1 // SPDX-License-Identifier: 0BSD
2
3 ///////////////////////////////////////////////////////////////////////////////
4 //
5 /// \file lzip_decoder.c
6 /// \brief Decodes .lz (lzip) files
7 //
8 // Author: Michał Górny
9 // Lasse Collin
10 //
11 ///////////////////////////////////////////////////////////////////////////////
12
13 #include "lzip_decoder.h"
14 #include "lzma_decoder.h"
15 #include "check.h"
16
17
18 // .lz format version 0 lacks the 64-bit Member size field in the footer.
19 #define LZIP_V0_FOOTER_SIZE 12
20 #define LZIP_V1_FOOTER_SIZE 20
21 #define LZIP_FOOTER_SIZE_MAX LZIP_V1_FOOTER_SIZE
22
23 // lc/lp/pb are hardcoded in the .lz format.
24 #define LZIP_LC 3
25 #define LZIP_LP 0
26 #define LZIP_PB 2
27
28
29 typedef struct {
30 enum {
31 SEQ_ID_STRING,
32 SEQ_VERSION,
33 SEQ_DICT_SIZE,
34 SEQ_CODER_INIT,
35 SEQ_LZMA_STREAM,
36 SEQ_MEMBER_FOOTER,
37 } sequence;
38
39 /// .lz member format version
40 uint32_t version;
41
42 /// CRC32 of the uncompressed data in the .lz member
43 uint32_t crc32;
44
45 /// Uncompressed size of the .lz member
46 uint64_t uncompressed_size;
47
48 /// Compressed size of the .lz member
49 uint64_t member_size;
50
51 /// Memory usage limit
52 uint64_t memlimit;
53
54 /// Amount of memory actually needed
55 uint64_t memusage;
56
57 /// If true, LZMA_GET_CHECK is returned after decoding the header
58 /// fields. As all files use CRC32 this is redundant but it's
59 /// implemented anyway since the initialization functions supports
60 /// all other flags in addition to LZMA_TELL_ANY_CHECK.
61 bool tell_any_check;
62
63 /// If true, we won't calculate or verify the CRC32 of
64 /// the uncompressed data.
65 bool ignore_check;
66
67 /// If true, we will decode concatenated .lz members and stop if
68 /// non-.lz data is seen after at least one member has been
69 /// successfully decoded.
70 bool concatenated;
71
72 /// When decoding concatenated .lz members, this is true as long as
73 /// we are decoding the first .lz member. This is needed to avoid
74 /// incorrect LZMA_FORMAT_ERROR in case there is non-.lz data at
75 /// the end of the file.
76 bool first_member;
77
78 /// Reading position in the header and footer fields
79 size_t pos;
80
81 /// Buffer to hold the .lz footer fields
82 uint8_t buffer[LZIP_FOOTER_SIZE_MAX];
83
84 /// Options decoded from the .lz header that needed to initialize
85 /// the LZMA1 decoder.
86 lzma_options_lzma options;
87
88 /// LZMA1 decoder
89 lzma_next_coder lzma_decoder;
90
91 } lzma_lzip_coder;
92
93
94 static lzma_ret
lzip_decode(void * coder_ptr,const lzma_allocator * allocator,const uint8_t * restrict in,size_t * restrict in_pos,size_t in_size,uint8_t * restrict out,size_t * restrict out_pos,size_t out_size,lzma_action action)95 lzip_decode(void *coder_ptr, const lzma_allocator *allocator,
96 const uint8_t *restrict in, size_t *restrict in_pos,
97 size_t in_size, uint8_t *restrict out,
98 size_t *restrict out_pos, size_t out_size, lzma_action action)
99 {
100 lzma_lzip_coder *coder = coder_ptr;
101
102 while (true)
103 switch (coder->sequence) {
104 case SEQ_ID_STRING: {
105 // The "ID string" or magic bytes are "LZIP" in US-ASCII.
106 const uint8_t lzip_id_string[4] = { 0x4C, 0x5A, 0x49, 0x50 };
107
108 while (coder->pos < sizeof(lzip_id_string)) {
109 if (*in_pos >= in_size) {
110 // If we are on the 2nd+ concatenated member
111 // and the input ends before we can read
112 // the magic bytes, we discard the bytes that
113 // were already read (up to 3) and finish.
114 // See the reasoning below.
115 return !coder->first_member
116 && action == LZMA_FINISH
117 ? LZMA_STREAM_END : LZMA_OK;
118 }
119
120 if (in[*in_pos] != lzip_id_string[coder->pos]) {
121 // The .lz format allows putting non-.lz data
122 // at the end of the file. If we have seen
123 // at least one valid .lz member already,
124 // then we won't consume the byte at *in_pos
125 // and will return LZMA_STREAM_END. This way
126 // apps can easily locate and read the non-.lz
127 // data after the .lz member(s).
128 //
129 // NOTE: If the first 1-3 bytes of the non-.lz
130 // data match the .lz ID string then the first
131 // 1-3 bytes of the junk will get ignored by
132 // us. If apps want to properly locate the
133 // trailing data they must ensure that the
134 // first byte of their custom data isn't the
135 // same as the first byte of .lz ID string.
136 // With the liblzma API we cannot rewind the
137 // input position across calls to lzma_code().
138 return !coder->first_member
139 ? LZMA_STREAM_END : LZMA_FORMAT_ERROR;
140 }
141
142 ++*in_pos;
143 ++coder->pos;
144 }
145
146 coder->pos = 0;
147
148 coder->crc32 = 0;
149 coder->uncompressed_size = 0;
150 coder->member_size = sizeof(lzip_id_string);
151
152 coder->sequence = SEQ_VERSION;
153 FALLTHROUGH;
154 }
155
156 case SEQ_VERSION:
157 if (*in_pos >= in_size)
158 return LZMA_OK;
159
160 coder->version = in[(*in_pos)++];
161
162 // We support version 0 and unextended version 1.
163 if (coder->version > 1)
164 return LZMA_OPTIONS_ERROR;
165
166 ++coder->member_size;
167 coder->sequence = SEQ_DICT_SIZE;
168
169 // .lz versions 0 and 1 use CRC32 as the integrity check
170 // so if the application wanted to know that
171 // (LZMA_TELL_ANY_CHECK) we can tell it now.
172 if (coder->tell_any_check)
173 return LZMA_GET_CHECK;
174
175 FALLTHROUGH;
176
177 case SEQ_DICT_SIZE: {
178 if (*in_pos >= in_size)
179 return LZMA_OK;
180
181 const uint32_t ds = in[(*in_pos)++];
182 ++coder->member_size;
183
184 // The five lowest bits are for the base-2 logarithm of
185 // the dictionary size and the highest three bits are
186 // the fractional part (0/16 to 7/16) that will be
187 // subtracted to get the final value.
188 //
189 // For example, with 0xB5:
190 // b2log = 21
191 // fracnum = 5
192 // dict_size = 2^21 - 2^21 * 5 / 16 = 1408 KiB
193 const uint32_t b2log = ds & 0x1F;
194 const uint32_t fracnum = ds >> 5;
195
196 // The format versions 0 and 1 allow dictionary size in the
197 // range [4 KiB, 512 MiB].
198 if (b2log < 12 || b2log > 29 || (b2log == 12 && fracnum > 0))
199 return LZMA_DATA_ERROR;
200
201 // 2^[b2log] - 2^[b2log] * [fracnum] / 16
202 // = 2^[b2log] - [fracnum] * 2^([b2log] - 4)
203 coder->options.dict_size = (UINT32_C(1) << b2log)
204 - (fracnum << (b2log - 4));
205
206 assert(coder->options.dict_size >= 4096);
207 assert(coder->options.dict_size <= (UINT32_C(512) << 20));
208
209 coder->options.preset_dict = NULL;
210 coder->options.lc = LZIP_LC;
211 coder->options.lp = LZIP_LP;
212 coder->options.pb = LZIP_PB;
213
214 // Calculate the memory usage.
215 coder->memusage
216 = lzma_lzma_decoder_memusage_nocheck(&coder->options)
217 + LZMA_MEMUSAGE_BASE;
218
219 // Initialization is a separate step because if we return
220 // LZMA_MEMLIMIT_ERROR we need to be able to restart after
221 // the memlimit has been increased.
222 coder->sequence = SEQ_CODER_INIT;
223 FALLTHROUGH;
224 }
225
226 case SEQ_CODER_INIT: {
227 if (coder->memusage > coder->memlimit)
228 return LZMA_MEMLIMIT_ERROR;
229
230 const lzma_filter_info filters[2] = {
231 {
232 .id = LZMA_FILTER_LZMA1,
233 .init = &lzma_lzma_decoder_init,
234 .options = &coder->options,
235 }, {
236 .init = NULL,
237 }
238 };
239
240 return_if_error(lzma_next_filter_init(&coder->lzma_decoder,
241 allocator, filters));
242
243 coder->crc32 = 0;
244 coder->sequence = SEQ_LZMA_STREAM;
245 FALLTHROUGH;
246 }
247
248 case SEQ_LZMA_STREAM: {
249 const size_t in_start = *in_pos;
250 const size_t out_start = *out_pos;
251
252 const lzma_ret ret = coder->lzma_decoder.code(
253 coder->lzma_decoder.coder, allocator,
254 in, in_pos, in_size, out, out_pos, out_size,
255 action);
256
257 const size_t out_used = *out_pos - out_start;
258
259 coder->member_size += *in_pos - in_start;
260 coder->uncompressed_size += out_used;
261
262 // Don't update the CRC32 if the integrity check will be
263 // ignored or if there was no new output. The latter is
264 // important in case out == NULL to avoid null pointer + 0
265 // which is undefined behavior.
266 if (!coder->ignore_check && out_used > 0)
267 coder->crc32 = lzma_crc32(out + out_start, out_used,
268 coder->crc32);
269
270 if (ret != LZMA_STREAM_END)
271 return ret;
272
273 coder->sequence = SEQ_MEMBER_FOOTER;
274 FALLTHROUGH;
275 }
276
277 case SEQ_MEMBER_FOOTER: {
278 // The footer of .lz version 0 lacks the Member size field.
279 // This is the only difference between version 0 and
280 // unextended version 1 formats.
281 const size_t footer_size = coder->version == 0
282 ? LZIP_V0_FOOTER_SIZE
283 : LZIP_V1_FOOTER_SIZE;
284
285 // Copy the CRC32, Data size, and Member size fields to
286 // the internal buffer.
287 lzma_bufcpy(in, in_pos, in_size, coder->buffer, &coder->pos,
288 footer_size);
289
290 // Return if we didn't get the whole footer yet.
291 if (coder->pos < footer_size)
292 return LZMA_OK;
293
294 coder->pos = 0;
295 coder->member_size += footer_size;
296
297 // Check that the footer fields match the observed data.
298 if (!coder->ignore_check
299 && coder->crc32 != read32le(&coder->buffer[0]))
300 return LZMA_DATA_ERROR;
301
302 if (coder->uncompressed_size != read64le(&coder->buffer[4]))
303 return LZMA_DATA_ERROR;
304
305 if (coder->version > 0) {
306 // .lz version 0 has no Member size field.
307 if (coder->member_size != read64le(&coder->buffer[12]))
308 return LZMA_DATA_ERROR;
309 }
310
311 // Decoding is finished if we weren't requested to decode
312 // more than one .lz member.
313 if (!coder->concatenated)
314 return LZMA_STREAM_END;
315
316 coder->first_member = false;
317 coder->sequence = SEQ_ID_STRING;
318 break;
319 }
320
321 default:
322 assert(0);
323 return LZMA_PROG_ERROR;
324 }
325
326 // Never reached
327 }
328
329
330 static void
lzip_decoder_end(void * coder_ptr,const lzma_allocator * allocator)331 lzip_decoder_end(void *coder_ptr, const lzma_allocator *allocator)
332 {
333 lzma_lzip_coder *coder = coder_ptr;
334 lzma_next_end(&coder->lzma_decoder, allocator);
335 lzma_free(coder, allocator);
336 return;
337 }
338
339
340 static lzma_check
lzip_decoder_get_check(const void * coder_ptr lzma_attribute ((__unused__)))341 lzip_decoder_get_check(const void *coder_ptr lzma_attribute((__unused__)))
342 {
343 return LZMA_CHECK_CRC32;
344 }
345
346
347 static lzma_ret
lzip_decoder_memconfig(void * coder_ptr,uint64_t * memusage,uint64_t * old_memlimit,uint64_t new_memlimit)348 lzip_decoder_memconfig(void *coder_ptr, uint64_t *memusage,
349 uint64_t *old_memlimit, uint64_t new_memlimit)
350 {
351 lzma_lzip_coder *coder = coder_ptr;
352
353 *memusage = coder->memusage;
354 *old_memlimit = coder->memlimit;
355
356 if (new_memlimit != 0) {
357 if (new_memlimit < coder->memusage)
358 return LZMA_MEMLIMIT_ERROR;
359
360 coder->memlimit = new_memlimit;
361 }
362
363 return LZMA_OK;
364 }
365
366
367 extern lzma_ret
lzma_lzip_decoder_init(lzma_next_coder * next,const lzma_allocator * allocator,uint64_t memlimit,uint32_t flags)368 lzma_lzip_decoder_init(
369 lzma_next_coder *next, const lzma_allocator *allocator,
370 uint64_t memlimit, uint32_t flags)
371 {
372 lzma_next_coder_init(&lzma_lzip_decoder_init, next, allocator);
373
374 if (flags & ~LZMA_SUPPORTED_FLAGS)
375 return LZMA_OPTIONS_ERROR;
376
377 lzma_lzip_coder *coder = next->coder;
378 if (coder == NULL) {
379 coder = lzma_alloc(sizeof(lzma_lzip_coder), allocator);
380 if (coder == NULL)
381 return LZMA_MEM_ERROR;
382
383 next->coder = coder;
384 next->code = &lzip_decode;
385 next->end = &lzip_decoder_end;
386 next->get_check = &lzip_decoder_get_check;
387 next->memconfig = &lzip_decoder_memconfig;
388
389 coder->lzma_decoder = LZMA_NEXT_CODER_INIT;
390 }
391
392 coder->sequence = SEQ_ID_STRING;
393 coder->memlimit = my_max(1, memlimit);
394 coder->memusage = LZMA_MEMUSAGE_BASE;
395 coder->tell_any_check = (flags & LZMA_TELL_ANY_CHECK) != 0;
396 coder->ignore_check = (flags & LZMA_IGNORE_CHECK) != 0;
397 coder->concatenated = (flags & LZMA_CONCATENATED) != 0;
398 coder->first_member = true;
399 coder->pos = 0;
400
401 return LZMA_OK;
402 }
403
404
405 extern LZMA_API(lzma_ret)
lzma_lzip_decoder(lzma_stream * strm,uint64_t memlimit,uint32_t flags)406 lzma_lzip_decoder(lzma_stream *strm, uint64_t memlimit, uint32_t flags)
407 {
408 lzma_next_strm_init(lzma_lzip_decoder_init, strm, memlimit, flags);
409
410 strm->internal->supported_actions[LZMA_RUN] = true;
411 strm->internal->supported_actions[LZMA_FINISH] = true;
412
413 return LZMA_OK;
414 }
415