
1222 }
1223
1224 #ifdef HAVE_LZMA_H
1225
1226 /*
1227 * Set an error code and choose an error message for liblzma.
1228 */
1229 static void
set_error(struct archive_read * a,int ret)1230 set_error(struct archive_read *a, int ret)
1231 {
1232
1233 switch (ret) {
1234 case LZMA_STREAM_END: /* Found end of stream. */
1235 case LZMA_OK: /* Decompressor made some progress. */
1236 break;
1237 case LZMA_MEM_ERROR:
1238 archive_set_error(&a->archive, ENOMEM,
1239 "Lzma library error: Cannot allocate memory");
1240 break;
1241 case LZMA_MEMLIMIT_ERROR:
1242 archive_set_error(&a->archive, ENOMEM,
1243 "Lzma library error: Out of memory");
1244 break;
1245 case LZMA_FORMAT_ERROR:
1246 archive_set_error(&a->archive,
1247 ARCHIVE_ERRNO_MISC,
1248 "Lzma library error: format not recognized");
1249 break;
1250 case LZMA_OPTIONS_ERROR:
1251 archive_set_error(&a->archive,
1252 ARCHIVE_ERRNO_MISC,
1253 "Lzma library error: Invalid options");
1254 break;
1255 case LZMA_DATA_ERROR:
1256 archive_set_error(&a->archive,
1257 ARCHIVE_ERRNO_MISC,
1258 "Lzma library error: Corrupted input data");
1259 break;
1260 case LZMA_BUF_ERROR:
1261 archive_set_error(&a->archive,
1262 ARCHIVE_ERRNO_MISC,
1263 "Lzma library error: No progress is possible");
1264 break;
1265 default:
1266 /* Return an error. */
1267 archive_set_error(&a->archive,
1268 ARCHIVE_ERRNO_MISC,
1269 "Lzma decompression failed: Unknown error");
1270 break;
1271 }
1272 }
1273
1274 #endif
1275
1276 static unsigned long
decode_codec_id(const unsigned char * codecId,size_t id_size)1277 decode_codec_id(const unsigned char *codecId, size_t id_size)
1278 {
1279 unsigned i;
1280 unsigned long id = 0;
1281
1282 for (i = 0; i < id_size; i++) {
1283 id <<= 8;
1284 id += codecId[i];
1285 }
1286 return (id);
1287 }
1288
1289 static Byte
ppmd_read(void * p)1290 ppmd_read(void *p)
1291 {
1292 struct archive_read *a = ((IByteIn*)p)->a;
1293 struct _7zip *zip = (struct _7zip *)(a->format->data);
1294 Byte b;
1295
1296 if (zip->ppstream.avail_in <= 0) {
1297 /*
1298 * Ppmd7_DecodeSymbol might require reading multiple bytes
1299 * and we are on boundary;
1300 * last resort to read using __archive_read_ahead.
1301 */
1302 ssize_t bytes_avail = 0;
1303 const uint8_t* data = __archive_read_ahead(a,
1304 (size_t)zip->ppstream.stream_in+1, &bytes_avail);
1305 if(data == NULL || bytes_avail < zip->ppstream.stream_in+1) {
1306 archive_set_error(&a->archive,
1307 ARCHIVE_ERRNO_FILE_FORMAT,
1308 "Truncated 7z file data");
1309 zip->ppstream.overconsumed = 1;
1310 return (0);
1311 }
1312 zip->ppstream.next_in++;
1313 b = data[zip->ppstream.stream_in];
1314 } else {
1315 b = *zip->ppstream.next_in++;
1316 }
1317 zip->ppstream.avail_in--;
1318 zip->ppstream.total_in++;
1319 zip->ppstream.stream_in++;
1320 return (b);
1321 }
1322
1323 static int
init_decompression(struct archive_read * a,struct _7zip * zip,const struct _7z_coder * coder1,const struct _7z_coder * coder2)1324 init_decompression(struct archive_read *a, struct _7zip *zip,
1325 const struct _7z_coder *coder1, const struct _7z_coder *coder2)
1326 {
1327 int r;
1328
1329 zip->codec = coder1->codec;
1330 zip->codec2 = -1;
1331
1332 switch (zip->codec) {
1333 case _7Z_COPY:
1334 case _7Z_BZ2:
1335 case _7Z_DEFLATE:
1336 case _7Z_ZSTD:
1337 case _7Z_PPMD:
1338 if (coder2 != NULL) {
1339 if (coder2->codec != _7Z_X86 &&
1340 coder2->codec != _7Z_X86_BCJ2 &&
1341 coder2->codec != _7Z_ARM &&
1342 coder2->codec != _7Z_ARM64 &&
1343 coder2->codec != _7Z_POWERPC &&
1344 coder2->codec != _7Z_SPARC) {
1345 archive_set_error(&a->archive,
1346 ARCHIVE_ERRNO_MISC,
1347 "Unsupported filter %lx for %lx",
1348 coder2->codec, coder1->codec);
1349 return (ARCHIVE_FAILED);
1350 }
1351 zip->codec2 = coder2->codec;
1352 zip->bcj_state = 0;
1353 if (coder2->codec == _7Z_X86)
1354 x86_Init(zip);
1355 else if (coder2->codec == _7Z_ARM)
1356 arm_Init(zip);
1357 }
1358 break;
1359 default:
1360 break;
1361 }
1362
1363 switch (zip->codec) {
1364 case _7Z_COPY:
1365 break;
1366
1367 case _7Z_LZMA: case _7Z_LZMA2:
1368 #ifdef HAVE_LZMA_H
1369 #if LZMA_VERSION_MAJOR >= 5
1370 /* Effectively disable the limiter. */
1371 #define LZMA_MEMLIMIT UINT64_MAX
1372 #else
1373 /* NOTE: This needs to check memory size which running system has. */
1374 #define LZMA_MEMLIMIT (1U << 30)
1375 #endif
1376 {
1377 lzma_options_delta delta_opt;
1378 lzma_filter filters[LZMA_FILTERS_MAX], *ff;
1379 int fi = 0;
1380
1381 if (zip->lzstream_valid) {
1382 lzma_end(&(zip->lzstream));
1383 zip->lzstream_valid = 0;
1384 }
1385
1386 /*
1387 * NOTE: liblzma incompletely handle the BCJ+LZMA compressed
1388 * data made by 7-Zip because 7-Zip does not add End-Of-
1389 * Payload Marker(EOPM) at the end of LZMA compressed data,
1390 * and so liblzma cannot know the end of the compressed data
1391 * without EOPM. So consequently liblzma will not return last
1392 * three or four bytes of uncompressed data because
1393 * LZMA_FILTER_X86 filter does not handle input data if its
1394 * data size is less than five bytes. If liblzma detect EOPM
1395 * or know the uncompressed data size, liblzma will flush out
1396 * the remaining that three or four bytes of uncompressed
1397 * data. That is why we have to use our converting program
1398 * for BCJ+LZMA. If we were able to tell the uncompressed
1399 * size to liblzma when using lzma_raw_decoder() liblzma
1400 * could correctly deal with BCJ+LZMA. But unfortunately
1401 * there is no way to do that.
1402 *
1403 * Reference: https://web.archive.org/web/20240405171610/https://www.mail-archive.com/xz-devel@tukaani.org/msg00373.html
1404 */
1405 if (coder2 != NULL) {
1406 zip->codec2 = coder2->codec;
1407
1408 filters[fi].options = NULL;
1409 switch (zip->codec2) {
1410 case _7Z_X86:
1411 if (zip->codec == _7Z_LZMA2) {
1412 filters[fi].id = LZMA_FILTER_X86;
1413 fi++;
1414 } else
1415 /* Use our filter. */
1416 x86_Init(zip);
1417 break;
1418 case _7Z_X86_BCJ2:
1419 /* Use our filter. */
1420 zip->bcj_state = 0;
1421 break;
1422 case _7Z_DELTA:
1423 if (coder2->propertiesSize != 1) {
1424 archive_set_error(&a->archive,
1425 ARCHIVE_ERRNO_MISC,
1426 "Invalid Delta parameter");
1427 return (ARCHIVE_FAILED);
1428 }
1429 filters[fi].id = LZMA_FILTER_DELTA;
1430 memset(&delta_opt, 0, sizeof(delta_opt));
1431 delta_opt.type = LZMA_DELTA_TYPE_BYTE;
1432 delta_opt.dist =
1433 (uint32_t)coder2->properties[0] + 1;
1434 filters[fi].options = &delta_opt;
1435 fi++;
1436 break;
1437 /* Following filters have not been tested yet. */
1438 case _7Z_POWERPC:
1439 filters[fi].id = LZMA_FILTER_POWERPC;
1440 fi++;
1441 break;
1442 case _7Z_IA64:
1443 filters[fi].id = LZMA_FILTER_IA64;
1444 fi++;
1445 break;
1446 case _7Z_ARM:
1447 filters[fi].id = LZMA_FILTER_ARM;
1448 fi++;
1449 break;
1450 case _7Z_ARMTHUMB:
1451 filters[fi].id = LZMA_FILTER_ARMTHUMB;
1452 fi++;
1453 break;
1454 #ifdef LZMA_FILTER_ARM64
1455 case _7Z_ARM64:
1456 filters[fi].id = LZMA_FILTER_ARM64;
1457 fi++;
1458 break;
1459 #endif
1460 #ifdef LZMA_FILTER_RISCV
1461 case _7Z_RISCV:
1462 filters[fi].id = LZMA_FILTER_RISCV;
1463 fi++;
1464 break;
1465 #endif
1466 case _7Z_SPARC:
1467 filters[fi].id = LZMA_FILTER_SPARC;
1468 fi++;
1469 break;
1470 default:
1471 archive_set_error(&a->archive,
1472 ARCHIVE_ERRNO_MISC,
1473 "Unexpected codec ID: %lX", zip->codec2);
1474 return (ARCHIVE_FAILED);
1475 }
1476 }
1477
1478 if (zip->codec == _7Z_LZMA2)
1479 filters[fi].id = LZMA_FILTER_LZMA2;
1480 else
1481 filters[fi].id = LZMA_FILTER_LZMA1;
1482 filters[fi].options = NULL;
1483 ff = &filters[fi];
1484 r = lzma_properties_decode(&filters[fi], NULL,
1485 coder1->properties, (size_t)coder1->propertiesSize);
1486 if (r != LZMA_OK) {
1487 set_error(a, r);
1488 return (ARCHIVE_FAILED);
1489 }
1490 fi++;
1491
1492 filters[fi].id = LZMA_VLI_UNKNOWN;
1493 filters[fi].options = NULL;
1494 r = lzma_raw_decoder(&(zip->lzstream), filters);
1495 free(ff->options);
1496 if (r != LZMA_OK) {
1497 set_error(a, r);
1498 return (ARCHIVE_FAILED);
1499 }
1500 zip->lzstream_valid = 1;
1501 zip->lzstream.total_in = 0;
1502 zip->lzstream.total_out = 0;
1503 break;
1504 }
1505 #else
1506 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1507 "LZMA codec is unsupported");
1508 return (ARCHIVE_FAILED);
1509 #endif
1510 case _7Z_BZ2:
1511 #if defined(HAVE_BZLIB_H) && defined(BZ_CONFIG_ERROR)
1512 if (zip->bzstream_valid) {
1513 BZ2_bzDecompressEnd(&(zip->bzstream));
1514 zip->bzstream_valid = 0;
1515 }
1516 r = BZ2_bzDecompressInit(&(zip->bzstream), 0, 0);
1517 if (r == BZ_MEM_ERROR)
1518 r = BZ2_bzDecompressInit(&(zip->bzstream), 0, 1);
1519 if (r != BZ_OK) {
1520 int err = ARCHIVE_ERRNO_MISC;
1521 const char *detail = NULL;
1522 switch (r) {
1523 case BZ_PARAM_ERROR:
1524 detail = "invalid setup parameter";
1525 break;
1526 case BZ_MEM_ERROR:
1527 err = ENOMEM;
1528 detail = "out of memory";
1529 break;
1530 case BZ_CONFIG_ERROR:
1531 detail = "mis-compiled library";
1532 break;
1533 }
1534 archive_set_error(&a->archive, err,
1535 "Internal error initializing decompressor: %s",
1536 detail != NULL ? detail : "??");
1537 zip->bzstream_valid = 0;
1538 return (ARCHIVE_FAILED);
1539 }
1540 zip->bzstream_valid = 1;
1541 zip->bzstream.total_in_lo32 = 0;
1542 zip->bzstream.total_in_hi32 = 0;
1543 zip->bzstream.total_out_lo32 = 0;
1544 zip->bzstream.total_out_hi32 = 0;
1545 break;
1546 #else
1547 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1548 "BZ2 codec is unsupported");
1549 return (ARCHIVE_FAILED);
1550 #endif
1551 case _7Z_ZSTD:
1552 {
1553 #if defined(HAVE_ZSTD_H)
1554 if (zip->zstdstream_valid) {
1555 ZSTD_freeDStream(zip->zstd_dstream);
1556 zip->zstdstream_valid = 0;
1557 }
1558 zip->zstd_dstream = ZSTD_createDStream();
1559 zip->zstdstream_valid = 1;
1560 break;
1561 #else
1562 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1563 "ZSTD codec is unsupported");
1564 return (ARCHIVE_FAILED);
1565 #endif
1566 }
1567 case _7Z_DEFLATE:
1568 #ifdef HAVE_ZLIB_H
1569 if (zip->stream_valid)
1570 r = inflateReset(&(zip->stream));
1571 else
1572 r = inflateInit2(&(zip->stream),
1573 -15 /* Don't check for zlib header */);
1574 if (r != Z_OK) {
1575 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1576 "Couldn't initialize zlib stream.");
1577 return (ARCHIVE_FAILED);
1578 }
1579 zip->stream_valid = 1;
1580 zip->stream.total_in = 0;
1581 zip->stream.total_out = 0;
1582 break;
1583 #else
1584 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1585 "DEFLATE codec is unsupported");
1586 return (ARCHIVE_FAILED);
1587 #endif
1588 case _7Z_PPMD:
1589 {
1590 unsigned order;
1591 uint32_t msize;
1592
1593 if (zip->ppmd7_valid) {
1594 __archive_ppmd7_functions.Ppmd7_Free(
1595 &zip->ppmd7_context);
1596 zip->ppmd7_valid = 0;
1597 }
1598
1599 if (coder1->propertiesSize < 5) {
1600 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1601 "Malformed PPMd parameter");
1602 return (ARCHIVE_FAILED);
1603 }
1604 order = coder1->properties[0];
1605 msize = archive_le32dec(&(coder1->properties[1]));
1606 if (order < PPMD7_MIN_ORDER || order > PPMD7_MAX_ORDER ||
1607 msize < PPMD7_MIN_MEM_SIZE || msize > PPMD7_MAX_MEM_SIZE) {
1608 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1609 "Malformed PPMd parameter");
1610 return (ARCHIVE_FAILED);
1611 }
1612 __archive_ppmd7_functions.Ppmd7_Construct(&zip->ppmd7_context);
1613 r = __archive_ppmd7_functions.Ppmd7_Alloc(
1614 &zip->ppmd7_context, msize);
1615 if (r == 0) {
1616 archive_set_error(&a->archive, ENOMEM,
1617 "Coludn't allocate memory for PPMd");
1618 return (ARCHIVE_FATAL);
1619 }
1620 __archive_ppmd7_functions.Ppmd7_Init(
1621 &zip->ppmd7_context, order);
1622 __archive_ppmd7_functions.Ppmd7z_RangeDec_CreateVTable(
1623 &zip->range_dec);
1624 zip->ppmd7_valid = 1;
1625 zip->ppmd7_stat = 0;
1626 zip->ppstream.overconsumed = 0;
1627 zip->ppstream.total_in = 0;
1628 zip->ppstream.total_out = 0;
1629 break;
1630 }
1631 case _7Z_X86:
1632 case _7Z_X86_BCJ2:
1633 case _7Z_POWERPC:
1634 case _7Z_IA64:
1635 case _7Z_ARM:
1636 case _7Z_ARMTHUMB:
1637 case _7Z_ARM64:
1638 case _7Z_RISCV:
1639 case _7Z_SPARC:
1640 case _7Z_DELTA:
1641 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1642 "Unexpected codec ID: %lX", zip->codec);
1643 return (ARCHIVE_FAILED);
1644 case _7Z_CRYPTO_MAIN_ZIP:
1645 case _7Z_CRYPTO_RAR_29:
1646 case _7Z_CRYPTO_AES_256_SHA_256:
1647 if (a->entry) {
1648 archive_entry_set_is_metadata_encrypted(a->entry, 1);
1649 archive_entry_set_is_data_encrypted(a->entry, 1);
1650 zip->has_encrypted_entries = 1;
1651 }
1652 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1653 "Crypto codec not supported yet (ID: 0x%lX)", zip->codec);
1654 return (ARCHIVE_FAILED);
1655 default:
1656 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1657 "Unknown codec ID: %lX", zip->codec);
1658 return (ARCHIVE_FAILED);
1659 }
1660
1661 return (ARCHIVE_OK);
1662 }
1663
1664 static int
decompress(struct archive_read * a,struct _7zip * zip,void * buff,size_t * outbytes,const void * b,size_t * used)1665 decompress(struct archive_read *a, struct _7zip *zip,
1666 void *buff, size_t *outbytes, const void *b, size_t *used)
1667 {
1668 const uint8_t *t_next_in;
1669 uint8_t *t_next_out;
1670 size_t o_avail_in, o_avail_out;
1671 size_t t_avail_in, t_avail_out;
1672 uint8_t *bcj2_next_out;
1673 size_t bcj2_avail_out;
1674 int r, ret = ARCHIVE_OK;
1675
1676 t_avail_in = o_avail_in = *used;
1677 t_avail_out = o_avail_out = *outbytes;
1678 t_next_in = b;
1679 t_next_out = buff;
1680
1681 if (zip->codec != _7Z_LZMA2 && zip->codec2 == _7Z_X86) {
1682 int i;
1683
1684 /* Do not copy out the BCJ remaining bytes when the output
1685 * buffer size is less than five bytes. */
1686 if (o_avail_in != 0 && t_avail_out < 5 && zip->odd_bcj_size) {
1687 *used = 0;
1688 *outbytes = 0;
1689 return (ret);
1690 }
1691 for (i = 0; zip->odd_bcj_size > 0 && t_avail_out; i++) {
1692 *t_next_out++ = zip->odd_bcj[i];
1693 t_avail_out--;
1694 zip->odd_bcj_size--;
1695 }
1696 if (o_avail_in == 0 || t_avail_out == 0) {
1697 *used = o_avail_in - t_avail_in;
1698 *outbytes = o_avail_out - t_avail_out;
1699 if (o_avail_in == 0)
1700 ret = ARCHIVE_EOF;
1701 return (ret);
1702 }
1703 }
1704
1705 bcj2_next_out = t_next_out;
1706 bcj2_avail_out = t_avail_out;
1707 if (zip->codec2 == _7Z_X86_BCJ2) {
1708 /*
1709 * Decord a remaining decompressed main stream for BCJ2.
1710 */
1711 if (zip->tmp_stream_bytes_remaining) {
1712 ssize_t bytes;
1713 size_t remaining = zip->tmp_stream_bytes_remaining;
1714 bytes = Bcj2_Decode(zip, t_next_out, t_avail_out);
1715 if (bytes < 0) {
1716 archive_set_error(&(a->archive),
1717 ARCHIVE_ERRNO_MISC,
1718 "BCJ2 conversion Failed");
1719 return (ARCHIVE_FAILED);
1720 }
1721 zip->main_stream_bytes_remaining -=
1722 remaining - zip->tmp_stream_bytes_remaining;
1723 t_avail_out -= bytes;
1724 if (o_avail_in == 0 || t_avail_out == 0) {
1725 *used = 0;
1726 *outbytes = o_avail_out - t_avail_out;
1727 if (o_avail_in == 0 &&
1728 zip->tmp_stream_bytes_remaining)
1729 ret = ARCHIVE_EOF;
1730 return (ret);
1731 }
1732 t_next_out += bytes;
1733 bcj2_next_out = t_next_out;
1734 bcj2_avail_out = t_avail_out;
1735 }
1736 t_next_out = zip->tmp_stream_buff;
1737 t_avail_out = zip->tmp_stream_buff_size;
1738 }
1739
1740 switch (zip->codec) {
1741 case _7Z_COPY:
1742 {
1743 size_t bytes =
1744 (t_avail_in > t_avail_out)?t_avail_out:t_avail_in;
1745
1746 memcpy(t_next_out, t_next_in, bytes);
1747 t_avail_in -= bytes;
1748 t_avail_out -= bytes;
1749 if (o_avail_in == 0)
1750 ret = ARCHIVE_EOF;
1751 break;
1752 }
1753 #ifdef HAVE_LZMA_H
1754 case _7Z_LZMA: case _7Z_LZMA2:
1755 zip->lzstream.next_in = t_next_in;
1756 zip->lzstream.avail_in = t_avail_in;
1757 zip->lzstream.next_out = t_next_out;
1758 zip->lzstream.avail_out = t_avail_out;
1759
1760 r = lzma_code(&(zip->lzstream), LZMA_RUN);
1761 switch (r) {
1762 case LZMA_STREAM_END: /* Found end of stream. */
1763 lzma_end(&(zip->lzstream));
1764 zip->lzstream_valid = 0;
1765 ret = ARCHIVE_EOF;
1766 break;
1767 case LZMA_OK: /* Decompressor made some progress. */
1768 break;
1769 default:
1770 archive_set_error(&(a->archive),
1771 ARCHIVE_ERRNO_MISC,
1772 "Decompression failed(%d)",
1773 r);
1774 return (ARCHIVE_FAILED);
1775 }
1776 t_avail_in = zip->lzstream.avail_in;
1777 t_avail_out = zip->lzstream.avail_out;
1778 break;
1779 #endif
1780 #if defined(HAVE_BZLIB_H) && defined(BZ_CONFIG_ERROR)
1781 case _7Z_BZ2:
1782 zip->bzstream.next_in = (char *)(uintptr_t)t_next_in;
1783 zip->bzstream.avail_in = (uint32_t)t_avail_in;
1784 zip->bzstream.next_out = (char *)(uintptr_t)t_next_out;
1785 zip->bzstream.avail_out = (uint32_t)t_avail_out;
1786 r = BZ2_bzDecompress(&(zip->bzstream));
1787 switch (r) {
1788 case BZ_STREAM_END: /* Found end of stream. */
1789 switch (BZ2_bzDecompressEnd(&(zip->bzstream))) {
1790 case BZ_OK:
1791 break;
1792 default:
1793 archive_set_error(&(a->archive),
1794 ARCHIVE_ERRNO_MISC,
1795 "Failed to clean up decompressor");
1796 return (ARCHIVE_FAILED);
1797 }
1798 zip->bzstream_valid = 0;
1799 ret = ARCHIVE_EOF;
1800 break;
1801 case BZ_OK: /* Decompressor made some progress. */
1802 break;
1803 default:
1804 archive_set_error(&(a->archive),
1805 ARCHIVE_ERRNO_MISC,
1806 "bzip decompression failed");
1807 return (ARCHIVE_FAILED);
1808 }
1809 t_avail_in = zip->bzstream.avail_in;
1810 t_avail_out = zip->bzstream.avail_out;
1811 break;
1812 #endif
1813 #ifdef HAVE_ZLIB_H
1814 case _7Z_DEFLATE:
1815 zip->stream.next_in = (Bytef *)(uintptr_t)t_next_in;
1816 zip->stream.avail_in = (uInt)t_avail_in;
1817 zip->stream.next_out = t_next_out;
1818 zip->stream.avail_out = (uInt)t_avail_out;
1819 r = inflate(&(zip->stream), 0);
1820 switch (r) {
1821 case Z_STREAM_END: /* Found end of stream. */
1822 ret = ARCHIVE_EOF;
1823 break;
1824 case Z_OK: /* Decompressor made some progress.*/
1825 break;
1826 default:
1827 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1828 "File decompression failed (%d)", r);
1829 return (ARCHIVE_FAILED);
1830 }
1831 t_avail_in = zip->stream.avail_in;
1832 t_avail_out = zip->stream.avail_out;
1833 break;
1834 #endif
1835 #ifdef HAVE_ZSTD_H
1836 case _7Z_ZSTD:
1837 {
1838 ZSTD_inBuffer input = { t_next_in, t_avail_in, 0 }; // src, size, pos
1839 ZSTD_outBuffer output = { t_next_out, t_avail_out, 0 }; // dst, size, pos
1840
1841 size_t const zret = ZSTD_decompressStream(zip->zstd_dstream, &output, &input);
1842 if (ZSTD_isError(zret)) {
1843 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, "Zstd decompression failed: %s", ZSTD_getErrorName(zret));
1844 return ARCHIVE_FAILED;
1845 }
1846 t_avail_in -= input.pos;
1847 t_avail_out -= output.pos;
1848 break;
1849 }
1850 #endif
1851 case _7Z_PPMD:
1852 {
1853 uint64_t flush_bytes;
1854
1855 if (!zip->ppmd7_valid || zip->ppmd7_stat < 0 ||
1856 t_avail_out <= 0) {
1857 archive_set_error(&(a->archive),
1858 ARCHIVE_ERRNO_MISC,
1859 "Decompression internal error");
1860 return (ARCHIVE_FAILED);
1861 }
1862 zip->ppstream.next_in = t_next_in;
1863 zip->ppstream.avail_in = t_avail_in;
1864 zip->ppstream.stream_in = 0;
1865 zip->ppstream.next_out = t_next_out;
1866 zip->ppstream.avail_out = t_avail_out;
1867 if (zip->ppmd7_stat == 0) {
1868 zip->bytein.a = a;
1869 zip->bytein.Read = &ppmd_read;
1870 zip->range_dec.Stream = &zip->bytein;
1871 r = __archive_ppmd7_functions.Ppmd7z_RangeDec_Init(
1872 &(zip->range_dec));
1873 if (r == 0) {
1874 zip->ppmd7_stat = -1;
1875 archive_set_error(&a->archive,
1876 ARCHIVE_ERRNO_MISC,
1877 "Failed to initialize PPMd range decoder");
1878 return (ARCHIVE_FAILED);
1879 }
1880 if (zip->ppstream.overconsumed) {
1881 zip->ppmd7_stat = -1;
1882 return (ARCHIVE_FAILED);
1883 }
1884 zip->ppmd7_stat = 1;
1885 }
1886
1887 if (t_avail_in == 0)
1888 /* XXX Flush out remaining decoded data XXX */
1889 flush_bytes = zip->folder_outbytes_remaining;
1890 else
1891 flush_bytes = 0;
1892
1893 do {
1894 int sym;
1895
1896 sym = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
1897 &(zip->ppmd7_context), &(zip->range_dec.p));
1898 if (sym < 0) {
1899 zip->ppmd7_stat = -1;
1900 archive_set_error(&a->archive,
1901 ARCHIVE_ERRNO_FILE_FORMAT,
1902 "Failed to decode PPMd");
1903 return (ARCHIVE_FAILED);
1904 }
1905 if (zip->ppstream.overconsumed) {
1906 zip->ppmd7_stat = -1;
1907 return (ARCHIVE_FAILED);
1908 }
1909 *zip->ppstream.next_out++ = (unsigned char)sym;
1910 zip->ppstream.avail_out--;
1911 zip->ppstream.total_out++;
1912 if (flush_bytes)
1913 flush_bytes--;
1914 } while (zip->ppstream.avail_out &&
1915 (zip->ppstream.avail_in || flush_bytes));
1916
1917 t_avail_in = (size_t)zip->ppstream.avail_in;
1918 t_avail_out = (size_t)zip->ppstream.avail_out;
1919 break;
1920 }
1921 default:
1922 archive_set_error(&(a->archive), ARCHIVE_ERRNO_MISC,
1923 "Decompression internal error");
1924 return (ARCHIVE_FAILED);
1925 }
1926 if (ret != ARCHIVE_OK && ret != ARCHIVE_EOF)
1927 return (ret);
1928
1929 *used = o_avail_in - t_avail_in;
1930 *outbytes = o_avail_out - t_avail_out;
1931
1932 /*
1933 * Decord BCJ.
1934 */
1935 if (zip->codec != _7Z_LZMA2) {
1936 if (zip->codec2 == _7Z_X86) {
1937 size_t l = x86_Convert(zip, buff, *outbytes);
1938
1939 zip->odd_bcj_size = *outbytes - l;
1940 if (zip->odd_bcj_size > 0 && zip->odd_bcj_size <= 4 &&
1941 o_avail_in && ret != ARCHIVE_EOF) {
1942 memcpy(zip->odd_bcj, ((unsigned char *)buff) + l,
1943 zip->odd_bcj_size);
1944 *outbytes = l;
1945 } else
1946 zip->odd_bcj_size = 0;
1947 } else if (zip->codec2 == _7Z_ARM) {
1948 *outbytes = arm_Convert(zip, buff, *outbytes);
1949 } else if (zip->codec2 == _7Z_ARM64) {
1950 *outbytes = arm64_Convert(zip, buff, *outbytes);
1951 } else if (zip->codec2 == _7Z_SPARC) {
1952 *outbytes = sparc_Convert(zip, buff, *outbytes);
1953 } else if (zip->codec2 == _7Z_POWERPC) {
1954 *outbytes = powerpc_Convert(zip, buff, *outbytes);
1955 }
1956 }
1957
1958 /*
1959 * Decord BCJ2 with a decompressed main stream.
1960 */
1961 if (zip->codec2 == _7Z_X86_BCJ2) {
1962 ssize_t bytes;
1963
1964 zip->tmp_stream_bytes_avail =
1965 zip->tmp_stream_buff_size - t_avail_out;
1966 if (zip->tmp_stream_bytes_avail >
1967 zip->main_stream_bytes_remaining)
1968 zip->tmp_stream_bytes_avail =
1969 zip->main_stream_bytes_remaining;
1970 zip->tmp_stream_bytes_remaining = zip->tmp_stream_bytes_avail;
1971 bytes = Bcj2_Decode(zip, bcj2_next_out, bcj2_avail_out);
1972 if (bytes < 0) {
1973 archive_set_error(&(a->archive),
1974 ARCHIVE_ERRNO_MISC, "BCJ2 conversion Failed");
1975 return (ARCHIVE_FAILED);
1976 }
1977 zip->main_stream_bytes_remaining -=
1978 zip->tmp_stream_bytes_avail
1979 - zip->tmp_stream_bytes_remaining;
1980 bcj2_avail_out -= bytes;
1981 *outbytes = o_avail_out - bcj2_avail_out;
1982 }
1983
1984 return (ret);
1985 }
1986
1987 static int
free_decompression(struct archive_read * a,struct _7zip * zip)1988 free_decompression(struct archive_read *a, struct _7zip *zip)
1989 {
1990 int r = ARCHIVE_OK;
1991
1992 #if !defined(HAVE_ZLIB_H) &&\
1993 !(defined(HAVE_BZLIB_H) && defined(BZ_CONFIG_ERROR))
1994 (void)a;/* UNUSED */
1995 #endif
1996 #ifdef HAVE_LZMA_H
1997 if (zip->lzstream_valid)
1998 lzma_end(&(zip->lzstream));
1999 #endif
2000 #if defined(HAVE_BZLIB_H) && defined(BZ_CONFIG_ERROR)
2001 if (zip->bzstream_valid) {
2002 if (BZ2_bzDecompressEnd(&(zip->bzstream)) != BZ_OK) {
2003 archive_set_error(&a->archive,
2004 ARCHIVE_ERRNO_MISC,
2005 "Failed to clean up bzip2 decompressor");
2006 r = ARCHIVE_FATAL;
2007 }
2008 zip->bzstream_valid = 0;
2009 }
2010 #endif
2011 #ifdef HAVE_ZLIB_H
2012 if (zip->stream_valid) {
2013 if (inflateEnd(&(zip->stream)) != Z_OK) {
2014 archive_set_error(&a->archive,
2015 ARCHIVE_ERRNO_MISC,
2016 "Failed to clean up zlib decompressor");
2017 r = ARCHIVE_FATAL;
2018 }
2019 zip->stream_valid = 0;
2020 }
2021 #endif
2022 #ifdef HAVE_ZSTD_H
2023 if (zip->zstdstream_valid)
2024 ZSTD_freeDStream(zip->zstd_dstream);
2025 #endif
2026 if (zip->ppmd7_valid) {
2027 __archive_ppmd7_functions.Ppmd7_Free(
2028 &zip->ppmd7_context);
2029 zip->ppmd7_valid = 0;
2030 }
2031 return (r);
2032 }
2033
2034 static int
parse_7zip_uint64(struct archive_read * a,uint64_t * val)2035 parse_7zip_uint64(struct archive_read *a, uint64_t *val)
2036 {
2037 const unsigned char *p;
2038 unsigned char avail, mask;
2039 int i;
2040
2041 if ((p = header_bytes(a, 1)) == NULL)
2042 return (-1);
2043 avail = *p;
2044 mask = 0x80;
2045 *val = 0;
2046 for (i = 0; i < 8; i++) {
2047 if (avail & mask) {
2048 if ((p = header_bytes(a, 1)) == NULL)
2049 return (-1);
2050 *val |= ((uint64_t)*p) << (8 * i);
2051 mask >>= 1;
2052 continue;
2053 }
2054 *val += ((uint64_t)(avail & (mask -1))) << (8 * i);
2055 break;
2056 }
2057 return (0);
2058 }
2059
2060 static int
read_Bools(struct archive_read * a,unsigned char * data,size_t num)2061 read_Bools(struct archive_read *a, unsigned char *data, size_t num)
2062 {
2063 const unsigned char *p;
2064 unsigned i, mask = 0, avail = 0;
2065
2066 for (i = 0; i < num; i++) {
2067 if (mask == 0) {
2068 if ((p = header_bytes(a, 1)) == NULL)
2069 return (-1);
2070 avail = *p;
2071 mask = 0x80;
2072 }
2073 data[i] = (avail & mask)?1:0;
2074 mask >>= 1;
2075 }
2076 return (0);
2077 }
2078
2079 static void
free_Digest(struct _7z_digests * d)2080 free_Digest(struct _7z_digests *d)
2081 {
2082 free(d->defineds);
2083 free(d->digests);
2084 }
2085
2086 static int
read_Digests(struct archive_read * a,struct _7z_digests * d,size_t num)2087 read_Digests(struct archive_read *a, struct _7z_digests *d, size_t num)
2088 {
2089 const unsigned char *p;
2090 unsigned i;
2091
2092 if (num == 0)
2093 return (-1);
2094 memset(d, 0, sizeof(*d));
2095
2096 d->defineds = malloc(num);
2097 if (d->defineds == NULL)
2098 return (-1);
2099 /*
2100 * Read Bools.
2101 */
2102 if ((p = header_bytes(a, 1)) == NULL)
2103 return (-1);
2104 if (*p == 0) {
2105 if (read_Bools(a, d->defineds, num) < 0)
2106 return (-1);
2107 } else
2108 /* All are defined */
2109 memset(d->defineds, 1, num);
2110
2111 d->digests = calloc(num, sizeof(*d->digests));
2112 if (d->digests == NULL)
2113 return (-1);
2114 for (i = 0; i < num; i++) {
2115 if (d->defineds[i]) {
2116 if ((p = header_bytes(a, 4)) == NULL)
2117 return (-1);
2118 d->digests[i] = archive_le32dec(p);
2119 }
2120 }
2121
2122 return (0);
2123 }
2124
2125 static void
free_PackInfo(struct _7z_pack_info * pi)2126 free_PackInfo(struct _7z_pack_info *pi)
2127 {
2128 free(pi->sizes);
2129 free(pi->positions);
2130 free_Digest(&(pi->digest));
2131 }
2132
2133 static int
read_PackInfo(struct archive_read * a,struct _7z_pack_info * pi)2134 read_PackInfo(struct archive_read *a, struct _7z_pack_info *pi)
2135 {
2136 const unsigned char *p;
2137 unsigned i;
2138
2139 memset(pi, 0, sizeof(*pi));
2140
2141 /*
2142 * Read PackPos.
2143 */
2144 if (parse_7zip_uint64(a, &(pi->pos)) < 0)
2145 return (-1);
2146
2147 /*
2148 * Read NumPackStreams.
2149 */
2150 if (parse_7zip_uint64(a, &(pi->numPackStreams)) < 0)
2151 return (-1);
2152 if (pi->numPackStreams == 0)
2153 return (-1);
2154 if (UMAX_ENTRY < pi->numPackStreams)
2155 return (-1);
2156
2157 /*
2158 * Read PackSizes[num]
2159 */
2160 if ((p = header_bytes(a, 1)) == NULL)
2161 return (-1);
2162 if (*p == kEnd)
2163 /* PackSizes[num] are not present. */
2164 return (0);
2165 if (*p != kSize)
2166 return (-1);
2167 pi->sizes = calloc((size_t)pi->numPackStreams, sizeof(uint64_t));
2168 pi->positions = calloc((size_t)pi->numPackStreams, sizeof(uint64_t));
2169 if (pi->sizes == NULL || pi->positions == NULL)
2170 return (-1);
2171
2172 for (i = 0; i < pi->numPackStreams; i++) {
2173 if (parse_7zip_uint64(a, &(pi->sizes[i])) < 0)
2174 return (-1);
2175 }
2176
2177 /*
2178 * Read PackStreamDigests[num]
2179 */
2180 if ((p = header_bytes(a, 1)) == NULL)
2181 return (-1);
2182 if (*p == kEnd) {
2183 /* PackStreamDigests[num] are not present. */
2184 pi->digest.defineds =
2185 calloc((size_t)pi->numPackStreams, sizeof(*pi->digest.defineds));
2186 pi->digest.digests =
2187 calloc((size_t)pi->numPackStreams, sizeof(*pi->digest.digests));
2188 if (pi->digest.defineds == NULL || pi->digest.digests == NULL)
2189 return (-1);
2190 return (0);
2191 }
2192
2193 if (*p != kCRC)
2194 return (-1);
2195
2196 if (read_Digests(a, &(pi->digest), (size_t)pi->numPackStreams) < 0)
2197 return (-1);
2198
2199 /*
2200 * Must be marked by kEnd.
2201 */
2202 if ((p = header_bytes(a, 1)) == NULL)
2203 return (-1);
2204 if (*p != kEnd)
2205 return (-1);
2206 return (0);
2207 }
2208
2209 static void
free_Folder(struct _7z_folder * f)2210 free_Folder(struct _7z_folder *f)
2211 {
2212 unsigned i;
2213
2214 if (f->coders) {
2215 for (i = 0; i< f->numCoders; i++) {
2216 free(f->coders[i].properties);
2217 }
2218 free(f->coders);
2219 }
2220 free(f->bindPairs);
2221 free(f->packedStreams);
2222 free(f->unPackSize);
2223 }
2224
2225 static int
read_Folder(struct archive_read * a,struct _7z_folder * f)2226 read_Folder(struct archive_read *a, struct _7z_folder *f)
2227 {
2228 struct _7zip *zip = (struct _7zip *)a->format->data;
2229 const unsigned char *p;
2230 uint64_t numInStreamsTotal = 0;
2231 uint64_t numOutStreamsTotal = 0;
2232 unsigned i;
2233
2234 memset(f, 0, sizeof(*f));
2235
2236 /*
2237 * Read NumCoders.
2238 */
2239 if (parse_7zip_uint64(a, &(f->numCoders)) < 0)
2240 return (-1);
2241 if (f->numCoders > 4)
2242 /* Too many coders. */
2243 return (-1);
2244
2245 f->coders = calloc((size_t)f->numCoders, sizeof(*f->coders));
2246 if (f->coders == NULL)
2247 return (-1);
2248 for (i = 0; i< f->numCoders; i++) {
2249 size_t codec_size;
2250 int simple, attr;
2251
2252 if ((p = header_bytes(a, 1)) == NULL)
2253 return (-1);
2254 /*
2255 * 0:3 CodecIdSize
2256 * 4: 0 - IsSimple
2257 * 1 - Is not Simple
2258 * 5: 0 - No Attributes
2259 * 1 - There are Attributes;
2260 * 7: Must be zero.
2261 */
2262 codec_size = *p & 0xf;
2263 simple = (*p & 0x10)?0:1;
2264 attr = *p & 0x20;
2265 if (*p & 0x80)
2266 return (-1);/* Not supported. */
2267
2268 /*
2269 * Read Decompression Method IDs.
2270 */
2271 if ((p = header_bytes(a, codec_size)) == NULL)
2272 return (-1);
2273
2274 f->coders[i].codec = decode_codec_id(p, codec_size);
2275
2276 if (simple) {
2277 f->coders[i].numInStreams = 1;
2278 f->coders[i].numOutStreams = 1;
2279 } else {
2280 if (parse_7zip_uint64(
2281 a, &(f->coders[i].numInStreams)) < 0)
2282 return (-1);
2283 if (UMAX_ENTRY < f->coders[i].numInStreams)
2284 return (-1);
2285 if (parse_7zip_uint64(
2286 a, &(f->coders[i].numOutStreams)) < 0)
2287 return (-1);
2288 if (UMAX_ENTRY < f->coders[i].numOutStreams)
2289 return (-1);
2290 }
2291
2292 if (attr) {
2293 if (parse_7zip_uint64(
2294 a, &(f->coders[i].propertiesSize)) < 0)
2295 return (-1);
2296 if (UMAX_ENTRY < f->coders[i].propertiesSize)
2297 return (-1);
2298 if ((p = header_bytes(
2299 a, (size_t)f->coders[i].propertiesSize)) == NULL)
2300 return (-1);
2301 f->coders[i].properties =
2302 malloc((size_t)f->coders[i].propertiesSize);
2303 if (f->coders[i].properties == NULL)
2304 return (-1);
2305 memcpy(f->coders[i].properties, p,
2306 (size_t)f->coders[i].propertiesSize);
2307 }
2308
2309 numInStreamsTotal += f->coders[i].numInStreams;
2310 numOutStreamsTotal += f->coders[i].numOutStreams;
2311 }
2312
2313 if (numOutStreamsTotal == 0 ||
2314 numInStreamsTotal < numOutStreamsTotal-1)
2315 return (-1);
2316
2317 f->numBindPairs = numOutStreamsTotal - 1;
2318 if (zip->header_bytes_remaining < f->numBindPairs)
2319 return (-1);
2320 if (f->numBindPairs > 0) {
2321 f->bindPairs =
2322 calloc((size_t)f->numBindPairs, sizeof(*f->bindPairs));
2323 if (f->bindPairs == NULL)
2324 return (-1);
2325 } else
2326 f->bindPairs = NULL;
2327 for (i = 0; i < f->numBindPairs; i++) {
2328 if (parse_7zip_uint64(a, &(f->bindPairs[i].inIndex)) < 0)
2329 return (-1);
2330 if (UMAX_ENTRY < f->bindPairs[i].inIndex)
2331 return (-1);
2332 if (parse_7zip_uint64(a, &(f->bindPairs[i].outIndex)) < 0)
2333 return (-1);
2334 if (UMAX_ENTRY < f->bindPairs[i].outIndex)
2335 return (-1);
2336 }
2337
2338 f->numPackedStreams = numInStreamsTotal - f->numBindPairs;
2339 f->packedStreams =
2340 calloc((size_t)f->numPackedStreams, sizeof(*f->packedStreams));
2341 if (f->packedStreams == NULL)
2342 return (-1);
2343 if (f->numPackedStreams == 1) {
2344 for (i = 0; i < numInStreamsTotal; i++) {
2345 unsigned j;
2346 for (j = 0; j < f->numBindPairs; j++) {
2347 if (f->bindPairs[j].inIndex == i)
2348 break;
2349 }
2350 if (j == f->numBindPairs)
2351 break;
2352 }
2353 if (i == numInStreamsTotal)
2354 return (-1);
2355 f->packedStreams[0] = i;
2356 } else {
2357 for (i = 0; i < f->numPackedStreams; i++) {
2358 if (parse_7zip_uint64(a, &(f->packedStreams[i])) < 0)
2359 return (-1);
2360 if (UMAX_ENTRY < f->packedStreams[i])
2361 return (-1);
2362 }
2363 }
2364 f->numInStreams = numInStreamsTotal;
2365 f->numOutStreams = numOutStreamsTotal;
2366
2367 return (0);
2368 }
2369
2370 static void
free_CodersInfo(struct _7z_coders_info * ci)2371 free_CodersInfo(struct _7z_coders_info *ci)
2372 {
2373 unsigned i;
2374
2375 if (ci->folders) {
2376 for (i = 0; i < ci->numFolders; i++)
2377 free_Folder(&(ci->folders[i]));
2378 free(ci->folders);
2379 }
2380 }
2381
2382 static int
read_CodersInfo(struct archive_read * a,struct _7z_coders_info * ci)2383 read_CodersInfo(struct archive_read *a, struct _7z_coders_info *ci)
2384 {
2385 const unsigned char *p;
2386 struct _7z_digests digest;
2387 unsigned i;
2388
2389 memset(ci, 0, sizeof(*ci));
2390 memset(&digest, 0, sizeof(digest));
2391
2392 if ((p = header_bytes(a, 1)) == NULL)
2393 goto failed;
2394 if (*p != kFolder)
2395 goto failed;
2396
2397 /*
2398 * Read NumFolders.
2399 */
2400 if (parse_7zip_uint64(a, &(ci->numFolders)) < 0)
2401 goto failed;
2402 if (UMAX_ENTRY < ci->numFolders)
2403 return (-1);
2404
2405 /*
2406 * Read External.
2407 */
2408 if ((p = header_bytes(a, 1)) == NULL)
2409 goto failed;
2410 switch (*p) {
2411 case 0:
2412 ci->folders =
2413 calloc((size_t)ci->numFolders, sizeof(*ci->folders));
2414 if (ci->folders == NULL)
2415 return (-1);
2416 for (i = 0; i < ci->numFolders; i++) {
2417 if (read_Folder(a, &(ci->folders[i])) < 0)
2418 goto failed;
2419 }
2420 break;
2421 case 1:
2422 if (parse_7zip_uint64(a, &(ci->dataStreamIndex)) < 0)
2423 return (-1);
2424 if (UMAX_ENTRY < ci->dataStreamIndex)
2425 return (-1);
2426 if (ci->numFolders > 0) {
2427 archive_set_error(&a->archive, -1,
2428 "Malformed 7-Zip archive");
2429 goto failed;
2430 }
2431 break;
2432 default:
2433 archive_set_error(&a->archive, -1,
2434 "Malformed 7-Zip archive");
2435 goto failed;
2436 }
2437
2438 if ((p = header_bytes(a, 1)) == NULL)
2439 goto failed;
2440 if (*p != kCodersUnPackSize)
2441 goto failed;
2442
2443 for (i = 0; i < ci->numFolders; i++) {
2444 struct _7z_folder *folder = &(ci->folders[i]);
2445 unsigned j;
2446
2447 folder->unPackSize =
2448 calloc((size_t)folder->numOutStreams, sizeof(*folder->unPackSize));
2449 if (folder->unPackSize == NULL)
2450 goto failed;
2451 for (j = 0; j < folder->numOutStreams; j++) {
2452 if (parse_7zip_uint64(a, &(folder->unPackSize[j])) < 0)
2453 goto failed;
2454 }
2455 }
2456
2457 /*
2458 * Read CRCs.
2459 */
2460 if ((p = header_bytes(a, 1)) == NULL)
2461 goto failed;
2462 if (*p == kEnd)
2463 return (0);
2464 if (*p != kCRC)
2465 goto failed;
2466 if (read_Digests(a, &digest, (size_t)ci->numFolders) < 0)
2467 goto failed;
2468 for (i = 0; i < ci->numFolders; i++) {
2469 ci->folders[i].digest_defined = digest.defineds[i];
2470 ci->folders[i].digest = digest.digests[i];
2471 }
2472
2473 /*
2474 * Must be kEnd.
2475 */
2476 if ((p = header_bytes(a, 1)) == NULL)
2477 goto failed;
2478 if (*p != kEnd)
2479 goto failed;
2480 free_Digest(&digest);
2481 return (0);
2482 failed:
2483 free_Digest(&digest);
2484 return (-1);
2485 }
2486
2487 static uint64_t
folder_uncompressed_size(struct _7z_folder * f)2488 folder_uncompressed_size(struct _7z_folder *f)
2489 {
2490 int n = (int)f->numOutStreams;
2491 unsigned pairs = (unsigned)f->numBindPairs;
2492
2493 while (--n >= 0) {
2494 unsigned i;
2495 for (i = 0; i < pairs; i++) {
2496 if (f->bindPairs[i].outIndex == (uint64_t)n)
2497 break;
2498 }
2499 if (i >= pairs)
2500 return (f->unPackSize[n]);
2501 }
2502 return (0);
2503 }
2504
2505 static void
free_SubStreamsInfo(struct _7z_substream_info * ss)2506 free_SubStreamsInfo(struct _7z_substream_info *ss)
2507 {
2508 free(ss->unpackSizes);
2509 free(ss->digestsDefined);
2510 free(ss->digests);
2511 }
2512
2513 static int
read_SubStreamsInfo(struct archive_read * a,struct _7z_substream_info * ss,struct _7z_folder * f,size_t numFolders)2514 read_SubStreamsInfo(struct archive_read *a, struct _7z_substream_info *ss,
2515 struct _7z_folder *f, size_t numFolders)
2516 {
2517 const unsigned char *p;
2518 uint64_t *usizes;
2519 size_t unpack_streams;
2520 int type;
2521 unsigned i;
2522 uint32_t numDigests;
2523
2524 memset(ss, 0, sizeof(*ss));
2525
2526 for (i = 0; i < numFolders; i++)
2527 f[i].numUnpackStreams = 1;
2528
2529 if ((p = header_bytes(a, 1)) == NULL)
2530 return (-1);
2531 type = *p;
2532
2533 if (type == kNumUnPackStream) {
2534 unpack_streams = 0;
2535 for (i = 0; i < numFolders; i++) {
2536 if (parse_7zip_uint64(a, &(f[i].numUnpackStreams)) < 0)
2537 return (-1);
2538 if (UMAX_ENTRY < f[i].numUnpackStreams)
2539 return (-1);
2540 if (unpack_streams > SIZE_MAX - UMAX_ENTRY) {
2541 return (-1);
2542 }
2543 unpack_streams += (size_t)f[i].numUnpackStreams;
2544 }
2545 if ((p = header_bytes(a, 1)) == NULL)
2546 return (-1);
2547 type = *p;
2548 } else
2549 unpack_streams = numFolders;
2550
2551 ss->unpack_streams = unpack_streams;
2552 if (unpack_streams) {
2553 ss->unpackSizes = calloc(unpack_streams,
2554 sizeof(*ss->unpackSizes));
2555 ss->digestsDefined = calloc(unpack_streams,
2556 sizeof(*ss->digestsDefined));
2557 ss->digests = calloc(unpack_streams,
2558 sizeof(*ss->digests));
2559 if (ss->unpackSizes == NULL || ss->digestsDefined == NULL ||
2560 ss->digests == NULL)
2561 return (-1);
2562 }
2563
2564 usizes = ss->unpackSizes;
2565 for (i = 0; i < numFolders; i++) {
2566 unsigned pack;
2567 uint64_t size, sum;
2568
2569 if (f[i].numUnpackStreams == 0)
2570 continue;
2571
2572 sum = 0;
2573 if (type == kSize) {
2574 for (pack = 1; pack < f[i].numUnpackStreams; pack++) {
2575 if (parse_7zip_uint64(a, usizes) < 0)
2576 return (-1);
2577 if (*usizes > UINT64_MAX - sum)
2578 return (-1);
2579 sum += *usizes++;
2580 }
2581 }
2582 size = folder_uncompressed_size(&f[i]);
2583 if (size < sum)
2584 return (-1);
2585 *usizes++ = size - sum;
2586 }
2587
2588 if (type == kSize) {
2589 if ((p = header_bytes(a, 1)) == NULL)
2590 return (-1);
2591 type = *p;
2592 }
2593
2594 for (i = 0; i < unpack_streams; i++) {
2595 ss->digestsDefined[i] = 0;
2596 ss->digests[i] = 0;
2597 }
2598
2599 numDigests = 0;
2600 for (i = 0; i < numFolders; i++) {
2601 if (f[i].numUnpackStreams != 1 || !f[i].digest_defined)
2602 numDigests += (uint32_t)f[i].numUnpackStreams;
2603 }
2604
2605 if (type == kCRC) {
2606 struct _7z_digests tmpDigests;
2607 unsigned char *digestsDefined = ss->digestsDefined;
2608 uint32_t * digests = ss->digests;
2609 int di = 0;
2610
2611 memset(&tmpDigests, 0, sizeof(tmpDigests));
2612 if (read_Digests(a, &(tmpDigests), numDigests) < 0) {
2613 free_Digest(&tmpDigests);
2614 return (-1);
2615 }
2616 for (i = 0; i < numFolders; i++) {
2617 if (f[i].numUnpackStreams == 1 && f[i].digest_defined) {
2618 *digestsDefined++ = 1;
2619 *digests++ = f[i].digest;
2620 } else {
2621 unsigned j;
2622
2623 for (j = 0; j < f[i].numUnpackStreams;
2624 j++, di++) {
2625 *digestsDefined++ =
2626 tmpDigests.defineds[di];
2627 *digests++ =
2628 tmpDigests.digests[di];
2629 }
2630 }
2631 }
2632 free_Digest(&tmpDigests);
2633 if ((p = header_bytes(a, 1)) == NULL)
2634 return (-1);
2635 type = *p;
2636 }
2637
2638 /*
2639 * Must be kEnd.
2640 */
2641 if (type != kEnd)
2642 return (-1);
2643 return (0);
2644 }
2645
2646 static void
free_StreamsInfo(struct _7z_stream_info * si)2647 free_StreamsInfo(struct _7z_stream_info *si)
2648 {
2649 free_PackInfo(&(si->pi));
2650 free_CodersInfo(&(si->ci));
2651 free_SubStreamsInfo(&(si->ss));
2652 }
2653
2654 static int
read_StreamsInfo(struct archive_read * a,struct _7z_stream_info * si)2655 read_StreamsInfo(struct archive_read *a, struct _7z_stream_info *si)
2656 {
2657 struct _7zip *zip = (struct _7zip *)a->format->data;
2658 const unsigned char *p;
2659 unsigned i;
2660
2661 memset(si, 0, sizeof(*si));
2662
2663 if ((p = header_bytes(a, 1)) == NULL)
2664 return (-1);
2665 if (*p == kPackInfo) {
2666 uint64_t packPos;
2667
2668 if (read_PackInfo(a, &(si->pi)) < 0)
2669 return (-1);
2670
2671 if (si->pi.positions == NULL || si->pi.sizes == NULL)
2672 return (-1);
2673 /*
2674 * Calculate packed stream positions.
2675 */
2676 packPos = si->pi.pos;
2677 for (i = 0; i < si->pi.numPackStreams; i++) {
2678 si->pi.positions[i] = packPos;
2679 if (packPos > UINT64_MAX - si->pi.sizes[i])
2680 return (-1);
2681 packPos += si->pi.sizes[i];
2682 if (packPos > zip->header_offset)
2683 return (-1);
2684 }
2685 if ((p = header_bytes(a, 1)) == NULL)
2686 return (-1);
2687 }
2688 if (*p == kUnPackInfo) {
2689 uint32_t packIndex;
2690 struct _7z_folder *f;
2691
2692 if (read_CodersInfo(a, &(si->ci)) < 0)
2693 return (-1);
2694
2695 /*
2696 * Calculate packed stream indexes.
2697 */
2698 packIndex = 0;
2699 f = si->ci.folders;
2700 for (i = 0; i < si->ci.numFolders; i++) {
2701 f[i].packIndex = packIndex;
2702 if (f[i].numPackedStreams > UINT32_MAX)
2703 return (-1);
2704 if (packIndex > UINT32_MAX - (uint32_t)f[i].numPackedStreams)
2705 return (-1);
2706 packIndex += (uint32_t)f[i].numPackedStreams;
2707 if (packIndex > si->pi.numPackStreams)
2708 return (-1);
2709 }
2710 if ((p = header_bytes(a, 1)) == NULL)
2711 return (-1);
2712 }
2713
2714 if (*p == kSubStreamsInfo) {
2715 if (read_SubStreamsInfo(a, &(si->ss),
2716 si->ci.folders, (size_t)si->ci.numFolders) < 0)
2717 return (-1);
2718 if ((p = header_bytes(a, 1)) == NULL)
2719 return (-1);
2720 }
2721
2722 /*
2723 * Must be kEnd.
2724 */
2725 if (*p != kEnd)
2726 return (-1);
2727 return (0);
2728 }
2729
2730 static void
free_Header(struct _7z_header_info * h)2731 free_Header(struct _7z_header_info *h)
2732 {
2733 free(h->emptyStreamBools);
2734 free(h->emptyFileBools);
2735 free(h->antiBools);
2736 free(h->attrBools);
2737 }
2738
2739 static int
read_Header(struct archive_read * a,struct _7z_header_info * h,int check_header_id)2740 read_Header(struct archive_read *a, struct _7z_header_info *h,
2741 int check_header_id)
2742 {
2743 struct _7zip *zip = (struct _7zip *)a->format->data;
2744 const unsigned char *p;
2745 struct _7z_folder *folders;
2746 struct _7z_stream_info *si = &(zip->si);
2747 struct _7zip_entry *entries;
2748 uint32_t folderIndex, indexInFolder;
2749 unsigned i;
2750 int eindex, empty_streams, sindex;
2751
2752 if (check_header_id) {
2753 /*
2754 * Read Header.
2755 */
2756 if ((p = header_bytes(a, 1)) == NULL)
2757 return (-1);
2758 if (*p != kHeader)
2759 return (-1);
2760 }
2761
2762 /*
2763 * Read ArchiveProperties.
2764 */
2765 if ((p = header_bytes(a, 1)) == NULL)
2766 return (-1);
2767 if (*p == kArchiveProperties) {
2768 for (;;) {
2769 uint64_t size;
2770 if ((p = header_bytes(a, 1)) == NULL)
2771 return (-1);
2772 if (*p == 0)
2773 break;
2774 if (parse_7zip_uint64(a, &size) < 0)
2775 return (-1);
2776 }
2777 if ((p = header_bytes(a, 1)) == NULL)
2778 return (-1);
2779 }
2780
2781 /*
2782 * Read MainStreamsInfo.
2783 */
2784 if (*p == kMainStreamsInfo) {
2785 if (read_StreamsInfo(a, &(zip->si)) < 0)
2786 return (-1);
2787 if ((p = header_bytes(a, 1)) == NULL)
2788 return (-1);
2789 }
2790 if (*p == kEnd)
2791 return (0);
2792
2793 /*
2794 * Read FilesInfo.
2795 */
2796 if (*p != kFilesInfo)
2797 return (-1);
2798
2799 if (parse_7zip_uint64(a, &(zip->numFiles)) < 0)
2800 return (-1);
2801 if (UMAX_ENTRY < zip->numFiles)
2802 return (-1);
2803
2804 zip->entries = calloc((size_t)zip->numFiles, sizeof(*zip->entries));
2805 if (zip->entries == NULL)
2806 return (-1);
2807 entries = zip->entries;
2808
2809 empty_streams = 0;
2810 for (;;) {
2811 int type;
2812 uint64_t size;
2813 size_t ll;
2814
2815 if ((p = header_bytes(a, 1)) == NULL)
2816 return (-1);
2817 type = *p;
2818 if (type == kEnd)
2819 break;
2820
2821 if (parse_7zip_uint64(a, &size) < 0)
2822 return (-1);
2823 if (zip->header_bytes_remaining < size)
2824 return (-1);
2825 ll = (size_t)size;
2826
2827 switch (type) {
2828 case kEmptyStream:
2829 if (h->emptyStreamBools != NULL)
2830 return (-1);
2831 h->emptyStreamBools = calloc((size_t)zip->numFiles,
2832 sizeof(*h->emptyStreamBools));
2833 if (h->emptyStreamBools == NULL)
2834 return (-1);
2835 if (read_Bools(
2836 a, h->emptyStreamBools, (size_t)zip->numFiles) < 0)
2837 return (-1);
2838 empty_streams = 0;
2839 for (i = 0; i < zip->numFiles; i++) {
2840 if (h->emptyStreamBools[i])
2841 empty_streams++;
2842 }
2843 break;
2844 case kEmptyFile:
2845 if (empty_streams <= 0) {
2846 /* Unexcepted sequence. Skip this. */
2847 if (header_bytes(a, ll) == NULL)
2848 return (-1);
2849 break;
2850 }
2851 if (h->emptyFileBools != NULL)
2852 return (-1);
2853 h->emptyFileBools = calloc(empty_streams,
2854 sizeof(*h->emptyFileBools));
2855 if (h->emptyFileBools == NULL)
2856 return (-1);
2857 if (read_Bools(a, h->emptyFileBools, empty_streams) < 0)
2858 return (-1);
2859 break;
2860 case kAnti:
2861 if (empty_streams <= 0) {
2862 /* Unexcepted sequence. Skip this. */
2863 if (header_bytes(a, ll) == NULL)
2864 return (-1);
2865 break;
2866 }
2867 if (h->antiBools != NULL)
2868 return (-1);
2869 h->antiBools = calloc(empty_streams,
2870 sizeof(*h->antiBools));
2871 if (h->antiBools == NULL)
2872 return (-1);
2873 if (read_Bools(a, h->antiBools, empty_streams) < 0)
2874 return (-1);
2875 break;
2876 case kCTime:
2877 case kATime:
2878 case kMTime:
2879 if (read_Times(a, h, type) < 0)
2880 return (-1);
2881 break;
2882 case kName:
2883 {
2884 unsigned char *np;
2885 size_t nl, nb;
2886
2887 /* Skip one byte. */
2888 if ((p = header_bytes(a, 1)) == NULL)
2889 return (-1);
2890 ll--;
2891
2892 if ((ll & 1) || ll < zip->numFiles * 4)
2893 return (-1);
2894
2895 if (zip->entry_names != NULL)
2896 return (-1);
2897 zip->entry_names = malloc(ll);
2898 if (zip->entry_names == NULL)
2899 return (-1);
2900 np = zip->entry_names;
2901 nb = ll;
2902 /*
2903 * Copy whole file names.
2904 * NOTE: This loop prevents from expanding
2905 * the uncompressed buffer in order not to
2906 * use extra memory resource.
2907 */
2908 while (nb) {
2909 size_t b;
2910 if (nb > UBUFF_SIZE)
2911 b = UBUFF_SIZE;
2912 else
2913 b = nb;
2914 if ((p = header_bytes(a, b)) == NULL)
2915 return (-1);
2916 memcpy(np, p, b);
2917 np += b;
2918 nb -= b;
2919 }
2920 np = zip->entry_names;
2921 nl = ll;
2922
2923 for (i = 0; i < zip->numFiles; i++) {
2924 entries[i].utf16name = np;
2925 #if defined(_WIN32) && !defined(__CYGWIN__) && defined(_DEBUG)
2926 entries[i].wname = (wchar_t *)np;
2927 #endif
2928
2929 /* Find a terminator. */
2930 while (nl >= 2 && (np[0] || np[1])) {
2931 np += 2;
2932 nl -= 2;
2933 }
2934 if (nl < 2)
2935 return (-1);/* Terminator not found */
2936 entries[i].name_len = np - entries[i].utf16name;
2937 np += 2;
2938 nl -= 2;
2939 }
2940 break;
2941 }
2942 case kAttributes:
2943 {
2944 int allAreDefined;
2945
2946 if ((p = header_bytes(a, 2)) == NULL)
2947 return (-1);
2948 allAreDefined = *p;
2949 if (h->attrBools != NULL)
2950 return (-1);
2951 h->attrBools = calloc((size_t)zip->numFiles,
2952 sizeof(*h->attrBools));
2953 if (h->attrBools == NULL)
2954 return (-1);
2955 if (allAreDefined)
2956 memset(h->attrBools, 1, (size_t)zip->numFiles);
2957 else {
2958 if (read_Bools(a, h->attrBools,
2959 (size_t)zip->numFiles) < 0)
2960 return (-1);
2961 }
2962 for (i = 0; i < zip->numFiles; i++) {
2963 if (h->attrBools[i]) {
2964 if ((p = header_bytes(a, 4)) == NULL)
2965 return (-1);
2966 entries[i].attr = archive_le32dec(p);
2967 }
2968 }
2969 break;
2970 }
2971 case kDummy:
2972 if (ll == 0)
2973 break;
2974 __LA_FALLTHROUGH;
2975 default:
2976 if (header_bytes(a, ll) == NULL)
2977 return (-1);
2978 break;
2979 }
2980 }
2981
2982 /*
2983 * Set up entry's attributes.
2984 */
2985 folders = si->ci.folders;
2986 eindex = sindex = 0;
2987 folderIndex = indexInFolder = 0;
2988 for (i = 0; i < zip->numFiles; i++) {
2989 if (h->emptyStreamBools == NULL || h->emptyStreamBools[i] == 0)
2990 entries[i].flg |= HAS_STREAM;
2991 /* The high 16 bits of attributes is a posix file mode. */
2992 entries[i].mode = entries[i].attr >> 16;
2993
2994 if (!(entries[i].attr & FILE_ATTRIBUTE_UNIX_EXTENSION)) {
2995 // Only windows permissions specified for this entry. Translate to
2996 // reasonable corresponding unix permissions.
2997
2998 if (entries[i].attr & FILE_ATTRIBUTE_DIRECTORY) {
2999 if (entries[i].attr & FILE_ATTRIBUTE_READONLY) {
3000 // Read-only directory.
3001 entries[i].mode = AE_IFDIR | 0555;
3002 } else {
3003 // Read-write directory.
3004 entries[i].mode = AE_IFDIR | 0755;
3005 }
3006 } else if (entries[i].attr & FILE_ATTRIBUTE_READONLY) {
3007 // Readonly file.
3008 entries[i].mode = AE_IFREG | 0444;
3009 } else {
3010 // Assume read-write file.
3011 entries[i].mode = AE_IFREG | 0644;
3012 }
3013 }
3014
3015 if (entries[i].flg & HAS_STREAM) {
3016 if ((size_t)sindex >= si->ss.unpack_streams)
3017 return (-1);
3018 if (entries[i].mode == 0)
3019 entries[i].mode = AE_IFREG | 0666;
3020 if (si->ss.digestsDefined[sindex])
3021 entries[i].flg |= CRC32_IS_SET;
3022 entries[i].ssIndex = sindex;
3023 sindex++;
3024 } else {
3025 int dir;
3026 if (h->emptyFileBools == NULL)
3027 dir = 1;
3028 else {
3029 if (h->emptyFileBools[eindex])
3030 dir = 0;
3031 else
3032 dir = 1;
3033 eindex++;
3034 }
3035 if (entries[i].mode == 0) {
3036 if (dir)
3037 entries[i].mode = AE_IFDIR | 0777;
3038 else
3039 entries[i].mode = AE_IFREG | 0666;
3040 } else if (dir &&
3041 (entries[i].mode & AE_IFMT) != AE_IFDIR) {
3042 entries[i].mode &= ~AE_IFMT;
3043 entries[i].mode |= AE_IFDIR;
3044 }
3045 if ((entries[i].mode & AE_IFMT) == AE_IFDIR &&
3046 entries[i].name_len >= 2 &&
3047 (entries[i].utf16name[entries[i].name_len-2] != '/' ||
3048 entries[i].utf16name[entries[i].name_len-1] != 0)) {
3049 entries[i].utf16name[entries[i].name_len] = '/';
3050 entries[i].utf16name[entries[i].name_len+1] = 0;
3051 entries[i].name_len += 2;
3052 }
3053 entries[i].ssIndex = -1;
3054 }
3055 if (entries[i].attr & FILE_ATTRIBUTE_READONLY)
3056 entries[i].mode &= ~0222;/* Read only. */
3057
3058 if ((entries[i].flg & HAS_STREAM) == 0 && indexInFolder == 0) {
3059 /*
3060 * The entry is an empty file or a directory file,
3061 * those both have no contents.
3062 */
3063 entries[i].folderIndex = -1;
3064 continue;
3065 }
3066 if (indexInFolder == 0) {
3067 for (;;) {
3068 if (folderIndex >= si->ci.numFolders)
3069 return (-1);
3070 if (folders[folderIndex].numUnpackStreams)
3071 break;
3072 folderIndex++;
3073 }
3074 }
3075 entries[i].folderIndex = folderIndex;
3076 if ((entries[i].flg & HAS_STREAM) == 0)
3077 continue;
3078 indexInFolder++;
3079 if (indexInFolder >= folders[folderIndex].numUnpackStreams) {
3080 folderIndex++;
3081 indexInFolder = 0;
3082 }
3083 }
3084
3085 return (0);
3086 }
3087
3088 static int
read_Times(struct archive_read * a,struct _7z_header_info * h,int type)3089 read_Times(struct archive_read *a, struct _7z_header_info *h, int type)
3090 {
3091 struct _7zip *zip = (struct _7zip *)a->format->data;
3092 const unsigned char *p;
3093 struct _7zip_entry *entries = zip->entries;
3094 unsigned char *timeBools;
3095 int allAreDefined;
3096 unsigned i;
3097
3098 timeBools = calloc((size_t)zip->numFiles, sizeof(*timeBools));
3099 if (timeBools == NULL)
3100 return (-1);
3101
3102 /* Read allAreDefined. */
3103 if ((p = header_bytes(a, 1)) == NULL)
3104 goto failed;
3105 allAreDefined = *p;
3106 if (allAreDefined)
3107 memset(timeBools, 1, (size_t)zip->numFiles);
3108 else {
3109 if (read_Bools(a, timeBools, (size_t)zip->numFiles) < 0)
3110 goto failed;
3111 }
3112
3113 /* Read external. */
3114 if ((p = header_bytes(a, 1)) == NULL)
3115 goto failed;
3116 if (*p) {
3117 if (parse_7zip_uint64(a, &(h->dataIndex)) < 0)
3118 goto failed;
3119 if (UMAX_ENTRY < h->dataIndex)
3120 goto failed;
3121 }
3122
3123 for (i = 0; i < zip->numFiles; i++) {
3124 if (!timeBools[i])
3125 continue;
3126 if ((p = header_bytes(a, 8)) == NULL)
3127 goto failed;
3128 switch (type) {
3129 case kCTime:
3130 ntfs_to_unix(archive_le64dec(p),
3131 &(entries[i].ctime),
3132 &(entries[i].ctime_ns));
3133 entries[i].flg |= CTIME_IS_SET;
3134 break;
3135 case kATime:
3136 ntfs_to_unix(archive_le64dec(p),
3137 &(entries[i].atime),
3138 &(entries[i].atime_ns));
3139 entries[i].flg |= ATIME_IS_SET;
3140 break;
3141 case kMTime:
3142 ntfs_to_unix(archive_le64dec(p),
3143 &(entries[i].mtime),
3144 &(entries[i].mtime_ns));
3145 entries[i].flg |= MTIME_IS_SET;
3146 break;
3147 }
3148 }
3149
3150 free(timeBools);
3151 return (0);
3152 failed:
3153 free(timeBools);
3154 return (-1);
3155 }
3156
3157 static int
decode_encoded_header_info(struct archive_read * a,struct _7z_stream_info * si)3158 decode_encoded_header_info(struct archive_read *a, struct _7z_stream_info *si)
3159 {
3160 struct _7zip *zip = (struct _7zip *)a->format->data;
3161
3162 errno = 0;
3163 if (read_StreamsInfo(a, si) < 0) {
3164 if (errno == ENOMEM)
3165 archive_set_error(&a->archive, -1,
3166 "Couldn't allocate memory");
3167 else
3168 archive_set_error(&a->archive, -1,
3169 "Malformed 7-Zip archive");
3170 return (ARCHIVE_FATAL);
3171 }
3172
3173 if (si->pi.numPackStreams == 0 || si->ci.numFolders == 0) {
3174 archive_set_error(&a->archive, -1, "Malformed 7-Zip archive");
3175 return (ARCHIVE_FATAL);
3176 }
3177
3178 if (zip->header_offset < si->pi.pos + si->pi.sizes[0] ||
3179 (int64_t)(si->pi.pos + si->pi.sizes[0]) < 0 ||
3180 si->pi.sizes[0] == 0 || (int64_t)si->pi.pos < 0) {
3181 archive_set_error(&a->archive, -1, "Malformed Header offset");
3182 return (ARCHIVE_FATAL);
3183 }
3184
3185 return (ARCHIVE_OK);
3186 }
3187
3188 static const unsigned char *
header_bytes(struct archive_read * a,size_t rbytes)3189 header_bytes(struct archive_read *a, size_t rbytes)
3190 {
3191 struct _7zip *zip = (struct _7zip *)a->format->data;
3192 const unsigned char *p;
3193
3194 if (zip->header_bytes_remaining < rbytes)
3195 return (NULL);
3196 if (zip->pack_stream_bytes_unconsumed)
3197 read_consume(a);
3198
3199 if (zip->header_is_encoded == 0) {
3200 p = __archive_read_ahead(a, rbytes, NULL);
3201 if (p == NULL)
3202 return (NULL);
3203 zip->header_bytes_remaining -= rbytes;
3204 zip->pack_stream_bytes_unconsumed = rbytes;
3205 } else {
3206 const void *buff;
3207 ssize_t bytes;
3208
3209 bytes = read_stream(a, &buff, rbytes, rbytes);
3210 if (bytes <= 0)
3211 return (NULL);
3212 zip->header_bytes_remaining -= bytes;
3213 p = buff;
3214 }
3215
3216 /* Update checksum */
3217 zip->header_crc32 = crc32(zip->header_crc32, p, (unsigned)rbytes);
3218 return (p);
3219 }
3220
3221 static int
slurp_central_directory(struct archive_read * a,struct _7zip * zip,struct _7z_header_info * header)3222 slurp_central_directory(struct archive_read *a, struct _7zip *zip,
3223 struct _7z_header_info *header)
3224 {
3225 const unsigned char *p;
3226 uint64_t next_header_offset;
3227 uint64_t next_header_size;
3228 uint32_t next_header_crc;
3229 ssize_t bytes_avail;
3230 int check_header_crc, r;
3231
3232 if ((p = __archive_read_ahead(a, 32, &bytes_avail)) == NULL)
3233 return (ARCHIVE_FATAL);
3234
3235 if ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0) {
3236 /* This is an executable ? Must be self-extracting... */
3237 const ssize_t min_addr = p[0] == 'M' ? find_pe_overlay(a) :
3238 find_elf_data_sec(a);
3239 r = skip_sfx(a, min_addr);
3240 if (r < ARCHIVE_WARN)
3241 return (r);
3242 if ((p = __archive_read_ahead(a, 32, &bytes_avail)) == NULL)
3243 return (ARCHIVE_FATAL);
3244 }
3245 zip->seek_base += 32;
3246
3247 if (memcmp(p, _7ZIP_SIGNATURE, 6) != 0) {
3248 archive_set_error(&a->archive, -1, "Not 7-Zip archive file");
3249 return (ARCHIVE_FATAL);
3250 }
3251
3252 /* CRC check. */
3253 if (crc32(0, (const unsigned char *)p + 12, 20)
3254 != archive_le32dec(p + 8)) {
3255 #ifndef DONT_FAIL_ON_CRC_ERROR
3256 archive_set_error(&a->archive, -1, "Header CRC error");
3257 return (ARCHIVE_FATAL);
3258 #endif
3259 }
3260
3261 next_header_offset = archive_le64dec(p + 12);
3262 next_header_size = archive_le64dec(p + 20);
3263 next_header_crc = archive_le32dec(p + 28);
3264
3265 if (next_header_size == 0)
3266 /* There is no entry in an archive file. */
3267 return (ARCHIVE_EOF);
3268
3269 if (((int64_t)next_header_offset) < 0) {
3270 archive_set_error(&a->archive, -1, "Malformed 7-Zip archive");
3271 return (ARCHIVE_FATAL);
3272 }
3273 __archive_read_consume(a, 32);
3274 if (next_header_offset != 0) {
3275 if (bytes_avail >= (ssize_t)next_header_offset)
3276 __archive_read_consume(a, next_header_offset);
3277 else if (__archive_read_seek(a,
3278 next_header_offset + zip->seek_base, SEEK_SET) < 0)
3279 return (ARCHIVE_FATAL);
3280 }
3281 zip->stream_offset = next_header_offset;
3282 zip->header_offset = next_header_offset;
3283 zip->header_bytes_remaining = next_header_size;
3284 zip->header_crc32 = 0;
3285 zip->header_is_encoded = 0;
3286 zip->header_is_being_read = 1;
3287 zip->has_encrypted_entries = 0;
3288 check_header_crc = 1;
3289
3290 if ((p = header_bytes(a, 1)) == NULL) {
3291 archive_set_error(&a->archive,
3292 ARCHIVE_ERRNO_FILE_FORMAT,
3293 "Truncated 7-Zip file body");
3294 return (ARCHIVE_FATAL);
3295 }
3296 /* Parse ArchiveProperties. */
3297 switch (p[0]) {
3298 case kEncodedHeader:
3299 /*
3300 * The archive has an encoded header and we have to decode it
3301 * in order to parse the header correctly.
3302 */
3303 r = decode_encoded_header_info(a, &(zip->si));
3304
3305 /* Check the EncodedHeader CRC.*/
3306 if (r == 0 && zip->header_crc32 != next_header_crc) {
3307 #ifndef DONT_FAIL_ON_CRC_ERROR
3308 archive_set_error(&a->archive, -1,
3309 "Damaged 7-Zip archive");
3310 r = -1;
3311 #endif
3312 }
3313 if (r == 0) {
3314 if (zip->si.ci.folders[0].digest_defined)
3315 next_header_crc = zip->si.ci.folders[0].digest;
3316 else
3317 check_header_crc = 0;
3318 if (zip->pack_stream_bytes_unconsumed)
3319 read_consume(a);
3320 r = setup_decode_folder(a, zip->si.ci.folders, 1);
3321 if (r == 0) {
3322 zip->header_bytes_remaining =
3323 zip->folder_outbytes_remaining;
3324 r = seek_pack(a);
3325 }
3326 }
3327 /* Clean up StreamsInfo. */
3328 free_StreamsInfo(&(zip->si));
3329 memset(&(zip->si), 0, sizeof(zip->si));
3330 if (r < 0)
3331 return (ARCHIVE_FATAL);
3332 zip->header_is_encoded = 1;
3333 zip->header_crc32 = 0;
3334 /* FALL THROUGH */
3335 case kHeader:
3336 /*
3337 * Parse the header.
3338 */
3339 errno = 0;
3340 r = read_Header(a, header, zip->header_is_encoded);
3341 if (r < 0) {
3342 if (errno == ENOMEM)
3343 archive_set_error(&a->archive, -1,
3344 "Couldn't allocate memory");
3345 else
3346 archive_set_error(&a->archive, -1,
3347 "Damaged 7-Zip archive");
3348 return (ARCHIVE_FATAL);
3349 }
3350
3351 /*
3352 * Must be kEnd.
3353 */
3354 if ((p = header_bytes(a, 1)) == NULL ||*p != kEnd) {
3355 archive_set_error(&a->archive, -1,
3356 "Malformed 7-Zip archive");
3357 return (ARCHIVE_FATAL);
3358 }
3359
3360 /* Check the Header CRC.*/
3361 if (check_header_crc && zip->header_crc32 != next_header_crc) {
3362 #ifndef DONT_FAIL_ON_CRC_ERROR
3363 archive_set_error(&a->archive, -1,
3364 "Malformed 7-Zip archive");
3365 return (ARCHIVE_FATAL);
3366 #endif
3367 }
3368 break;
3369 default:
3370 archive_set_error(&a->archive, -1,
3371 "Unexpected Property ID = %X", p[0]);
3372 return (ARCHIVE_FATAL);
3373 }
3374
3375 /* Clean up variables be used for decoding the archive header */
3376 zip->pack_stream_remaining = 0;
3377 zip->pack_stream_index = 0;
3378 zip->folder_outbytes_remaining = 0;
3379 zip->uncompressed_buffer_bytes_remaining = 0;
3380 zip->pack_stream_bytes_unconsumed = 0;
3381 zip->header_is_being_read = 0;
3382
3383 return (ARCHIVE_OK);
3384 }
3385
3386 static ssize_t
get_uncompressed_data(struct archive_read * a,const void ** buff,size_t size,size_t minimum)3387 get_uncompressed_data(struct archive_read *a, const void **buff, size_t size,
3388 size_t minimum)
3389 {
3390 struct _7zip *zip = (struct _7zip *)a->format->data;
3391 ssize_t bytes_avail;
3392
3393 if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
3394 /* Copy mode. */
3395
3396 *buff = __archive_read_ahead(a, minimum, &bytes_avail);
3397 if (*buff == NULL) {
3398 archive_set_error(&a->archive,
3399 ARCHIVE_ERRNO_FILE_FORMAT,
3400 "Truncated 7-Zip file data");
3401 return (ARCHIVE_FATAL);
3402 }
3403 if ((size_t)bytes_avail >
3404 zip->uncompressed_buffer_bytes_remaining)
3405 bytes_avail = (ssize_t)
3406 zip->uncompressed_buffer_bytes_remaining;
3407 if ((size_t)bytes_avail > size)
3408 bytes_avail = (ssize_t)size;
3409
3410 zip->pack_stream_bytes_unconsumed = bytes_avail;
3411 } else if (zip->uncompressed_buffer_pointer == NULL) {
3412 /* Decompression has failed. */
3413 archive_set_error(&(a->archive),
3414 ARCHIVE_ERRNO_MISC, "Damaged 7-Zip archive");
3415 return (ARCHIVE_FATAL);
3416 } else {
3417 /* Packed mode. */
3418 if (minimum > zip->uncompressed_buffer_bytes_remaining) {
3419 /*
3420 * If remaining uncompressed data size is less than
3421 * the minimum size, fill the buffer up to the
3422 * minimum size.
3423 */
3424 if (extract_pack_stream(a, minimum) < 0)
3425 return (ARCHIVE_FATAL);
3426 }
3427 if (size > zip->uncompressed_buffer_bytes_remaining)
3428 bytes_avail = (ssize_t)
3429 zip->uncompressed_buffer_bytes_remaining;
3430 else
3431 bytes_avail = (ssize_t)size;
3432 *buff = zip->uncompressed_buffer_pointer;
3433 zip->uncompressed_buffer_pointer += bytes_avail;
3434 }
3435 zip->uncompressed_buffer_bytes_remaining -= bytes_avail;
3436 return (bytes_avail);
3437 }
3438
3439 static ssize_t
extract_pack_stream(struct archive_read * a,size_t minimum)3440 extract_pack_stream(struct archive_read *a, size_t minimum)
3441 {
3442 struct _7zip *zip = (struct _7zip *)a->format->data;
3443 ssize_t bytes_avail;
3444 int r;
3445
3446 if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
3447 if (minimum == 0)
3448 minimum = 1;
3449 if (__archive_read_ahead(a, minimum, &bytes_avail) == NULL
3450 || bytes_avail <= 0) {
3451 archive_set_error(&a->archive,
3452 ARCHIVE_ERRNO_FILE_FORMAT,
3453 "Truncated 7-Zip file body");
3454 return (ARCHIVE_FATAL);
3455 }
3456 if ((uint64_t)bytes_avail > zip->pack_stream_inbytes_remaining)
3457 bytes_avail = (ssize_t)zip->pack_stream_inbytes_remaining;
3458 zip->pack_stream_inbytes_remaining -= bytes_avail;
3459 if ((uint64_t)bytes_avail > zip->folder_outbytes_remaining)
3460 bytes_avail = (ssize_t)zip->folder_outbytes_remaining;
3461 zip->folder_outbytes_remaining -= bytes_avail;
3462 zip->uncompressed_buffer_bytes_remaining = bytes_avail;
3463 return (ARCHIVE_OK);
3464 }
3465
3466 /* If the buffer hasn't been allocated, allocate it now. */
3467 if (zip->uncompressed_buffer == NULL) {
3468 zip->uncompressed_buffer_size = UBUFF_SIZE;
3469 if (zip->uncompressed_buffer_size < minimum) {
3470 zip->uncompressed_buffer_size = minimum + 1023;
3471 zip->uncompressed_buffer_size &= ~0x3ff;
3472 }
3473 zip->uncompressed_buffer =
3474 malloc(zip->uncompressed_buffer_size);
3475 if (zip->uncompressed_buffer == NULL) {
3476 archive_set_error(&a->archive, ENOMEM,
3477 "No memory for 7-Zip decompression");
3478 return (ARCHIVE_FATAL);
3479 }
3480 zip->uncompressed_buffer_bytes_remaining = 0;
3481 } else if (zip->uncompressed_buffer_size < minimum ||
3482 zip->uncompressed_buffer_bytes_remaining < minimum) {
3483 /*
3484 * Make sure the uncompressed buffer can have bytes
3485 * at least `minimum' bytes.
3486 * NOTE: This case happen when reading the header.
3487 */
3488 size_t used;
3489 if (zip->uncompressed_buffer_pointer != 0)
3490 used = zip->uncompressed_buffer_pointer -
3491 zip->uncompressed_buffer;
3492 else
3493 used = 0;
3494 if (zip->uncompressed_buffer_size < minimum) {
3495 /*
3496 * Expand the uncompressed buffer up to
3497 * the minimum size.
3498 */
3499 void *p;
3500 size_t new_size;
3501
3502 new_size = minimum + 1023;
3503 new_size &= ~0x3ff;
3504 p = realloc(zip->uncompressed_buffer, new_size);
3505 if (p == NULL) {
3506 archive_set_error(&a->archive, ENOMEM,
3507 "No memory for 7-Zip decompression");
3508 return (ARCHIVE_FATAL);
3509 }
3510 zip->uncompressed_buffer = (unsigned char *)p;
3511 zip->uncompressed_buffer_size = new_size;
3512 }
3513 /*
3514 * Move unconsumed bytes to the head.
3515 */
3516 if (used) {
3517 memmove(zip->uncompressed_buffer,
3518 zip->uncompressed_buffer + used,
3519 zip->uncompressed_buffer_bytes_remaining);
3520 }
3521 } else
3522 zip->uncompressed_buffer_bytes_remaining = 0;
3523 zip->uncompressed_buffer_pointer = NULL;
3524 for (;;) {
3525 size_t bytes_in, bytes_out;
3526 const void *buff_in;
3527 unsigned char *buff_out;
3528 int end_of_data;
3529
3530 /*
3531 * Note: '1' here is a performance optimization.
3532 * Recall that the decompression layer returns a count of
3533 * available bytes; asking for more than that forces the
3534 * decompressor to combine reads by copying data.
3535 */
3536 buff_in = __archive_read_ahead(a, 1, &bytes_avail);
3537 if (bytes_avail <= 0) {
3538 archive_set_error(&a->archive,
3539 ARCHIVE_ERRNO_FILE_FORMAT,
3540 "Truncated 7-Zip file body");
3541 return (ARCHIVE_FATAL);
3542 }
3543
3544 buff_out = zip->uncompressed_buffer
3545 + zip->uncompressed_buffer_bytes_remaining;
3546 bytes_out = zip->uncompressed_buffer_size
3547 - zip->uncompressed_buffer_bytes_remaining;
3548 bytes_in = bytes_avail;
3549 if (bytes_in > zip->pack_stream_inbytes_remaining)
3550 bytes_in = (size_t)zip->pack_stream_inbytes_remaining;
3551 /* Drive decompression. */
3552 r = decompress(a, zip, buff_out, &bytes_out,
3553 buff_in, &bytes_in);
3554 switch (r) {
3555 case ARCHIVE_OK:
3556 end_of_data = 0;
3557 break;
3558 case ARCHIVE_EOF:
3559 end_of_data = 1;
3560 break;
3561 default:
3562 return (ARCHIVE_FATAL);
3563 }
3564 zip->pack_stream_inbytes_remaining -= bytes_in;
3565 if (bytes_out > zip->folder_outbytes_remaining)
3566 bytes_out = (size_t)zip->folder_outbytes_remaining;
3567 zip->folder_outbytes_remaining -= bytes_out;
3568 zip->uncompressed_buffer_bytes_remaining += bytes_out;
3569 zip->pack_stream_bytes_unconsumed = bytes_in;
3570
3571 /*
3572 * Continue decompression until uncompressed_buffer is full.
3573 */
3574 if (zip->uncompressed_buffer_bytes_remaining ==
3575 zip->uncompressed_buffer_size)
3576 break;
3577 if (zip->codec2 == _7Z_X86 && zip->odd_bcj_size &&
3578 zip->uncompressed_buffer_bytes_remaining + 5 >
3579 zip->uncompressed_buffer_size)
3580 break;
3581 if (zip->pack_stream_inbytes_remaining == 0 &&
3582 zip->folder_outbytes_remaining == 0)
3583 break;
3584 if (end_of_data || (bytes_in == 0 && bytes_out == 0)) {
3585 archive_set_error(&(a->archive),
3586 ARCHIVE_ERRNO_MISC, "Damaged 7-Zip archive");
3587 return (ARCHIVE_FATAL);
3588 }
3589 read_consume(a);
3590 }
3591 if (zip->uncompressed_buffer_bytes_remaining < minimum) {
3592 archive_set_error(&(a->archive),
3593 ARCHIVE_ERRNO_MISC, "Damaged 7-Zip archive");
3594 return (ARCHIVE_FATAL);
3595 }
3596 zip->uncompressed_buffer_pointer = zip->uncompressed_buffer;
3597 return (ARCHIVE_OK);
3598 }
3599
3600 static int
seek_pack(struct archive_read * a)3601 seek_pack(struct archive_read *a)
3602 {
3603 struct _7zip *zip = (struct _7zip *)a->format->data;
3604 int64_t pack_offset;
3605
3606 if (zip->pack_stream_remaining <= 0) {
3607 archive_set_error(&(a->archive),
3608 ARCHIVE_ERRNO_MISC, "Damaged 7-Zip archive");
3609 return (ARCHIVE_FATAL);
3610 }
3611 zip->pack_stream_inbytes_remaining =
3612 zip->si.pi.sizes[zip->pack_stream_index];
3613 pack_offset = zip->si.pi.positions[zip->pack_stream_index];
3614 if (zip->stream_offset != pack_offset) {
3615 if (0 > __archive_read_seek(a, pack_offset + zip->seek_base,
3616 SEEK_SET))
3617 return (ARCHIVE_FATAL);
3618 zip->stream_offset = pack_offset;
3619 }
3620 zip->pack_stream_index++;
3621 zip->pack_stream_remaining--;
3622 return (ARCHIVE_OK);
3623 }
3624
3625 static ssize_t
read_stream(struct archive_read * a,const void ** buff,size_t size,size_t minimum)3626 read_stream(struct archive_read *a, const void **buff, size_t size,
3627 size_t minimum)
3628 {
3629 struct _7zip *zip = (struct _7zip *)a->format->data;
3630 uint64_t skip_bytes = 0;
3631 ssize_t r;
3632
3633 if (zip->uncompressed_buffer_bytes_remaining == 0) {
3634 if (zip->pack_stream_inbytes_remaining > 0) {
3635 r = extract_pack_stream(a, 0);
3636 if (r < 0)
3637 return (r);
3638 return (get_uncompressed_data(a, buff, size, minimum));
3639 } else if (zip->folder_outbytes_remaining > 0) {
3640 /* Extract a remaining pack stream. */
3641 r = extract_pack_stream(a, 0);
3642 if (r < 0)
3643 return (r);
3644 return (get_uncompressed_data(a, buff, size, minimum));
3645 }
3646 } else
3647 return (get_uncompressed_data(a, buff, size, minimum));
3648
3649 /*
3650 * Current pack stream has been consumed.
3651 */
3652 if (zip->pack_stream_remaining == 0) {
3653 if (zip->header_is_being_read) {
3654 /* Invalid sequence. This might happen when
3655 * reading a malformed archive. */
3656 archive_set_error(&(a->archive),
3657 ARCHIVE_ERRNO_MISC, "Malformed 7-Zip archive");
3658 return (ARCHIVE_FATAL);
3659 }
3660
3661 /*
3662 * All current folder's pack streams have been
3663 * consumed. Switch to next folder.
3664 */
3665 if (zip->folder_index == 0 &&
3666 (zip->si.ci.folders[zip->entry->folderIndex].skipped_bytes
3667 || zip->folder_index != zip->entry->folderIndex)) {
3668 zip->folder_index = zip->entry->folderIndex;
3669 skip_bytes =
3670 zip->si.ci.folders[zip->folder_index].skipped_bytes;
3671 }
3672
3673 if (zip->folder_index >= zip->si.ci.numFolders) {
3674 /*
3675 * We have consumed all folders and its pack streams.
3676 */
3677 *buff = NULL;
3678 return (0);
3679 }
3680 r = setup_decode_folder(a,
3681 &(zip->si.ci.folders[zip->folder_index]), 0);
3682 if (r != ARCHIVE_OK)
3683 return (ARCHIVE_FATAL);
3684
3685 zip->folder_index++;
3686 }
3687
3688 /*
3689 * Switch to next pack stream.
3690 */
3691 r = seek_pack(a);
3692 if (r < 0)
3693 return (r);
3694
3695 /* Extract a new pack stream. */
3696 r = extract_pack_stream(a, 0);
3697 if (r < 0)
3698 return (r);
3699
3700 /*
3701 * Skip the bytes we already has skipped in skip_stream().
3702 */
3703 while (1) {
3704 ssize_t skipped;
3705
3706 if (zip->uncompressed_buffer_bytes_remaining == 0) {
3707 if (zip->pack_stream_inbytes_remaining > 0) {
3708 r = extract_pack_stream(a, 0);
3709 if (r < 0)
3710 return (r);
3711 } else if (zip->folder_outbytes_remaining > 0) {
3712 /* Extract a remaining pack stream. */
3713 r = extract_pack_stream(a, 0);
3714 if (r < 0)
3715 return (r);
3716 } else {
3717 archive_set_error(&a->archive,
3718 ARCHIVE_ERRNO_FILE_FORMAT,
3719 "Truncated 7-Zip file body");
3720 return (ARCHIVE_FATAL);
3721 }
3722 }
3723
3724 if (!skip_bytes)
3725 break;
3726
3727 skipped = get_uncompressed_data(
3728 a, buff, (size_t)skip_bytes, 0);
3729 if (skipped < 0)
3730 return (skipped);
3731 skip_bytes -= skipped;
3732 if (zip->pack_stream_bytes_unconsumed)
3733 read_consume(a);
3734 }
3735
3736 return (get_uncompressed_data(a, buff, size, minimum));
3737 }
3738
3739 static int
setup_decode_folder(struct archive_read * a,struct _7z_folder * folder,int header)3740 setup_decode_folder(struct archive_read *a, struct _7z_folder *folder,
3741 int header)
3742 {
3743 struct _7zip *zip = (struct _7zip *)a->format->data;
3744 const struct _7z_coder *coder1, *coder2;
3745 const char *cname = (header)?"archive header":"file content";
3746 unsigned i;
3747 int r, found_bcj2 = 0;
3748
3749 /*
3750 * Release the memory which the previous folder used for BCJ2.
3751 */
3752 for (i = 0; i < 3; i++) {
3753 free(zip->sub_stream_buff[i]);
3754 zip->sub_stream_buff[i] = NULL;
3755 }
3756
3757 /*
3758 * Initialize a stream reader.
3759 */
3760 zip->pack_stream_remaining = (unsigned)folder->numPackedStreams;
3761 zip->pack_stream_index = (unsigned)folder->packIndex;
3762 zip->folder_outbytes_remaining = folder_uncompressed_size(folder);
3763 zip->uncompressed_buffer_bytes_remaining = 0;
3764
3765 /*
3766 * Check coder types.
3767 */
3768 for (i = 0; i < folder->numCoders; i++) {
3769 switch(folder->coders[i].codec) {
3770 case _7Z_CRYPTO_MAIN_ZIP:
3771 case _7Z_CRYPTO_RAR_29:
3772 case _7Z_CRYPTO_AES_256_SHA_256: {
3773 /* For entry that is associated with this folder, mark
3774 it as encrypted (data+metadata). */
3775 zip->has_encrypted_entries = 1;
3776 if (a->entry) {
3777 archive_entry_set_is_data_encrypted(a->entry, 1);
3778 archive_entry_set_is_metadata_encrypted(a->entry, 1);
3779 }
3780 archive_set_error(&(a->archive),
3781 ARCHIVE_ERRNO_MISC,
3782 "The %s is encrypted, "
3783 "but currently not supported", cname);
3784 return (ARCHIVE_FATAL);
3785 }
3786 case _7Z_X86_BCJ2: {
3787 found_bcj2++;
3788 break;
3789 }
3790 }
3791 }
3792 /* Now that we've checked for encryption, if there were still no
3793 * encrypted entries found we can say for sure that there are none.
3794 */
3795 if (zip->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
3796 zip->has_encrypted_entries = 0;
3797 }
3798
3799 if ((folder->numCoders > 2 && !found_bcj2) || found_bcj2 > 1) {
3800 archive_set_error(&(a->archive),
3801 ARCHIVE_ERRNO_MISC,
3802 "The %s is encoded with many filters, "
3803 "but currently not supported", cname);
3804 return (ARCHIVE_FATAL);
3805 }
3806 coder1 = &(folder->coders[0]);
3807 if (folder->numCoders == 2)
3808 coder2 = &(folder->coders[1]);
3809 else
3810 coder2 = NULL;
3811
3812 if (found_bcj2) {
3813 /*
3814 * Preparation to decode BCJ2.
3815 * Decoding BCJ2 requires four sources. Those are at least,
3816 * as far as I know, two types of the storage form.
3817 */
3818 const struct _7z_coder *fc = folder->coders;
3819 static const struct _7z_coder coder_copy = {0, 1, 1, 0, NULL};
3820 const struct _7z_coder *scoder[3] =
3821 {&coder_copy, &coder_copy, &coder_copy};
3822 const void *buff;
3823 ssize_t bytes;
3824 unsigned char *b[3] = {NULL, NULL, NULL};
3825 uint64_t sunpack[3] ={-1, -1, -1};
3826 size_t s[3] = {0, 0, 0};
3827 int idx[3] = {0, 1, 2};
3828
3829 if (folder->numCoders == 4 && fc[3].codec == _7Z_X86_BCJ2 &&
3830 folder->numInStreams == 7 && folder->numOutStreams == 4 &&
3831 zip->pack_stream_remaining == 4) {
3832 /* Source type 1 made by 7zr or 7z with -m options. */
3833 if (folder->bindPairs[0].inIndex == 5) {
3834 /* The form made by 7zr */
3835 idx[0] = 1; idx[1] = 2; idx[2] = 0;
3836 scoder[1] = &(fc[1]);
3837 scoder[2] = &(fc[0]);
3838 sunpack[1] = folder->unPackSize[1];
3839 sunpack[2] = folder->unPackSize[0];
3840 coder1 = &(fc[2]);
3841 } else {
3842 /*
3843 * NOTE: Some patterns do not work.
3844 * work:
3845 * 7z a -m0=BCJ2 -m1=COPY -m2=COPY
3846 * -m3=(any)
3847 * 7z a -m0=BCJ2 -m1=COPY -m2=(any)
3848 * -m3=COPY
3849 * 7z a -m0=BCJ2 -m1=(any) -m2=COPY
3850 * -m3=COPY
3851 * not work:
3852 * other patterns.
3853 *
3854 * We have to handle this like `pipe' or
3855 * our libarchive7s filter frame work,
3856 * decoding the BCJ2 main stream sequentially,
3857 * m3 -> m2 -> m1 -> BCJ2.
3858 *
3859 */
3860 if (fc[0].codec == _7Z_COPY &&
3861 fc[1].codec == _7Z_COPY)
3862 coder1 = &(folder->coders[2]);
3863 else if (fc[0].codec == _7Z_COPY &&
3864 fc[2].codec == _7Z_COPY)
3865 coder1 = &(folder->coders[1]);
3866 else if (fc[1].codec == _7Z_COPY &&
3867 fc[2].codec == _7Z_COPY)
3868 coder1 = &(folder->coders[0]);
3869 else {
3870 archive_set_error(&(a->archive),
3871 ARCHIVE_ERRNO_MISC,
3872 "Unsupported form of "
3873 "BCJ2 streams");
3874 return (ARCHIVE_FATAL);
3875 }
3876 }
3877 coder2 = &(fc[3]);
3878 zip->main_stream_bytes_remaining =
3879 (size_t)folder->unPackSize[2];
3880 } else if (coder2 != NULL && coder2->codec == _7Z_X86_BCJ2 &&
3881 zip->pack_stream_remaining == 4 &&
3882 folder->numInStreams == 5 && folder->numOutStreams == 2) {
3883 /* Source type 0 made by 7z */
3884 zip->main_stream_bytes_remaining =
3885 (size_t)folder->unPackSize[0];
3886 } else {
3887 /* We got an unexpected form. */
3888 archive_set_error(&(a->archive),
3889 ARCHIVE_ERRNO_MISC,
3890 "Unsupported form of BCJ2 streams");
3891 return (ARCHIVE_FATAL);
3892 }
3893
3894 /* Skip the main stream at this time. */
3895 if ((r = seek_pack(a)) < 0)
3896 return (r);
3897 zip->pack_stream_bytes_unconsumed =
3898 (size_t)zip->pack_stream_inbytes_remaining;
3899 read_consume(a);
3900
3901 /* Read following three sub streams. */
3902 for (i = 0; i < 3; i++) {
3903 const struct _7z_coder *coder = scoder[i];
3904
3905 if ((r = seek_pack(a)) < 0) {
3906 free(b[0]); free(b[1]); free(b[2]);
3907 return (r);
3908 }
3909
3910 if (sunpack[i] == (uint64_t)-1)
3911 zip->folder_outbytes_remaining =
3912 zip->pack_stream_inbytes_remaining;
3913 else
3914 zip->folder_outbytes_remaining = sunpack[i];
3915
3916 r = init_decompression(a, zip, coder, NULL);
3917 if (r != ARCHIVE_OK) {
3918 free(b[0]); free(b[1]); free(b[2]);
3919 return (ARCHIVE_FATAL);
3920 }
3921
3922 /* Allocate memory for the decoded data of a sub
3923 * stream. */
3924 b[i] = malloc((size_t)zip->folder_outbytes_remaining);
3925 if (b[i] == NULL) {
3926 free(b[0]); free(b[1]); free(b[2]);
3927 archive_set_error(&a->archive, ENOMEM,
3928 "No memory for 7-Zip decompression");
3929 return (ARCHIVE_FATAL);
3930 }
3931
3932 /* Extract a sub stream. */
3933 while (zip->pack_stream_inbytes_remaining > 0) {
3934 r = (int)extract_pack_stream(a, 0);
3935 if (r < 0) {
3936 free(b[0]); free(b[1]); free(b[2]);
3937 return (r);
3938 }
3939 bytes = get_uncompressed_data(a, &buff,
3940 zip->uncompressed_buffer_bytes_remaining,
3941 0);
3942 if (bytes < 0) {
3943 free(b[0]); free(b[1]); free(b[2]);
3944 return ((int)bytes);
3945 }
3946 memcpy(b[i]+s[i], buff, bytes);
3947 s[i] += bytes;
3948 if (zip->pack_stream_bytes_unconsumed)
3949 read_consume(a);
3950 }
3951 }
3952
3953 /* Set the sub streams to the right place. */
3954 for (i = 0; i < 3; i++) {
3955 zip->sub_stream_buff[i] = b[idx[i]];
3956 zip->sub_stream_size[i] = s[idx[i]];
3957 zip->sub_stream_bytes_remaining[i] = s[idx[i]];
3958 }
3959
3960 /* Allocate memory used for decoded main stream bytes. */
3961 if (zip->tmp_stream_buff == NULL) {
3962 zip->tmp_stream_buff_size = 32 * 1024;
3963 zip->tmp_stream_buff =
3964 malloc(zip->tmp_stream_buff_size);
3965 if (zip->tmp_stream_buff == NULL) {
3966 archive_set_error(&a->archive, ENOMEM,
3967 "No memory for 7-Zip decompression");
3968 return (ARCHIVE_FATAL);
3969 }
3970 }
3971 zip->tmp_stream_bytes_avail = 0;
3972 zip->tmp_stream_bytes_remaining = 0;
3973 zip->odd_bcj_size = 0;
3974 zip->bcj2_outPos = 0;
3975
3976 /*
3977 * Reset a stream reader in order to read the main stream
3978 * of BCJ2.
3979 */
3980 zip->pack_stream_remaining = 1;
3981 zip->pack_stream_index = (unsigned)folder->packIndex;
3982 zip->folder_outbytes_remaining =
3983 folder_uncompressed_size(folder);
3984 zip->uncompressed_buffer_bytes_remaining = 0;
3985 }
3986
3987 /*
3988 * Initialize the decompressor for the new folder's pack streams.
3989 */
3990 r = init_decompression(a, zip, coder1, coder2);
3991 if (r != ARCHIVE_OK)
3992 return (ARCHIVE_FATAL);
3993 return (ARCHIVE_OK);
3994 }
3995
3996 static int64_t
skip_stream(struct archive_read * a,size_t skip_bytes)3997 skip_stream(struct archive_read *a, size_t skip_bytes)
3998 {
3999 struct _7zip *zip = (struct _7zip *)a->format->data;
4000 const void *p;
4001 int64_t skipped_bytes;
4002 size_t bytes = skip_bytes;
4003
4004 if (zip->folder_index == 0) {
4005 /*
4006 * Optimization for a list mode.
4007 * Avoid unnecessary decoding operations.
4008 */
4009 zip->si.ci.folders[zip->entry->folderIndex].skipped_bytes
4010 += skip_bytes;
4011 return (skip_bytes);
4012 }
4013
4014 while (bytes) {
4015 skipped_bytes = read_stream(a, &p, bytes, 0);
4016 if (skipped_bytes < 0)
4017 return (skipped_bytes);
4018 if (skipped_bytes == 0) {
4019 archive_set_error(&a->archive,
4020 ARCHIVE_ERRNO_FILE_FORMAT,
4021 "Truncated 7-Zip file body");
4022 return (ARCHIVE_FATAL);
4023 }
4024 bytes -= (size_t)skipped_bytes;
4025 if (zip->pack_stream_bytes_unconsumed)
4026 read_consume(a);
4027 }
4028 return (skip_bytes);
4029 }
4030
4031 /*
4032 * Brought from LZMA SDK.
4033 *
4034 * Bra86.c -- Converter for x86 code (BCJ)
4035 * 2008-10-04 : Igor Pavlov : Public domain
4036 *
4037 */
4038
4039 #define Test86MSByte(b) ((b) == 0 || (b) == 0xFF)
4040
4041 static void
x86_Init(struct _7zip * zip)4042 x86_Init(struct _7zip *zip)
4043 {
4044 zip->bcj_state = 0;
4045 zip->bcj_prevPosT = (size_t)0 - 1;
4046 zip->bcj_prevMask = 0;
4047 zip->bcj_ip = 5;
4048 }
4049
4050 static size_t
x86_Convert(struct _7zip * zip,uint8_t * data,size_t size)4051 x86_Convert(struct _7zip *zip, uint8_t *data, size_t size)
4052 {
4053 static const uint8_t kMaskToAllowedStatus[8] = {1, 1, 1, 0, 1, 0, 0, 0};
4054 static const uint8_t kMaskToBitNumber[8] = {0, 1, 2, 2, 3, 3, 3, 3};
4055 size_t bufferPos, prevPosT;
4056 uint32_t ip, prevMask;
4057
4058 if (size < 5)
4059 return 0;
4060
4061 bufferPos = 0;
4062 prevPosT = zip->bcj_prevPosT;
4063 prevMask = zip->bcj_prevMask;
4064 ip = zip->bcj_ip;
4065
4066 for (;;) {
4067 uint8_t *p = data + bufferPos;
4068 uint8_t *limit = data + size - 4;
4069
4070 for (; p < limit; p++)
4071 if ((*p & 0xFE) == 0xE8)
4072 break;
4073 bufferPos = (size_t)(p - data);
4074 if (p >= limit)
4075 break;
4076 prevPosT = bufferPos - prevPosT;
4077 if (prevPosT > 3)
4078 prevMask = 0;
4079 else {
4080 prevMask = (prevMask << ((int)prevPosT - 1)) & 0x7;
4081 if (prevMask != 0) {
4082 unsigned char b =
4083 p[4 - kMaskToBitNumber[prevMask]];
4084 if (!kMaskToAllowedStatus[prevMask] ||
4085 Test86MSByte(b)) {
4086 prevPosT = bufferPos;
4087 prevMask = ((prevMask << 1) & 0x7) | 1;
4088 bufferPos++;
4089 continue;
4090 }
4091 }
4092 }
4093 prevPosT = bufferPos;
4094
4095 if (Test86MSByte(p[4])) {
4096 uint32_t src = ((uint32_t)p[4] << 24) |
4097 ((uint32_t)p[3] << 16) | ((uint32_t)p[2] << 8) |
4098 ((uint32_t)p[1]);
4099 uint32_t dest;
4100 for (;;) {
4101 uint8_t b;
4102 int b_index;
4103
4104 dest = src - (ip + (uint32_t)bufferPos);
4105 if (prevMask == 0)
4106 break;
4107 b_index = kMaskToBitNumber[prevMask] * 8;
4108 b = (uint8_t)(dest >> (24 - b_index));
4109 if (!Test86MSByte(b))
4110 break;
4111 src = dest ^ ((1 << (32 - b_index)) - 1);
4112 }
4113 p[4] = (uint8_t)(~(((dest >> 24) & 1) - 1));
4114 p[3] = (uint8_t)(dest >> 16);
4115 p[2] = (uint8_t)(dest >> 8);
4116 p[1] = (uint8_t)dest;
4117 bufferPos += 5;
4118 } else {
4119 prevMask = ((prevMask << 1) & 0x7) | 1;
4120 bufferPos++;
4121 }
4122 }
4123 zip->bcj_prevPosT = prevPosT;
4124 zip->bcj_prevMask = prevMask;
4125 zip->bcj_ip += (uint32_t)bufferPos;
4126 return (bufferPos);
4127 }
4128
4129 static void
arm_Init(struct _7zip * zip)4130 arm_Init(struct _7zip *zip)
4131 {
4132 zip->bcj_ip = 8;
4133 }
4134
4135 static size_t
arm_Convert(struct _7zip * zip,uint8_t * buf,size_t size)4136 arm_Convert(struct _7zip *zip, uint8_t *buf, size_t size)
4137 {
4138 // This function was adapted from
4139 // static size_t bcj_arm(struct xz_dec_bcj *s, uint8_t *buf, size_t size)
4140 // in https://git.tukaani.org/xz-embedded.git
4141
4142 /*
4143 * Branch/Call/Jump (BCJ) filter decoders
4144 *
4145 * Authors: Lasse Collin <lasse.collin@tukaani.org>
4146 * Igor Pavlov <https://7-zip.org/>
4147 *
4148 * This file has been put into the public domain.
4149 * You can do whatever you want with this file.
4150 */
4151
4152 size_t i;
4153 uint32_t addr;
4154
4155 for (i = 0; i + 4 <= size; i += 4) {
4156 if (buf[i + 3] == 0xEB) {
4157 // Calculate the transformed addr.
4158 addr = (uint32_t)buf[i] | ((uint32_t)buf[i + 1] << 8)
4159 | ((uint32_t)buf[i + 2] << 16);
4160 addr <<= 2;
4161 addr -= zip->bcj_ip + (uint32_t)i;
4162 addr >>= 2;
4163
4164 // Store the transformed addr in buf.
4165 buf[i] = (uint8_t)addr;
4166 buf[i + 1] = (uint8_t)(addr >> 8);
4167 buf[i + 2] = (uint8_t)(addr >> 16);
4168 }
4169 }
4170
4171 zip->bcj_ip += (uint32_t)i;
4172
4173 return i;
4174 }
4175
4176 static size_t
arm64_Convert(struct _7zip * zip,uint8_t * buf,size_t size)4177 arm64_Convert(struct _7zip *zip, uint8_t *buf, size_t size)
4178 {
4179 // This function was adapted from
4180 // static size_t bcj_arm64(struct xz_dec_bcj *s, uint8_t *buf, size_t size)
4181 // in https://git.tukaani.org/xz-embedded.git
4182
4183 /*
4184 * Branch/Call/Jump (BCJ) filter decoders
4185 *
4186 * Authors: Lasse Collin <lasse.collin@tukaani.org>
4187 * Igor Pavlov <https://7-zip.org/>
4188 *
4189 * This file has been put into the public domain.
4190 * You can do whatever you want with this file.
4191 */
4192
4193 size_t i;
4194 uint32_t instr;
4195 uint32_t addr;
4196
4197 for (i = 0; i + 4 <= size; i += 4) {
4198 instr = (uint32_t)buf[i]
4199 | ((uint32_t)buf[i+1] << 8)
4200 | ((uint32_t)buf[i+2] << 16)
4201 | ((uint32_t)buf[i+3] << 24);
4202
4203 if ((instr >> 26) == 0x25) {
4204 /* BL instruction */
4205 addr = instr - ((zip->bcj_ip + (uint32_t)i) >> 2);
4206 instr = 0x94000000 | (addr & 0x03FFFFFF);
4207
4208 buf[i] = (uint8_t)instr;
4209 buf[i+1] = (uint8_t)(instr >> 8);
4210 buf[i+2] = (uint8_t)(instr >> 16);
4211 buf[i+3] = (uint8_t)(instr >> 24);
4212 } else if ((instr & 0x9F000000) == 0x90000000) {
4213 /* ADRP instruction */
4214 addr = ((instr >> 29) & 3) | ((instr >> 3) & 0x1FFFFC);
4215
4216 /* Only convert values in the range +/-512 MiB. */
4217 if ((addr + 0x020000) & 0x1C0000)
4218 continue;
4219
4220 addr -= (zip->bcj_ip + (uint32_t)i) >> 12;
4221
4222 instr &= 0x9000001F;
4223 instr |= (addr & 3) << 29;
4224 instr |= (addr & 0x03FFFC) << 3;
4225 instr |= (0U - (addr & 0x020000)) & 0xE00000;
4226
4227 buf[i] = (uint8_t)instr;
4228 buf[i+1] = (uint8_t)(instr >> 8);
4229 buf[i+2] = (uint8_t)(instr >> 16);
4230 buf[i+3] = (uint8_t)(instr >> 24);
4231 }
4232 }
4233
4234 zip->bcj_ip += (uint32_t)i;
4235
4236 return i;
4237 }
4238
4239 static size_t
sparc_Convert(struct _7zip * zip,uint8_t * buf,size_t size)4240 sparc_Convert(struct _7zip *zip, uint8_t *buf, size_t size)
4241 {
4242 // This function was adapted from
4243 // static size_t bcj_sparc(struct xz_dec_bcj *s, uint8_t *buf, size_t size)
4244 // in https://git.tukaani.org/xz-embedded.git
4245
4246 /*
4247 * Branch/Call/Jump (BCJ) filter decoders
4248 *
4249 * Authors: Lasse Collin <lasse.collin@tukaani.org>
4250 * Igor Pavlov <https://7-zip.org/>
4251 *
4252 * Copyright (C) The XZ Embedded authors and contributors
4253 *
4254 * Permission to use, copy, modify, and/or distribute this
4255 * software for any purpose with or without fee is hereby granted.
4256 *
4257 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
4258 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
4259 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
4260 * THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
4261 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
4262 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
4263 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
4264 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
4265 */
4266
4267 size_t i;
4268 uint32_t instr;
4269
4270 size &= ~(size_t)3;
4271
4272 for (i = 0; i < size; i += 4) {
4273 instr = (uint32_t)(buf[i] << 24)
4274 | ((uint32_t)buf[i+1] << 16)
4275 | ((uint32_t)buf[i+2] << 8)
4276 | (uint32_t)buf[i+3];
4277
4278 if ((instr >> 22) == 0x100 || (instr >> 22) == 0x1FF) {
4279 instr <<= 2;
4280 instr -= zip->bcj_ip + (uint32_t)i;
4281 instr >>= 2;
4282 instr = ((uint32_t)0x40000000 - (instr & 0x400000))
4283 | 0x40000000 | (instr & 0x3FFFFF);
4284
4285 buf[i] = (uint8_t)(instr >> 24);
4286 buf[i+1] = (uint8_t)(instr >> 16);
4287 buf[i+2] = (uint8_t)(instr >> 8);
4288 buf[i+3] = (uint8_t)instr;
4289 }
4290 }
4291
4292 zip->bcj_ip += (uint32_t)i;
4293
4294 return i;
4295 }
4296
4297 static size_t
powerpc_Convert(struct _7zip * zip,uint8_t * buf,size_t size)4298 powerpc_Convert(struct _7zip *zip, uint8_t *buf, size_t size)
4299 {
4300 // This function was adapted from
4301 // static size_t powerpc_code(void *simple, uint32_t now_pos, bool is_encoder, uint8_t *buffer, size_t size)
4302 // in https://git.tukaani.org/xz.git
4303
4304 /*
4305 * Filter for PowerPC (big endian) binaries
4306 *
4307 * Authors: Igor Pavlov
4308 * Lasse Collin
4309 *
4310 * Copyright (C) The XZ Utils authors and contributors
4311 *
4312 * Permission to use, copy, modify, and/or distribute this
4313 * software for any purpose with or without fee is hereby granted.
4314 *
4315 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
4316 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
4317 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
4318 * THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
4319 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
4320 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
4321 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
4322 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
4323 */
4324
4325 size &= ~(size_t)3;
4326
4327 size_t i;
4328 for (i = 0; i < size; i += 4) {
4329 // PowerPC branch 6(48) 24(Offset) 1(Abs) 1(Link)
4330 if ((buf[i] >> 2) == 0x12
4331 && ((buf[i + 3] & 3) == 1)) {
4332
4333 const uint32_t src
4334 = (((uint32_t)(buf[i + 0]) & 3) << 24)
4335 | ((uint32_t)(buf[i + 1]) << 16)
4336 | ((uint32_t)(buf[i + 2]) << 8)
4337 | ((uint32_t)(buf[i + 3]) & ~UINT32_C(3));
4338
4339 uint32_t dest = src - (zip->bcj_ip + (uint32_t)(i));
4340
4341 buf[i + 0] = 0x48 | ((dest >> 24) & 0x03);
4342 buf[i + 1] = (dest >> 16);
4343 buf[i + 2] = (dest >> 8);
4344 buf[i + 3] &= 0x03;
4345 buf[i + 3] |= dest;
4346 }
4347 }
4348
4349 zip->bcj_ip += (uint32_t)i;
4350
4351 return i;
4352 }
4353
4354 /*
4355 * Brought from LZMA SDK.
4356 *
4357 * Bcj2.c -- Converter for x86 code (BCJ2)
4358 * 2008-10-04 : Igor Pavlov : Public domain
4359 *
4360 */
4361
4362 #define SZ_ERROR_DATA ARCHIVE_FAILED
4363
4364 #define IsJcc(b0, b1) ((b0) == 0x0F && ((b1) & 0xF0) == 0x80)
4365 #define IsJ(b0, b1) ((b1 & 0xFE) == 0xE8 || IsJcc(b0, b1))
4366
4367 #define kNumTopBits 24
4368 #define kTopValue ((uint32_t)1 << kNumTopBits)
4369
4370 #define kNumBitModelTotalBits 11
4371 #define kBitModelTotal (1 << kNumBitModelTotalBits)
4372 #define kNumMoveBits 5
4373
4374 #define RC_READ_BYTE (*buffer++)
4375 #define RC_TEST { if (buffer == bufferLim) return SZ_ERROR_DATA; }
4376 #define RC_INIT2 do { \
4377 zip->bcj2_code = 0; \
4378 zip->bcj2_range = 0xFFFFFFFF; \
4379 { \
4380 int ii; \
4381 for (ii = 0; ii < 5; ii++) { \
4382 RC_TEST; \
4383 zip->bcj2_code = (zip->bcj2_code << 8) | RC_READ_BYTE; \
4384 } \
4385 } \
4386 } while (0)
4387
4388 #define NORMALIZE if (zip->bcj2_range < kTopValue) { RC_TEST; zip->bcj2_range <<= 8; zip->bcj2_code = (zip->bcj2_code << 8) | RC_READ_BYTE; }
4389
4390 #define IF_BIT_0(p) ttt = *(p); bound = (zip->bcj2_range >> kNumBitModelTotalBits) * ttt; if (zip->bcj2_code < bound)
4391 #define UPDATE_0(p) zip->bcj2_range = bound; *(p) = (CProb)(ttt + ((kBitModelTotal - ttt) >> kNumMoveBits)); NORMALIZE;
4392 #define UPDATE_1(p) zip->bcj2_range -= bound; zip->bcj2_code -= bound; *(p) = (CProb)(ttt - (ttt >> kNumMoveBits)); NORMALIZE;
4393
4394 static ssize_t
Bcj2_Decode(struct _7zip * zip,uint8_t * outBuf,size_t outSize)4395 Bcj2_Decode(struct _7zip *zip, uint8_t *outBuf, size_t outSize)
4396 {
4397 size_t inPos = 0, outPos = 0;
4398 const uint8_t *buf0, *buf1, *buf2, *buf3;
4399 size_t size0, size1, size2, size3;
4400 const uint8_t *buffer, *bufferLim;
4401 unsigned int i, j;
4402
4403 size0 = zip->tmp_stream_bytes_remaining;
4404 buf0 = zip->tmp_stream_buff + zip->tmp_stream_bytes_avail - size0;
4405 size1 = zip->sub_stream_bytes_remaining[0];
4406 buf1 = zip->sub_stream_buff[0] + zip->sub_stream_size[0] - size1;
4407 size2 = zip->sub_stream_bytes_remaining[1];
4408 buf2 = zip->sub_stream_buff[1] + zip->sub_stream_size[1] - size2;
4409 size3 = zip->sub_stream_bytes_remaining[2];
4410 buf3 = zip->sub_stream_buff[2] + zip->sub_stream_size[2] - size3;
4411
4412 buffer = buf3;
4413 bufferLim = buffer + size3;
4414
4415 if (zip->bcj_state == 0) {
4416 /*
4417 * Initialize.
4418 */
4419 zip->bcj2_prevByte = 0;
4420 for (i = 0;
4421 i < sizeof(zip->bcj2_p) / sizeof(zip->bcj2_p[0]); i++)
4422 zip->bcj2_p[i] = kBitModelTotal >> 1;
4423 RC_INIT2;
4424 zip->bcj_state = 1;
4425 }
4426
4427 /*
4428 * Gather the odd bytes of a previous call.
4429 */
4430 for (i = 0; zip->odd_bcj_size > 0 && outPos < outSize; i++) {
4431 outBuf[outPos++] = zip->odd_bcj[i];
4432 zip->odd_bcj_size--;
4433 }
4434
4435 if (outSize == 0) {
4436 zip->bcj2_outPos += outPos;
4437 return (outPos);
4438 }
4439
4440 for (;;) {
4441 uint8_t b;
4442 CProb *prob;
4443 uint32_t bound;
4444 uint32_t ttt;
4445
4446 size_t limit = size0 - inPos;
4447 if (outSize - outPos < limit)
4448 limit = outSize - outPos;
4449
4450 if (zip->bcj_state == 1) {
4451 while (limit != 0) {
4452 uint8_t bb = buf0[inPos];
4453 outBuf[outPos++] = bb;
4454 if (IsJ(zip->bcj2_prevByte, bb)) {
4455 zip->bcj_state = 2;
4456 break;
4457 }
4458 inPos++;
4459 zip->bcj2_prevByte = bb;
4460 limit--;
4461 }
4462 }
4463
4464 if (limit == 0 || outPos == outSize)
4465 break;
4466 zip->bcj_state = 1;
4467
4468 b = buf0[inPos++];
4469
4470 if (b == 0xE8)
4471 prob = zip->bcj2_p + zip->bcj2_prevByte;
4472 else if (b == 0xE9)
4473 prob = zip->bcj2_p + 256;
4474 else
4475 prob = zip->bcj2_p + 257;
4476
4477 IF_BIT_0(prob) {
4478 UPDATE_0(prob)
4479 zip->bcj2_prevByte = b;
4480 } else {
4481 uint32_t dest;
4482 const uint8_t *v;
4483 uint8_t out[4];
4484
4485 UPDATE_1(prob)
4486 if (b == 0xE8) {
4487 v = buf1;
4488 if (size1 < 4)
4489 return SZ_ERROR_DATA;
4490 buf1 += 4;
4491 size1 -= 4;
4492 } else {
4493 v = buf2;
4494 if (size2 < 4)
4495 return SZ_ERROR_DATA;
4496 buf2 += 4;
4497 size2 -= 4;
4498 }
4499 dest = (((uint32_t)v[0] << 24) |
4500 ((uint32_t)v[1] << 16) |
4501 ((uint32_t)v[2] << 8) |
4502 ((uint32_t)v[3])) -
4503 ((uint32_t)zip->bcj2_outPos + (uint32_t)outPos + 4);
4504 out[0] = (uint8_t)dest;
4505 out[1] = (uint8_t)(dest >> 8);
4506 out[2] = (uint8_t)(dest >> 16);
4507 out[3] = zip->bcj2_prevByte = (uint8_t)(dest >> 24);
4508
4509 for (i = 0; i < 4 && outPos < outSize; i++)
4510 outBuf[outPos++] = out[i];
4511 if (i < 4) {
4512 /*
4513 * Save odd bytes which we could not add into
4514 * the output buffer because of out of space.
4515 */
4516 zip->odd_bcj_size = 4 -i;
4517 for (; i < 4; i++) {
4518 j = i - 4 + (unsigned)zip->odd_bcj_size;
4519 zip->odd_bcj[j] = out[i];
4520 }
4521 break;
4522 }
4523 }
4524 }
4525 zip->tmp_stream_bytes_remaining -= inPos;
4526 zip->sub_stream_bytes_remaining[0] = size1;
4527 zip->sub_stream_bytes_remaining[1] = size2;
4528 zip->sub_stream_bytes_remaining[2] = bufferLim - buffer;
4529 zip->bcj2_outPos += outPos;
4530
4531 return ((ssize_t)outPos);
4532 }
4533