1 /*-
2 * Copyright (c) 2011 Michihiro NAKAJIMA
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26 #include "archive_platform.h"
27
28 #ifdef HAVE_ERRNO_H
29 #include <errno.h>
30 #endif
31 #if HAVE_STDINT_H
32 #include <stdint.h>
33 #endif
34 #ifdef HAVE_STDLIB_H
35 #include <stdlib.h>
36 #endif
37 #ifdef HAVE_LIMITS_H
38 #include <limits.h>
39 #endif
40 #ifdef HAVE_BZLIB_H
41 #include <bzlib.h>
42 #endif
43 #ifdef HAVE_LZMA_H
44 #include <lzma.h>
45 #endif
46 #ifdef HAVE_ZLIB_H
47 #include <zlib.h>
48 #endif
49 #ifdef HAVE_ZSTD_H
50 #include <zstd.h>
51 #endif
52
53 #include "archive.h"
54 #include "archive_entry.h"
55 #include "archive_entry_locale.h"
56 #include "archive_ppmd7_private.h"
57 #include "archive_private.h"
58 #include "archive_read_private.h"
59 #include "archive_time_private.h"
60 #include "archive_endian.h"
61
62 #ifndef HAVE_ZLIB_H
63 #include "archive_crc32.h"
64 #endif
65
66 #define _7ZIP_SIGNATURE "7z\xBC\xAF\x27\x1C"
67 #define SFX_MIN_ADDR 0x27000
68 #define SFX_MAX_ADDR 0x60000
69 #define SFX_MAX_OFFSET (SFX_MAX_ADDR - SFX_MIN_ADDR)
70
71 /*
72 * PE format
73 */
74 #define PE_DOS_HDR_LEN 0x40
75 #define PE_DOS_HDR_ELFANEW_OFFSET 0x3c
76 #define PE_COFF_HDR_LEN 0x18
77 #define PE_COFF_HDR_SEC_CNT_OFFSET 0x6
78 #define PE_COFF_HDR_OPT_SZ_OFFSET 0x14
79 #define PE_SEC_HDR_LEN 0x28
80 #define PE_SEC_HDR_RAW_ADDR_OFFSET 0x14
81 #define PE_SEC_HDR_RAW_SZ_OFFSET 0x10
82
83 /*
84 * ELF format
85 */
86 #define ELF_HDR_MIN_LEN 0x40 /* sizeof(Elf64_Ehdr) */
87 #define ELF_HDR_EI_CLASS_OFFSET 0x04
88 #define ELF_HDR_EI_DATA_OFFSET 0x05
89
90 /*
91 * Codec ID
92 */
93 #define _7Z_COPY 0
94 #define _7Z_LZMA 0x030101
95 #define _7Z_LZMA2 0x21
96 #define _7Z_DEFLATE 0x040108
97 #define _7Z_BZ2 0x040202
98 #define _7Z_PPMD 0x030401
99 #define _7Z_DELTA 0x03
100 #define _7Z_CRYPTO_MAIN_ZIP 0x06F10101 /* Main Zip crypto algo */
101 #define _7Z_CRYPTO_RAR_29 0x06F10303 /* Rar29 AES-128 + (modified SHA-1) */
102 #define _7Z_CRYPTO_AES_256_SHA_256 0x06F10701 /* AES-256 + SHA-256 */
103
104
105 #define _7Z_X86 0x03030103
106 #define _7Z_X86_BCJ2 0x0303011B
107 #define _7Z_POWERPC 0x03030205
108 #define _7Z_IA64 0x03030401
109 #define _7Z_ARM 0x03030501
110 #define _7Z_ARMTHUMB 0x03030701
111 #define _7Z_ARM64 0xa
112 #define _7Z_RISCV 0xb
113 #define _7Z_SPARC 0x03030805
114
115 #define _7Z_ZSTD 0x4F71101 /* Copied from https://github.com/mcmilk/7-Zip-zstd.git */
116
117 /*
118 * 7-Zip header property IDs.
119 */
120 #define kEnd 0x00
121 #define kHeader 0x01
122 #define kArchiveProperties 0x02
123 #define kAdditionalStreamsInfo 0x03
124 #define kMainStreamsInfo 0x04
125 #define kFilesInfo 0x05
126 #define kPackInfo 0x06
127 #define kUnPackInfo 0x07
128 #define kSubStreamsInfo 0x08
129 #define kSize 0x09
130 #define kCRC 0x0A
131 #define kFolder 0x0B
132 #define kCodersUnPackSize 0x0C
133 #define kNumUnPackStream 0x0D
134 #define kEmptyStream 0x0E
135 #define kEmptyFile 0x0F
136 #define kAnti 0x10
137 #define kName 0x11
138 #define kCTime 0x12
139 #define kATime 0x13
140 #define kMTime 0x14
141 #define kAttributes 0x15
142 #define kEncodedHeader 0x17
143 #define kDummy 0x19
144
145 // Check that some windows file attribute constants are defined.
146 // Reference: https://learn.microsoft.com/en-us/windows/win32/fileio/file-attribute-constants
147 #ifndef FILE_ATTRIBUTE_READONLY
148 #define FILE_ATTRIBUTE_READONLY 0x00000001
149 #endif
150
151 #ifndef FILE_ATTRIBUTE_HIDDEN
152 #define FILE_ATTRIBUTE_HIDDEN 0x00000002
153 #endif
154
155 #ifndef FILE_ATTRIBUTE_SYSTEM
156 #define FILE_ATTRIBUTE_SYSTEM 0x00000004
157 #endif
158
159 #ifndef FILE_ATTRIBUTE_DIRECTORY
160 #define FILE_ATTRIBUTE_DIRECTORY 0x00000010
161 #endif
162
163 // This value is defined in 7zip with the comment "trick for Unix".
164 //
165 // 7z archives created on unix have this bit set in the high 16 bits of
166 // the attr field along with the unix permissions.
167 #define FILE_ATTRIBUTE_UNIX_EXTENSION 0x8000
168
169 struct _7z_digests {
170 unsigned char *defineds;
171 uint32_t *digests;
172 };
173
174 struct _7z_folder {
175 uint64_t numCoders;
176 struct _7z_coder {
177 unsigned long codec;
178 uint64_t numInStreams;
179 uint64_t numOutStreams;
180 uint64_t propertiesSize;
181 unsigned char *properties;
182 } *coders;
183 uint64_t numBindPairs;
184 struct {
185 uint64_t inIndex;
186 uint64_t outIndex;
187 } *bindPairs;
188 uint64_t numPackedStreams;
189 uint64_t *packedStreams;
190 uint64_t numInStreams;
191 uint64_t numOutStreams;
192 uint64_t *unPackSize;
193 unsigned char digest_defined;
194 uint32_t digest;
195 uint64_t numUnpackStreams;
196 uint32_t packIndex;
197 /* Unoperated bytes. */
198 uint64_t skipped_bytes;
199 };
200
201 struct _7z_coders_info {
202 uint64_t numFolders;
203 struct _7z_folder *folders;
204 uint64_t dataStreamIndex;
205 };
206
207 struct _7z_pack_info {
208 uint64_t pos;
209 uint64_t numPackStreams;
210 uint64_t *sizes;
211 struct _7z_digests digest;
212 /* Calculated from pos and numPackStreams. */
213 uint64_t *positions;
214 };
215
216 struct _7z_substream_info {
217 size_t unpack_streams;
218 uint64_t *unpackSizes;
219 unsigned char *digestsDefined;
220 uint32_t *digests;
221 };
222
223 struct _7z_stream_info {
224 struct _7z_pack_info pi;
225 struct _7z_coders_info ci;
226 struct _7z_substream_info ss;
227 };
228
229 struct _7z_header_info {
230 uint64_t dataIndex;
231
232 unsigned char *emptyStreamBools;
233 unsigned char *emptyFileBools;
234 unsigned char *antiBools;
235 unsigned char *attrBools;
236 };
237
238 struct _7zip_entry {
239 size_t name_len;
240 unsigned char *utf16name;
241 #if defined(_WIN32) && !defined(__CYGWIN__) && defined(_DEBUG)
242 const wchar_t *wname;
243 #endif
244 uint32_t folderIndex;
245 uint32_t ssIndex;
246 unsigned flg;
247 #define MTIME_IS_SET (1<<0)
248 #define ATIME_IS_SET (1<<1)
249 #define CTIME_IS_SET (1<<2)
250 #define CRC32_IS_SET (1<<3)
251 #define HAS_STREAM (1<<4)
252
253 int64_t mtime;
254 int64_t atime;
255 int64_t ctime;
256 uint32_t mtime_ns;
257 uint32_t atime_ns;
258 uint32_t ctime_ns;
259 __LA_MODE_T mode;
260 uint32_t attr;
261 };
262
263 struct _7zip {
264 /* Structural information about the archive. */
265 struct _7z_stream_info si;
266
267 int header_is_being_read;
268 int header_is_encoded;
269 uint64_t header_bytes_remaining;
270 unsigned long header_crc32;
271 /* Header offset to check that reading points of the file contents
272 * will not exceed the header. */
273 uint64_t header_offset;
274 /* Base offset of the archive file for a seek in case reading SFX. */
275 uint64_t seek_base;
276
277 /* List of entries */
278 size_t entries_remaining;
279 uint64_t numFiles;
280 struct _7zip_entry *entries;
281 struct _7zip_entry *entry;
282 unsigned char *entry_names;
283
284 /* entry_bytes_remaining is the number of bytes we expect. */
285 int64_t entry_offset;
286 uint64_t entry_bytes_remaining;
287
288 /* Running CRC32 of the decompressed data */
289 unsigned long entry_crc32;
290
291 /* Flags to mark progress of decompression. */
292 char end_of_entry;
293
294 /* Uncompressed buffer control. */
295 #define UBUFF_SIZE (64 * 1024)
296 unsigned char *uncompressed_buffer;
297 unsigned char *uncompressed_buffer_pointer;
298 size_t uncompressed_buffer_size;
299 size_t uncompressed_buffer_bytes_remaining;
300
301 /* Offset of the compressed data. */
302 int64_t stream_offset;
303
304 /*
305 * Decompressing control data.
306 */
307 unsigned folder_index;
308 uint64_t folder_outbytes_remaining;
309 unsigned pack_stream_index;
310 unsigned pack_stream_remaining;
311 uint64_t pack_stream_inbytes_remaining;
312 size_t pack_stream_bytes_unconsumed;
313
314 /* The codec information of a folder. */
315 unsigned long codec;
316 unsigned long codec2;
317
318 /*
319 * Decompressor controllers.
320 */
321 /* Decoding LZMA1 and LZMA2 data. */
322 #ifdef HAVE_LZMA_H
323 lzma_stream lzstream;
324 int lzstream_valid;
325 #endif
326 /* Decoding bzip2 data. */
327 #if defined(HAVE_BZLIB_H) && defined(BZ_CONFIG_ERROR)
328 bz_stream bzstream;
329 int bzstream_valid;
330 #endif
331 /* Decoding deflate data. */
332 #ifdef HAVE_ZLIB_H
333 z_stream stream;
334 int stream_valid;
335 #endif
336 /* Decoding Zstandard data. */
337 #if HAVE_ZSTD_H
338 ZSTD_DStream *zstd_dstream;
339 int zstdstream_valid;
340 #endif
341 /* Decoding PPMd data. */
342 int ppmd7_stat;
343 CPpmd7 ppmd7_context;
344 CPpmd7z_RangeDec range_dec;
345 IByteIn bytein;
346 struct {
347 const unsigned char *next_in;
348 int64_t avail_in;
349 int64_t total_in;
350 int64_t stream_in;
351 unsigned char *next_out;
352 int64_t avail_out;
353 int64_t total_out;
354 int overconsumed;
355 } ppstream;
356 int ppmd7_valid;
357
358 /* Decoding BCJ and BCJ2 data. */
359 uint32_t bcj_state;
360 size_t odd_bcj_size;
361 unsigned char odd_bcj[4];
362 /* Decoding BCJ data. */
363 size_t bcj_prevPosT;
364 uint32_t bcj_prevMask;
365 uint32_t bcj_ip;
366
367 /* Decoding BCJ2 data. */
368 size_t main_stream_bytes_remaining;
369 unsigned char *sub_stream_buff[3];
370 size_t sub_stream_size[3];
371 size_t sub_stream_bytes_remaining[3];
372 unsigned char *tmp_stream_buff;
373 size_t tmp_stream_buff_size;
374 size_t tmp_stream_bytes_avail;
375 size_t tmp_stream_bytes_remaining;
376 #ifdef _LZMA_PROB32
377 #define CProb uint32_t
378 #else
379 #define CProb uint16_t
380 #endif
381 CProb bcj2_p[256 + 2];
382 uint8_t bcj2_prevByte;
383 uint32_t bcj2_range;
384 uint32_t bcj2_code;
385 uint64_t bcj2_outPos;
386
387 /* Filename character-set conversion data. */
388 struct archive_string_conv *sconv;
389
390 char format_name[64];
391
392 /* Custom value that is non-zero if this archive contains encrypted entries. */
393 int has_encrypted_entries;
394 };
395
396 /* Maximum entry size. This limitation prevents reading intentional
397 * corrupted 7-zip files on assuming there are not so many entries in
398 * the files. */
399 #define UMAX_ENTRY ARCHIVE_LITERAL_ULL(100000000)
400
401 static int archive_read_format_7zip_has_encrypted_entries(struct archive_read *);
402 static int archive_read_support_format_7zip_capabilities(struct archive_read *a);
403 static int archive_read_format_7zip_bid(struct archive_read *, int);
404 static int archive_read_format_7zip_cleanup(struct archive_read *);
405 static int archive_read_format_7zip_read_data(struct archive_read *,
406 const void **, size_t *, int64_t *);
407 static int archive_read_format_7zip_read_data_skip(struct archive_read *);
408 static int archive_read_format_7zip_read_header(struct archive_read *,
409 struct archive_entry *);
410 static int check_7zip_header_in_sfx(const char *);
411 static unsigned long decode_codec_id(const unsigned char *, size_t);
412 static int decode_encoded_header_info(struct archive_read *,
413 struct _7z_stream_info *);
414 static int decompress(struct archive_read *, struct _7zip *,
415 void *, size_t *, const void *, size_t *);
416 static ssize_t extract_pack_stream(struct archive_read *, size_t);
417 static uint64_t folder_uncompressed_size(struct _7z_folder *);
418 static void free_CodersInfo(struct _7z_coders_info *);
419 static void free_Digest(struct _7z_digests *);
420 static void free_Folder(struct _7z_folder *);
421 static void free_Header(struct _7z_header_info *);
422 static void free_PackInfo(struct _7z_pack_info *);
423 static void free_StreamsInfo(struct _7z_stream_info *);
424 static void free_SubStreamsInfo(struct _7z_substream_info *);
425 static int free_decompression(struct archive_read *, struct _7zip *);
426 static ssize_t get_uncompressed_data(struct archive_read *, const void **,
427 size_t, size_t);
428 static const unsigned char * header_bytes(struct archive_read *, size_t);
429 static int init_decompression(struct archive_read *, struct _7zip *,
430 const struct _7z_coder *, const struct _7z_coder *);
431 static int parse_7zip_uint64(struct archive_read *, uint64_t *);
432 static int read_Bools(struct archive_read *, unsigned char *, size_t);
433 static int read_CodersInfo(struct archive_read *,
434 struct _7z_coders_info *);
435 static int read_Digests(struct archive_read *, struct _7z_digests *,
436 size_t);
437 static int read_Folder(struct archive_read *, struct _7z_folder *);
438 static int read_Header(struct archive_read *, struct _7z_header_info *,
439 int);
440 static int read_PackInfo(struct archive_read *, struct _7z_pack_info *);
441 static int read_StreamsInfo(struct archive_read *,
442 struct _7z_stream_info *);
443 static int read_SubStreamsInfo(struct archive_read *,
444 struct _7z_substream_info *, struct _7z_folder *, size_t);
445 static int read_Times(struct archive_read *, struct _7z_header_info *,
446 int);
447 static void read_consume(struct archive_read *);
448 static ssize_t read_stream(struct archive_read *, const void **, size_t,
449 size_t);
450 static int seek_pack(struct archive_read *);
451 static int64_t skip_stream(struct archive_read *, size_t);
452 static int skip_sfx(struct archive_read *, const ssize_t);
453 static ssize_t find_pe_overlay(struct archive_read *);
454 static ssize_t find_elf_data_sec(struct archive_read *);
455 static int slurp_central_directory(struct archive_read *, struct _7zip *,
456 struct _7z_header_info *);
457 static int setup_decode_folder(struct archive_read *, struct _7z_folder *,
458 int);
459 static void x86_Init(struct _7zip *);
460 static size_t x86_Convert(struct _7zip *, uint8_t *, size_t);
461 static void arm_Init(struct _7zip *);
462 static size_t arm_Convert(struct _7zip *, uint8_t *, size_t);
463 static size_t arm64_Convert(struct _7zip *, uint8_t *, size_t);
464 static ssize_t Bcj2_Decode(struct _7zip *, uint8_t *, size_t);
465 static size_t sparc_Convert(struct _7zip *, uint8_t *, size_t);
466 static size_t powerpc_Convert(struct _7zip *, uint8_t *, size_t);
467
468
469 int
archive_read_support_format_7zip(struct archive * _a)470 archive_read_support_format_7zip(struct archive *_a)
471 {
472 struct archive_read *a = (struct archive_read *)_a;
473 struct _7zip *zip;
474 int r;
475
476 archive_check_magic(_a, ARCHIVE_READ_MAGIC,
477 ARCHIVE_STATE_NEW, "archive_read_support_format_7zip");
478
479 zip = calloc(1, sizeof(*zip));
480 if (zip == NULL) {
481 archive_set_error(&a->archive, ENOMEM,
482 "Can't allocate 7zip data");
483 return (ARCHIVE_FATAL);
484 }
485
486 /*
487 * Until enough data has been read, we cannot tell about
488 * any encrypted entries yet.
489 */
490 zip->has_encrypted_entries = ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
491
492
493 r = __archive_read_register_format(a,
494 zip,
495 "7zip",
496 archive_read_format_7zip_bid,
497 NULL,
498 archive_read_format_7zip_read_header,
499 archive_read_format_7zip_read_data,
500 archive_read_format_7zip_read_data_skip,
501 NULL,
502 archive_read_format_7zip_cleanup,
503 archive_read_support_format_7zip_capabilities,
504 archive_read_format_7zip_has_encrypted_entries);
505
506 if (r != ARCHIVE_OK)
507 free(zip);
508 return (ARCHIVE_OK);
509 }
510
511 static int
archive_read_support_format_7zip_capabilities(struct archive_read * a)512 archive_read_support_format_7zip_capabilities(struct archive_read * a)
513 {
514 (void)a; /* UNUSED */
515 return (ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA |
516 ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA);
517 }
518
519
520 static int
archive_read_format_7zip_has_encrypted_entries(struct archive_read * _a)521 archive_read_format_7zip_has_encrypted_entries(struct archive_read *_a)
522 {
523 if (_a && _a->format) {
524 struct _7zip * zip = (struct _7zip *)_a->format->data;
525 if (zip) {
526 return zip->has_encrypted_entries;
527 }
528 }
529 return ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
530 }
531
532 static int
archive_read_format_7zip_bid(struct archive_read * a,int best_bid)533 archive_read_format_7zip_bid(struct archive_read *a, int best_bid)
534 {
535 const char *p;
536
537 /* If someone has already bid more than 32, then avoid
538 trashing the look-ahead buffers with a seek. */
539 if (best_bid > 32)
540 return (-1);
541
542 if ((p = __archive_read_ahead(a, 6, NULL)) == NULL)
543 return (0);
544
545 /* If first six bytes are the 7-Zip signature,
546 * return the bid right now. */
547 if (memcmp(p, _7ZIP_SIGNATURE, 6) == 0)
548 return (48);
549
550 /*
551 * It may a 7-Zip SFX archive file. If first two bytes are
552 * 'M' and 'Z' available on Windows or first four bytes are
553 * "\x7F\x45LF" available on posix like system, seek the 7-Zip
554 * signature. While find_pe_overlay can be performed without
555 * performing a seek, find_elf_data_sec requires one,
556 * thus a performance difference between the two is expected.
557 */
558 if ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0) {
559 const ssize_t min_addr = p[0] == 'M' ? find_pe_overlay(a) :
560 find_elf_data_sec(a);
561 ssize_t offset = min_addr;
562 ssize_t window = 4096;
563 ssize_t bytes_avail;
564 while (offset + window <= (min_addr + SFX_MAX_OFFSET)) {
565 const char *buff = __archive_read_ahead(a,
566 offset + window, &bytes_avail);
567 if (buff == NULL) {
568 /* Remaining bytes are less than window. */
569 window >>= 1;
570 if (window < 0x40)
571 return (0);
572 continue;
573 }
574 p = buff + offset;
575 while (p + 32 < buff + bytes_avail) {
576 int step = check_7zip_header_in_sfx(p);
577 if (step == 0)
578 return (48);
579 p += step;
580 }
581 offset = p - buff;
582 }
583 }
584 return (0);
585 }
586
587 static int
check_7zip_header_in_sfx(const char * p)588 check_7zip_header_in_sfx(const char *p)
589 {
590 switch ((unsigned char)p[5]) {
591 case 0x1C:
592 if (memcmp(p, _7ZIP_SIGNATURE, 6) != 0)
593 return (6);
594 /*
595 * Test the CRC because its extraction code has 7-Zip
596 * Magic Code, so we should do this in order not to
597 * make a mis-detection.
598 */
599 if (crc32(0, (const unsigned char *)p + 12, 20)
600 != archive_le32dec(p + 8))
601 return (6);
602 /* Hit the header! */
603 return (0);
604 case 0x37: return (5);
605 case 0x7A: return (4);
606 case 0xBC: return (3);
607 case 0xAF: return (2);
608 case 0x27: return (1);
609 default: return (6);
610 }
611 }
612
613 static int
skip_sfx(struct archive_read * a,const ssize_t min_addr)614 skip_sfx(struct archive_read *a, const ssize_t min_addr)
615 {
616 const void *h;
617 const char *p, *q;
618 size_t skip, offset;
619 ssize_t bytes, window;
620
621 if (__archive_read_seek(a, min_addr, SEEK_SET) < 0)
622 return (ARCHIVE_FATAL);
623
624 offset = 0;
625 window = 1;
626 while (offset + window <= SFX_MAX_ADDR - SFX_MIN_ADDR) {
627 h = __archive_read_ahead(a, window, &bytes);
628 if (h == NULL) {
629 /* Remaining bytes are less than window. */
630 window >>= 1;
631 if (window < 0x40)
632 goto fatal;
633 continue;
634 }
635 if (bytes < 6) {
636 /* This case might happen when window == 1. */
637 window = 4096;
638 continue;
639 }
640 p = (const char *)h;
641 q = p + bytes;
642
643 /*
644 * Scan ahead until we find something that looks
645 * like the 7-Zip header.
646 */
647 while (p + 32 < q) {
648 int step = check_7zip_header_in_sfx(p);
649 if (step == 0) {
650 struct _7zip *zip =
651 (struct _7zip *)a->format->data;
652 skip = p - (const char *)h;
653 __archive_read_consume(a, skip);
654 zip->seek_base = min_addr + offset + skip;
655 return (ARCHIVE_OK);
656 }
657 p += step;
658 }
659 skip = p - (const char *)h;
660 __archive_read_consume(a, skip);
661 offset += skip;
662 if (window == 1)
663 window = 4096;
664 }
665 fatal:
666 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
667 "Couldn't find out 7-Zip header");
668 return (ARCHIVE_FATAL);
669 }
670
671 static ssize_t
find_pe_overlay(struct archive_read * a)672 find_pe_overlay(struct archive_read *a)
673 {
674 const char *h;
675 ssize_t bytes, max_offset, offset, sec_end;
676 ssize_t opt_hdr_sz, sec_cnt;
677
678 for (;;) {
679 /*
680 * Read Dos header to find e_lfanew
681 */
682 h = __archive_read_ahead(a, PE_DOS_HDR_LEN, &bytes);
683 if (h == NULL || h[0] != 'M' || h[1] != 'Z') {
684 break;
685 }
686 offset = archive_le32dec(h + PE_DOS_HDR_ELFANEW_OFFSET);
687
688 /*
689 * Read COFF header to find opt header size and sec cnt
690 */
691 if (bytes < offset + PE_COFF_HDR_LEN) {
692 h = __archive_read_ahead(a, offset + PE_COFF_HDR_LEN,
693 &bytes);
694 if (h == NULL || h[offset] != 'P' ||
695 h[offset + 1] != 'E') {
696 break;
697 }
698 }
699 sec_cnt = archive_le16dec(
700 h + offset + PE_COFF_HDR_SEC_CNT_OFFSET);
701 opt_hdr_sz = archive_le16dec(
702 h + offset + PE_COFF_HDR_OPT_SZ_OFFSET);
703
704 /*
705 * Skip optional header
706 */
707 if (opt_hdr_sz != 0) {
708 offset += PE_COFF_HDR_LEN + opt_hdr_sz;
709 } else {
710 break;
711 }
712
713 /*
714 * Traverse sec table to find max raw offset (i.e., overlay)
715 */
716 if (bytes < offset + sec_cnt * PE_SEC_HDR_LEN) {
717 h = __archive_read_ahead(a,
718 offset + sec_cnt * PE_SEC_HDR_LEN, NULL);
719 if (h == NULL) {
720 break;
721 }
722 }
723 max_offset = offset;
724 while (sec_cnt > 0) {
725 sec_end = archive_le32dec(
726 h + offset + PE_SEC_HDR_RAW_SZ_OFFSET) +
727 archive_le32dec(
728 h + offset + PE_SEC_HDR_RAW_ADDR_OFFSET);
729 if (sec_end > max_offset) {
730 max_offset = sec_end;
731 }
732 offset += PE_SEC_HDR_LEN;
733 sec_cnt--;
734 }
735 return (max_offset);
736 }
737
738 /*
739 * If encounter any weirdness, revert to old brute-force style search
740 */
741 return (SFX_MIN_ADDR);
742 }
743
744 static ssize_t
find_elf_data_sec(struct archive_read * a)745 find_elf_data_sec(struct archive_read *a)
746 {
747 const char *h;
748 char big_endian, format_64;
749 ssize_t bytes, min_addr = SFX_MIN_ADDR;
750 ssize_t request;
751 uint64_t e_shoff, strtab_offset, strtab_size;
752 uint16_t e_shentsize, e_shnum, e_shstrndx;
753 uint16_t (*dec16)(const void *);
754 uint32_t (*dec32)(const void *);
755 uint64_t (*dec64)(const void *);
756
757 for (;;) {
758 /*
759 * Read Elf header to find bitness & endianness
760 */
761 h = __archive_read_ahead(a, ELF_HDR_MIN_LEN, &bytes);
762 if (h == NULL || memcmp(h, "\x7F\x45LF", 4) != 0) {
763 break;
764 }
765 format_64 = h[ELF_HDR_EI_CLASS_OFFSET] == 0x2;
766 big_endian = h[ELF_HDR_EI_DATA_OFFSET] == 0x2;
767 if (big_endian) {
768 dec16 = &archive_be16dec;
769 dec32 = &archive_be32dec;
770 dec64 = &archive_be64dec;
771 } else {
772 dec16 = &archive_le16dec;
773 dec32 = &archive_le32dec;
774 dec64 = &archive_le64dec;
775 }
776
777 /*
778 * Read section header table info
779 */
780 if (format_64) {
781 e_shoff = (*dec64)(h + 0x28);
782 e_shentsize = (*dec16)(h + 0x3A);
783 e_shnum = (*dec16)(h + 0x3C);
784 e_shstrndx = (*dec16)(h + 0x3E);
785 if (e_shnum < e_shstrndx || e_shentsize < 0x28)
786 break;
787
788 } else {
789 e_shoff = (*dec32)(h + 0x20);
790 e_shentsize = (*dec16)(h + 0x2E);
791 e_shnum = (*dec16)(h + 0x30);
792 e_shstrndx = (*dec16)(h + 0x32);
793 if (e_shnum < e_shstrndx || e_shentsize < 0x18)
794 break;
795 }
796
797 /*
798 * Reading the section table to find strtab section
799 */
800 if (__archive_read_seek(a, e_shoff, SEEK_SET) < 0) {
801 break;
802 }
803 if (format_64) {
804 request = (size_t)e_shnum * (size_t)e_shentsize + 0x28;
805 } else {
806 request = (size_t)e_shnum * (size_t)e_shentsize + 0x18;
807 }
808 h = __archive_read_ahead(a, request, &bytes);
809 if (h == NULL) {
810 break;
811 }
812 if (format_64) {
813 strtab_offset = (*dec64)(
814 h + e_shstrndx * e_shentsize + 0x18);
815 strtab_size = (*dec64)(
816 h + e_shstrndx * e_shentsize + 0x20);
817 } else {
818 strtab_offset = (*dec32)(
819 h + e_shstrndx * e_shentsize + 0x10);
820 strtab_size = (*dec32)(
821 h + e_shstrndx * e_shentsize + 0x14);
822 }
823 if (strtab_size < 6 || strtab_size > SIZE_MAX)
824 break;
825
826 /*
827 * Read the STRTAB section to find the .data offset
828 */
829 if (__archive_read_seek(a, strtab_offset, SEEK_SET) < 0) {
830 break;
831 }
832 h = __archive_read_ahead(a, strtab_size, NULL);
833 if (h == NULL) {
834 break;
835 }
836 ssize_t data_sym_offset = -1;
837 for (size_t offset = 0; offset < strtab_size - 6; offset++) {
838 if (memcmp(h + offset, ".data\00", 6) == 0) {
839 data_sym_offset = offset;
840 break;
841 }
842 }
843 if (data_sym_offset == -1) {
844 break;
845 }
846
847 /*
848 * Find the section with the .data name
849 */
850 if (__archive_read_seek(a, e_shoff, SEEK_SET) < 0) {
851 break;
852 }
853 h = __archive_read_ahead(a, (size_t)e_shnum * (size_t)e_shentsize, NULL);
854 if (h == NULL) {
855 break;
856 }
857 ssize_t sec_tbl_offset = 0, name_offset;
858 while (e_shnum > 0) {
859 name_offset = (*dec32)(h + sec_tbl_offset);
860 if (name_offset == data_sym_offset) {
861 uint64_t sel_offset;
862
863 if (format_64) {
864 sel_offset = (*dec64)(
865 h + sec_tbl_offset + 0x18);
866 } else {
867 sel_offset = (*dec32)(
868 h + sec_tbl_offset + 0x10);
869 }
870 if (sel_offset > SSIZE_MAX)
871 break;
872 min_addr = (ssize_t)sel_offset;
873 break;
874 }
875 sec_tbl_offset += e_shentsize;
876 e_shnum--;
877 }
878 break;
879 }
880
881 __archive_read_seek(a, 0, SEEK_SET);
882 return (min_addr);
883 }
884
885 static int
archive_read_format_7zip_read_header(struct archive_read * a,struct archive_entry * entry)886 archive_read_format_7zip_read_header(struct archive_read *a,
887 struct archive_entry *entry)
888 {
889 struct _7zip *zip = (struct _7zip *)a->format->data;
890 struct _7zip_entry *zip_entry;
891 int r, ret = ARCHIVE_OK;
892 struct _7z_folder *folder = 0;
893 uint64_t fidx = 0;
894
895 /*
896 * It should be sufficient to call archive_read_next_header() for
897 * a reader to determine if an entry is encrypted or not. If the
898 * encryption of an entry is only detectable when calling
899 * archive_read_data(), so be it. We'll do the same check there
900 * as well.
901 */
902 if (zip->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
903 zip->has_encrypted_entries = 0;
904 }
905
906 a->archive.archive_format = ARCHIVE_FORMAT_7ZIP;
907 if (a->archive.archive_format_name == NULL)
908 a->archive.archive_format_name = "7-Zip";
909
910 if (zip->entries == NULL) {
911 struct _7z_header_info header;
912
913 memset(&header, 0, sizeof(header));
914 r = slurp_central_directory(a, zip, &header);
915 free_Header(&header);
916 if (r != ARCHIVE_OK)
917 return (r);
918 zip->entries_remaining = (size_t)zip->numFiles;
919 zip->entry = zip->entries;
920 } else {
921 ++zip->entry;
922 }
923 zip_entry = zip->entry;
924
925 if (zip->entries_remaining <= 0 || zip_entry == NULL)
926 return ARCHIVE_EOF;
927 --zip->entries_remaining;
928
929 zip->entry_offset = 0;
930 zip->end_of_entry = 0;
931 zip->entry_crc32 = crc32(0, NULL, 0);
932
933 /* Setup a string conversion for a filename. */
934 if (zip->sconv == NULL) {
935 zip->sconv = archive_string_conversion_from_charset(
936 &a->archive, "UTF-16LE", 1);
937 if (zip->sconv == NULL)
938 return (ARCHIVE_FATAL);
939 }
940
941 /* Figure out if the entry is encrypted by looking at the folder
942 that is associated to the current 7zip entry. If the folder
943 has a coder with a _7Z_CRYPTO codec then the folder is encrypted.
944 Hence the entry must also be encrypted. */
945 if (zip_entry && zip_entry->folderIndex < zip->si.ci.numFolders) {
946 folder = &(zip->si.ci.folders[zip_entry->folderIndex]);
947 for (fidx=0; folder && fidx<folder->numCoders; fidx++) {
948 switch(folder->coders[fidx].codec) {
949 case _7Z_CRYPTO_MAIN_ZIP:
950 case _7Z_CRYPTO_RAR_29:
951 case _7Z_CRYPTO_AES_256_SHA_256: {
952 archive_entry_set_is_data_encrypted(entry, 1);
953 zip->has_encrypted_entries = 1;
954 break;
955 }
956 }
957 }
958 }
959
960 /* Now that we've checked for encryption, if there were still no
961 * encrypted entries found we can say for sure that there are none.
962 */
963 if (zip->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
964 zip->has_encrypted_entries = 0;
965 }
966
967 if (archive_entry_copy_pathname_l(entry,
968 (const char *)zip_entry->utf16name,
969 zip_entry->name_len, zip->sconv) != 0) {
970 if (errno == ENOMEM) {
971 archive_set_error(&a->archive, ENOMEM,
972 "Can't allocate memory for Pathname");
973 return (ARCHIVE_FATAL);
974 }
975 archive_set_error(&a->archive,
976 ARCHIVE_ERRNO_FILE_FORMAT,
977 "Pathname cannot be converted "
978 "from %s to current locale",
979 archive_string_conversion_charset_name(zip->sconv));
980 ret = ARCHIVE_WARN;
981 }
982
983 /* Populate some additional entry fields: */
984 archive_entry_set_mode(entry, zip_entry->mode);
985 if (zip_entry->flg & MTIME_IS_SET)
986 archive_entry_set_mtime(entry, zip_entry->mtime,
987 zip_entry->mtime_ns);
988 if (zip_entry->flg & CTIME_IS_SET)
989 archive_entry_set_ctime(entry, zip_entry->ctime,
990 zip_entry->ctime_ns);
991 if (zip_entry->flg & ATIME_IS_SET)
992 archive_entry_set_atime(entry, zip_entry->atime,
993 zip_entry->atime_ns);
994 if (zip_entry->ssIndex != (uint32_t)-1) {
995 zip->entry_bytes_remaining =
996 zip->si.ss.unpackSizes[zip_entry->ssIndex];
997 archive_entry_set_size(entry, zip->entry_bytes_remaining);
998 } else {
999 zip->entry_bytes_remaining = 0;
1000 archive_entry_set_size(entry, 0);
1001 }
1002
1003 // These attributes are supported by the windows implementation of archive_write_disk.
1004 const int supported_attrs = FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_HIDDEN | FILE_ATTRIBUTE_SYSTEM;
1005
1006 if (zip_entry->attr & supported_attrs) {
1007 char *fflags_text, *ptr;
1008 /* allocate for ",rdonly,hidden,system" */
1009 fflags_text = malloc(22 * sizeof(*fflags_text));
1010 if (fflags_text != NULL) {
1011 ptr = fflags_text;
1012 if (zip_entry->attr & FILE_ATTRIBUTE_READONLY) {
1013 strcpy(ptr, ",rdonly");
1014 ptr = ptr + 7;
1015 }
1016 if (zip_entry->attr & FILE_ATTRIBUTE_HIDDEN) {
1017 strcpy(ptr, ",hidden");
1018 ptr = ptr + 7;
1019 }
1020 if (zip_entry->attr & FILE_ATTRIBUTE_SYSTEM) {
1021 strcpy(ptr, ",system");
1022 ptr = ptr + 7;
1023 }
1024 if (ptr > fflags_text) {
1025 archive_entry_copy_fflags_text(entry,
1026 fflags_text + 1);
1027 }
1028 free(fflags_text);
1029 }
1030 }
1031
1032 /* If there's no body, force read_data() to return EOF immediately. */
1033 if (zip->entry_bytes_remaining < 1)
1034 zip->end_of_entry = 1;
1035
1036 if ((zip_entry->mode & AE_IFMT) == AE_IFLNK) {
1037 unsigned char *symname = NULL;
1038 size_t symsize = 0;
1039
1040 /*
1041 * Symbolic-name is recorded as its contents. We have to
1042 * read the contents at this time.
1043 */
1044 while (zip->entry_bytes_remaining > 0) {
1045 const void *buff;
1046 unsigned char *mem;
1047 size_t size;
1048 int64_t offset;
1049
1050 r = archive_read_format_7zip_read_data(a, &buff,
1051 &size, &offset);
1052 if (r < ARCHIVE_WARN) {
1053 free(symname);
1054 return (r);
1055 }
1056 mem = realloc(symname, symsize + size + 1);
1057 if (mem == NULL) {
1058 free(symname);
1059 archive_set_error(&a->archive, ENOMEM,
1060 "Can't allocate memory for Symname");
1061 return (ARCHIVE_FATAL);
1062 }
1063 symname = mem;
1064 memcpy(symname+symsize, buff, size);
1065 symsize += size;
1066 }
1067 if (symsize == 0) {
1068 /* If there is no symname, handle it as a regular
1069 * file. */
1070 zip_entry->mode &= ~AE_IFMT;
1071 zip_entry->mode |= AE_IFREG;
1072 archive_entry_set_mode(entry, zip_entry->mode);
1073 } else {
1074 struct archive_string_conv* utf8_conv;
1075
1076 symname[symsize] = '\0';
1077
1078 /* Symbolic links are embedded as UTF-8 strings */
1079 utf8_conv = archive_string_conversion_from_charset(&a->archive,
1080 "UTF-8", 1);
1081 if (utf8_conv == NULL) {
1082 free(symname);
1083 return ARCHIVE_FATAL;
1084 }
1085
1086 archive_entry_copy_symlink_l(entry, (const char*)symname, symsize,
1087 utf8_conv);
1088 }
1089 free(symname);
1090 archive_entry_set_size(entry, 0);
1091 }
1092
1093 /* Set up a more descriptive format name. */
1094 snprintf(zip->format_name, sizeof(zip->format_name), "7-Zip");
1095 a->archive.archive_format_name = zip->format_name;
1096
1097 return (ret);
1098 }
1099
1100 static int
archive_read_format_7zip_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1101 archive_read_format_7zip_read_data(struct archive_read *a,
1102 const void **buff, size_t *size, int64_t *offset)
1103 {
1104 struct _7zip *zip;
1105 ssize_t bytes;
1106 int ret = ARCHIVE_OK;
1107
1108 zip = (struct _7zip *)(a->format->data);
1109
1110 if (zip->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
1111 zip->has_encrypted_entries = 0;
1112 }
1113
1114 if (zip->pack_stream_bytes_unconsumed)
1115 read_consume(a);
1116
1117 *offset = zip->entry_offset;
1118 *size = 0;
1119 *buff = NULL;
1120 /*
1121 * If we hit end-of-entry last time, clean up and return
1122 * ARCHIVE_EOF this time.
1123 */
1124 if (zip->end_of_entry)
1125 return (ARCHIVE_EOF);
1126
1127 size_t bytes_to_read = 16 * 1024 * 1024; // Don't try to read more than 16 MB at a time
1128 if ((uint64_t)bytes_to_read > zip->entry_bytes_remaining) {
1129 bytes_to_read = (size_t)zip->entry_bytes_remaining;
1130 }
1131 bytes = read_stream(a, buff, bytes_to_read, 0);
1132 if (bytes < 0)
1133 return ((int)bytes);
1134 if (bytes == 0) {
1135 archive_set_error(&a->archive,
1136 ARCHIVE_ERRNO_FILE_FORMAT,
1137 "Truncated 7-Zip file body");
1138 return (ARCHIVE_FATAL);
1139 }
1140 zip->entry_bytes_remaining -= bytes;
1141 if (zip->entry_bytes_remaining == 0)
1142 zip->end_of_entry = 1;
1143
1144 /* Update checksum */
1145 if ((zip->entry->flg & CRC32_IS_SET) && bytes)
1146 zip->entry_crc32 = crc32(zip->entry_crc32, *buff,
1147 (unsigned)bytes);
1148
1149 /* If we hit the end, swallow any end-of-data marker. */
1150 if (zip->end_of_entry) {
1151 /* Check computed CRC against file contents. */
1152 if ((zip->entry->flg & CRC32_IS_SET) &&
1153 zip->si.ss.digests[zip->entry->ssIndex] !=
1154 zip->entry_crc32) {
1155 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1156 "7-Zip bad CRC: 0x%lx should be 0x%lx",
1157 (unsigned long)zip->entry_crc32,
1158 (unsigned long)zip->si.ss.digests[
1159 zip->entry->ssIndex]);
1160 ret = ARCHIVE_WARN;
1161 }
1162 }
1163
1164 *size = bytes;
1165 *offset = zip->entry_offset;
1166 zip->entry_offset += bytes;
1167
1168 return (ret);
1169 }
1170
1171 static int
archive_read_format_7zip_read_data_skip(struct archive_read * a)1172 archive_read_format_7zip_read_data_skip(struct archive_read *a)
1173 {
1174 struct _7zip *zip;
1175 int64_t bytes_skipped;
1176
1177 zip = (struct _7zip *)(a->format->data);
1178
1179 if (zip->pack_stream_bytes_unconsumed)
1180 read_consume(a);
1181
1182 /* If we've already read to end of data, we're done. */
1183 if (zip->end_of_entry)
1184 return (ARCHIVE_OK);
1185
1186 /*
1187 * If the length is at the beginning, we can skip the
1188 * compressed data much more quickly.
1189 */
1190 bytes_skipped = skip_stream(a, (size_t)zip->entry_bytes_remaining);
1191 if (bytes_skipped < 0)
1192 return (ARCHIVE_FATAL);
1193 zip->entry_bytes_remaining = 0;
1194
1195 /* This entry is finished and done. */
1196 zip->end_of_entry = 1;
1197 return (ARCHIVE_OK);
1198 }
1199
1200 static int
archive_read_format_7zip_cleanup(struct archive_read * a)1201 archive_read_format_7zip_cleanup(struct archive_read *a)
1202 {
1203 struct _7zip *zip;
1204
1205 zip = (struct _7zip *)(a->format->data);
1206 free_StreamsInfo(&(zip->si));
1207 free(zip->entries);
1208 free(zip->entry_names);
1209 free_decompression(a, zip);
1210 free(zip->uncompressed_buffer);
1211 free(zip->sub_stream_buff[0]);
1212 free(zip->sub_stream_buff[1]);
1213 free(zip->sub_stream_buff[2]);
1214 free(zip->tmp_stream_buff);
1215 free(zip);
1216 (a->format->data) = NULL;
1217 return (ARCHIVE_OK);
1218 }
1219
1220 static void
read_consume(struct archive_read * a)1221 read_consume(struct archive_read *a)
1222 {
1223 struct _7zip *zip = (struct _7zip *)a->format->data;
1224
1225 if (zip->pack_stream_bytes_unconsumed) {
1226 __archive_read_consume(a, zip->pack_stream_bytes_unconsumed);
1227 zip->stream_offset += zip->pack_stream_bytes_unconsumed;
1228 zip->pack_stream_bytes_unconsumed = 0;
1229 }
1230 }
1231
1232 #ifdef HAVE_LZMA_H
1233
1234 /*
1235 * Set an error code and choose an error message for liblzma.
1236 */
1237 static void
set_error(struct archive_read * a,int ret)1238 set_error(struct archive_read *a, int ret)
1239 {
1240
1241 switch (ret) {
1242 case LZMA_STREAM_END: /* Found end of stream. */
1243 case LZMA_OK: /* Decompressor made some progress. */
1244 break;
1245 case LZMA_MEM_ERROR:
1246 archive_set_error(&a->archive, ENOMEM,
1247 "Lzma library error: Cannot allocate memory");
1248 break;
1249 case LZMA_MEMLIMIT_ERROR:
1250 archive_set_error(&a->archive, ENOMEM,
1251 "Lzma library error: Out of memory");
1252 break;
1253 case LZMA_FORMAT_ERROR:
1254 archive_set_error(&a->archive,
1255 ARCHIVE_ERRNO_MISC,
1256 "Lzma library error: format not recognized");
1257 break;
1258 case LZMA_OPTIONS_ERROR:
1259 archive_set_error(&a->archive,
1260 ARCHIVE_ERRNO_MISC,
1261 "Lzma library error: Invalid options");
1262 break;
1263 case LZMA_DATA_ERROR:
1264 archive_set_error(&a->archive,
1265 ARCHIVE_ERRNO_MISC,
1266 "Lzma library error: Corrupted input data");
1267 break;
1268 case LZMA_BUF_ERROR:
1269 archive_set_error(&a->archive,
1270 ARCHIVE_ERRNO_MISC,
1271 "Lzma library error: No progress is possible");
1272 break;
1273 default:
1274 /* Return an error. */
1275 archive_set_error(&a->archive,
1276 ARCHIVE_ERRNO_MISC,
1277 "Lzma decompression failed: Unknown error");
1278 break;
1279 }
1280 }
1281
1282 #endif
1283
1284 static unsigned long
decode_codec_id(const unsigned char * codecId,size_t id_size)1285 decode_codec_id(const unsigned char *codecId, size_t id_size)
1286 {
1287 unsigned i;
1288 unsigned long id = 0;
1289
1290 for (i = 0; i < id_size; i++) {
1291 id <<= 8;
1292 id += codecId[i];
1293 }
1294 return (id);
1295 }
1296
1297 static Byte
ppmd_read(void * p)1298 ppmd_read(void *p)
1299 {
1300 struct archive_read *a = ((IByteIn*)p)->a;
1301 struct _7zip *zip = (struct _7zip *)(a->format->data);
1302 Byte b;
1303
1304 if (zip->ppstream.avail_in <= 0) {
1305 /*
1306 * Ppmd7_DecodeSymbol might require reading multiple bytes
1307 * and we are on boundary;
1308 * last resort to read using __archive_read_ahead.
1309 */
1310 ssize_t bytes_avail = 0;
1311 const uint8_t* data = __archive_read_ahead(a,
1312 (size_t)zip->ppstream.stream_in+1, &bytes_avail);
1313 if(data == NULL || bytes_avail < zip->ppstream.stream_in+1) {
1314 archive_set_error(&a->archive,
1315 ARCHIVE_ERRNO_FILE_FORMAT,
1316 "Truncated 7z file data");
1317 zip->ppstream.overconsumed = 1;
1318 return (0);
1319 }
1320 zip->ppstream.next_in++;
1321 b = data[zip->ppstream.stream_in];
1322 } else {
1323 b = *zip->ppstream.next_in++;
1324 }
1325 zip->ppstream.avail_in--;
1326 zip->ppstream.total_in++;
1327 zip->ppstream.stream_in++;
1328 return (b);
1329 }
1330
1331 static int
init_decompression(struct archive_read * a,struct _7zip * zip,const struct _7z_coder * coder1,const struct _7z_coder * coder2)1332 init_decompression(struct archive_read *a, struct _7zip *zip,
1333 const struct _7z_coder *coder1, const struct _7z_coder *coder2)
1334 {
1335 int r;
1336
1337 zip->codec = coder1->codec;
1338 zip->codec2 = -1;
1339
1340 switch (zip->codec) {
1341 case _7Z_COPY:
1342 case _7Z_BZ2:
1343 case _7Z_DEFLATE:
1344 case _7Z_ZSTD:
1345 case _7Z_PPMD:
1346 if (coder2 != NULL) {
1347 if (coder2->codec != _7Z_X86 &&
1348 coder2->codec != _7Z_X86_BCJ2 &&
1349 coder2->codec != _7Z_ARM &&
1350 coder2->codec != _7Z_ARM64 &&
1351 coder2->codec != _7Z_POWERPC &&
1352 coder2->codec != _7Z_SPARC) {
1353 archive_set_error(&a->archive,
1354 ARCHIVE_ERRNO_MISC,
1355 "Unsupported filter %lx for %lx",
1356 coder2->codec, coder1->codec);
1357 return (ARCHIVE_FAILED);
1358 }
1359 zip->codec2 = coder2->codec;
1360 zip->bcj_state = 0;
1361 if (coder2->codec == _7Z_X86)
1362 x86_Init(zip);
1363 else if (coder2->codec == _7Z_ARM)
1364 arm_Init(zip);
1365 }
1366 break;
1367 default:
1368 break;
1369 }
1370
1371 switch (zip->codec) {
1372 case _7Z_COPY:
1373 break;
1374
1375 case _7Z_LZMA: case _7Z_LZMA2:
1376 #ifdef HAVE_LZMA_H
1377 #if LZMA_VERSION_MAJOR >= 5
1378 /* Effectively disable the limiter. */
1379 #define LZMA_MEMLIMIT UINT64_MAX
1380 #else
1381 /* NOTE: This needs to check memory size which running system has. */
1382 #define LZMA_MEMLIMIT (1U << 30)
1383 #endif
1384 {
1385 lzma_options_delta delta_opt;
1386 lzma_filter filters[LZMA_FILTERS_MAX], *ff;
1387 int fi = 0;
1388
1389 if (zip->lzstream_valid) {
1390 lzma_end(&(zip->lzstream));
1391 zip->lzstream_valid = 0;
1392 }
1393
1394 /*
1395 * NOTE: liblzma incompletely handle the BCJ+LZMA compressed
1396 * data made by 7-Zip because 7-Zip does not add End-Of-
1397 * Payload Marker(EOPM) at the end of LZMA compressed data,
1398 * and so liblzma cannot know the end of the compressed data
1399 * without EOPM. So consequently liblzma will not return last
1400 * three or four bytes of uncompressed data because
1401 * LZMA_FILTER_X86 filter does not handle input data if its
1402 * data size is less than five bytes. If liblzma detect EOPM
1403 * or know the uncompressed data size, liblzma will flush out
1404 * the remaining that three or four bytes of uncompressed
1405 * data. That is why we have to use our converting program
1406 * for BCJ+LZMA. If we were able to tell the uncompressed
1407 * size to liblzma when using lzma_raw_decoder() liblzma
1408 * could correctly deal with BCJ+LZMA. But unfortunately
1409 * there is no way to do that.
1410 *
1411 * Reference: https://web.archive.org/web/20240405171610/https://www.mail-archive.com/xz-devel@tukaani.org/msg00373.html
1412 */
1413 if (coder2 != NULL) {
1414 zip->codec2 = coder2->codec;
1415
1416 filters[fi].options = NULL;
1417 switch (zip->codec2) {
1418 case _7Z_X86:
1419 if (zip->codec == _7Z_LZMA2) {
1420 filters[fi].id = LZMA_FILTER_X86;
1421 fi++;
1422 } else
1423 /* Use our filter. */
1424 x86_Init(zip);
1425 break;
1426 case _7Z_X86_BCJ2:
1427 /* Use our filter. */
1428 zip->bcj_state = 0;
1429 break;
1430 case _7Z_DELTA:
1431 if (coder2->propertiesSize != 1) {
1432 archive_set_error(&a->archive,
1433 ARCHIVE_ERRNO_MISC,
1434 "Invalid Delta parameter");
1435 return (ARCHIVE_FAILED);
1436 }
1437 filters[fi].id = LZMA_FILTER_DELTA;
1438 memset(&delta_opt, 0, sizeof(delta_opt));
1439 delta_opt.type = LZMA_DELTA_TYPE_BYTE;
1440 delta_opt.dist =
1441 (uint32_t)coder2->properties[0] + 1;
1442 filters[fi].options = &delta_opt;
1443 fi++;
1444 break;
1445 /* Following filters have not been tested yet. */
1446 case _7Z_POWERPC:
1447 filters[fi].id = LZMA_FILTER_POWERPC;
1448 fi++;
1449 break;
1450 case _7Z_IA64:
1451 filters[fi].id = LZMA_FILTER_IA64;
1452 fi++;
1453 break;
1454 case _7Z_ARM:
1455 filters[fi].id = LZMA_FILTER_ARM;
1456 fi++;
1457 break;
1458 case _7Z_ARMTHUMB:
1459 filters[fi].id = LZMA_FILTER_ARMTHUMB;
1460 fi++;
1461 break;
1462 #ifdef LZMA_FILTER_ARM64
1463 case _7Z_ARM64:
1464 filters[fi].id = LZMA_FILTER_ARM64;
1465 fi++;
1466 break;
1467 #endif
1468 #ifdef LZMA_FILTER_RISCV
1469 case _7Z_RISCV:
1470 filters[fi].id = LZMA_FILTER_RISCV;
1471 fi++;
1472 break;
1473 #endif
1474 case _7Z_SPARC:
1475 filters[fi].id = LZMA_FILTER_SPARC;
1476 fi++;
1477 break;
1478 default:
1479 archive_set_error(&a->archive,
1480 ARCHIVE_ERRNO_MISC,
1481 "Unexpected codec ID: %lX", zip->codec2);
1482 return (ARCHIVE_FAILED);
1483 }
1484 }
1485
1486 if (zip->codec == _7Z_LZMA2)
1487 filters[fi].id = LZMA_FILTER_LZMA2;
1488 else
1489 filters[fi].id = LZMA_FILTER_LZMA1;
1490 filters[fi].options = NULL;
1491 ff = &filters[fi];
1492 r = lzma_properties_decode(&filters[fi], NULL,
1493 coder1->properties, (size_t)coder1->propertiesSize);
1494 if (r != LZMA_OK) {
1495 set_error(a, r);
1496 return (ARCHIVE_FAILED);
1497 }
1498 fi++;
1499
1500 filters[fi].id = LZMA_VLI_UNKNOWN;
1501 filters[fi].options = NULL;
1502 r = lzma_raw_decoder(&(zip->lzstream), filters);
1503 free(ff->options);
1504 if (r != LZMA_OK) {
1505 set_error(a, r);
1506 return (ARCHIVE_FAILED);
1507 }
1508 zip->lzstream_valid = 1;
1509 zip->lzstream.total_in = 0;
1510 zip->lzstream.total_out = 0;
1511 break;
1512 }
1513 #else
1514 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1515 "LZMA codec is unsupported");
1516 return (ARCHIVE_FAILED);
1517 #endif
1518 case _7Z_BZ2:
1519 #if defined(HAVE_BZLIB_H) && defined(BZ_CONFIG_ERROR)
1520 if (zip->bzstream_valid) {
1521 BZ2_bzDecompressEnd(&(zip->bzstream));
1522 zip->bzstream_valid = 0;
1523 }
1524 r = BZ2_bzDecompressInit(&(zip->bzstream), 0, 0);
1525 if (r == BZ_MEM_ERROR)
1526 r = BZ2_bzDecompressInit(&(zip->bzstream), 0, 1);
1527 if (r != BZ_OK) {
1528 int err = ARCHIVE_ERRNO_MISC;
1529 const char *detail = NULL;
1530 switch (r) {
1531 case BZ_PARAM_ERROR:
1532 detail = "invalid setup parameter";
1533 break;
1534 case BZ_MEM_ERROR:
1535 err = ENOMEM;
1536 detail = "out of memory";
1537 break;
1538 case BZ_CONFIG_ERROR:
1539 detail = "mis-compiled library";
1540 break;
1541 }
1542 archive_set_error(&a->archive, err,
1543 "Internal error initializing decompressor: %s",
1544 detail != NULL ? detail : "??");
1545 zip->bzstream_valid = 0;
1546 return (ARCHIVE_FAILED);
1547 }
1548 zip->bzstream_valid = 1;
1549 zip->bzstream.total_in_lo32 = 0;
1550 zip->bzstream.total_in_hi32 = 0;
1551 zip->bzstream.total_out_lo32 = 0;
1552 zip->bzstream.total_out_hi32 = 0;
1553 break;
1554 #else
1555 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1556 "BZ2 codec is unsupported");
1557 return (ARCHIVE_FAILED);
1558 #endif
1559 case _7Z_ZSTD:
1560 {
1561 #if defined(HAVE_ZSTD_H)
1562 if (zip->zstdstream_valid) {
1563 ZSTD_freeDStream(zip->zstd_dstream);
1564 zip->zstdstream_valid = 0;
1565 }
1566 zip->zstd_dstream = ZSTD_createDStream();
1567 zip->zstdstream_valid = 1;
1568 break;
1569 #else
1570 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1571 "ZSTD codec is unsupported");
1572 return (ARCHIVE_FAILED);
1573 #endif
1574 }
1575 case _7Z_DEFLATE:
1576 #ifdef HAVE_ZLIB_H
1577 if (zip->stream_valid)
1578 r = inflateReset(&(zip->stream));
1579 else
1580 r = inflateInit2(&(zip->stream),
1581 -15 /* Don't check for zlib header */);
1582 if (r != Z_OK) {
1583 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1584 "Couldn't initialize zlib stream");
1585 return (ARCHIVE_FAILED);
1586 }
1587 zip->stream_valid = 1;
1588 zip->stream.total_in = 0;
1589 zip->stream.total_out = 0;
1590 break;
1591 #else
1592 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1593 "DEFLATE codec is unsupported");
1594 return (ARCHIVE_FAILED);
1595 #endif
1596 case _7Z_PPMD:
1597 {
1598 unsigned order;
1599 uint32_t msize;
1600
1601 if (zip->ppmd7_valid) {
1602 __archive_ppmd7_functions.Ppmd7_Free(
1603 &zip->ppmd7_context);
1604 zip->ppmd7_valid = 0;
1605 }
1606
1607 if (coder1->propertiesSize < 5) {
1608 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1609 "Malformed PPMd parameter");
1610 return (ARCHIVE_FAILED);
1611 }
1612 order = coder1->properties[0];
1613 msize = archive_le32dec(&(coder1->properties[1]));
1614 if (order < PPMD7_MIN_ORDER || order > PPMD7_MAX_ORDER ||
1615 msize < PPMD7_MIN_MEM_SIZE || msize > PPMD7_MAX_MEM_SIZE) {
1616 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1617 "Malformed PPMd parameter");
1618 return (ARCHIVE_FAILED);
1619 }
1620 __archive_ppmd7_functions.Ppmd7_Construct(&zip->ppmd7_context);
1621 r = __archive_ppmd7_functions.Ppmd7_Alloc(
1622 &zip->ppmd7_context, msize);
1623 if (r == 0) {
1624 archive_set_error(&a->archive, ENOMEM,
1625 "Coludn't allocate memory for PPMd");
1626 return (ARCHIVE_FATAL);
1627 }
1628 __archive_ppmd7_functions.Ppmd7_Init(
1629 &zip->ppmd7_context, order);
1630 __archive_ppmd7_functions.Ppmd7z_RangeDec_CreateVTable(
1631 &zip->range_dec);
1632 zip->ppmd7_valid = 1;
1633 zip->ppmd7_stat = 0;
1634 zip->ppstream.overconsumed = 0;
1635 zip->ppstream.total_in = 0;
1636 zip->ppstream.total_out = 0;
1637 break;
1638 }
1639 case _7Z_X86:
1640 case _7Z_X86_BCJ2:
1641 case _7Z_POWERPC:
1642 case _7Z_IA64:
1643 case _7Z_ARM:
1644 case _7Z_ARMTHUMB:
1645 case _7Z_ARM64:
1646 case _7Z_RISCV:
1647 case _7Z_SPARC:
1648 case _7Z_DELTA:
1649 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1650 "Unexpected codec ID: %lX", zip->codec);
1651 return (ARCHIVE_FAILED);
1652 case _7Z_CRYPTO_MAIN_ZIP:
1653 case _7Z_CRYPTO_RAR_29:
1654 case _7Z_CRYPTO_AES_256_SHA_256:
1655 if (a->entry) {
1656 archive_entry_set_is_metadata_encrypted(a->entry, 1);
1657 archive_entry_set_is_data_encrypted(a->entry, 1);
1658 zip->has_encrypted_entries = 1;
1659 }
1660 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1661 "Crypto codec not supported yet (ID: 0x%lX)", zip->codec);
1662 return (ARCHIVE_FAILED);
1663 default:
1664 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1665 "Unknown codec ID: %lX", zip->codec);
1666 return (ARCHIVE_FAILED);
1667 }
1668
1669 return (ARCHIVE_OK);
1670 }
1671
1672 static int
decompress(struct archive_read * a,struct _7zip * zip,void * buff,size_t * outbytes,const void * b,size_t * used)1673 decompress(struct archive_read *a, struct _7zip *zip,
1674 void *buff, size_t *outbytes, const void *b, size_t *used)
1675 {
1676 const uint8_t *t_next_in;
1677 uint8_t *t_next_out;
1678 size_t o_avail_in, o_avail_out;
1679 size_t t_avail_in, t_avail_out;
1680 uint8_t *bcj2_next_out;
1681 size_t bcj2_avail_out;
1682 int r, ret = ARCHIVE_OK;
1683
1684 t_avail_in = o_avail_in = *used;
1685 t_avail_out = o_avail_out = *outbytes;
1686 t_next_in = b;
1687 t_next_out = buff;
1688
1689 if (zip->codec != _7Z_LZMA2 && zip->codec2 == _7Z_X86) {
1690 int i;
1691
1692 /* Do not copy out the BCJ remaining bytes when the output
1693 * buffer size is less than five bytes. */
1694 if (o_avail_in != 0 && t_avail_out < 5 && zip->odd_bcj_size) {
1695 *used = 0;
1696 *outbytes = 0;
1697 return (ret);
1698 }
1699 for (i = 0; zip->odd_bcj_size > 0 && t_avail_out; i++) {
1700 *t_next_out++ = zip->odd_bcj[i];
1701 t_avail_out--;
1702 zip->odd_bcj_size--;
1703 }
1704 if (o_avail_in == 0 || t_avail_out == 0) {
1705 *used = o_avail_in - t_avail_in;
1706 *outbytes = o_avail_out - t_avail_out;
1707 if (o_avail_in == 0)
1708 ret = ARCHIVE_EOF;
1709 return (ret);
1710 }
1711 }
1712
1713 bcj2_next_out = t_next_out;
1714 bcj2_avail_out = t_avail_out;
1715 if (zip->codec2 == _7Z_X86_BCJ2) {
1716 /*
1717 * Decord a remaining decompressed main stream for BCJ2.
1718 */
1719 if (zip->tmp_stream_bytes_remaining) {
1720 ssize_t bytes;
1721 size_t remaining = zip->tmp_stream_bytes_remaining;
1722 bytes = Bcj2_Decode(zip, t_next_out, t_avail_out);
1723 if (bytes < 0) {
1724 archive_set_error(&(a->archive),
1725 ARCHIVE_ERRNO_MISC,
1726 "BCJ2 conversion failed");
1727 return (ARCHIVE_FAILED);
1728 }
1729 zip->main_stream_bytes_remaining -=
1730 remaining - zip->tmp_stream_bytes_remaining;
1731 t_avail_out -= bytes;
1732 if (o_avail_in == 0 || t_avail_out == 0) {
1733 *used = 0;
1734 *outbytes = o_avail_out - t_avail_out;
1735 if (o_avail_in == 0 &&
1736 zip->tmp_stream_bytes_remaining)
1737 ret = ARCHIVE_EOF;
1738 return (ret);
1739 }
1740 t_next_out += bytes;
1741 bcj2_next_out = t_next_out;
1742 bcj2_avail_out = t_avail_out;
1743 }
1744 t_next_out = zip->tmp_stream_buff;
1745 t_avail_out = zip->tmp_stream_buff_size;
1746 }
1747
1748 switch (zip->codec) {
1749 case _7Z_COPY:
1750 {
1751 size_t bytes =
1752 (t_avail_in > t_avail_out)?t_avail_out:t_avail_in;
1753
1754 memcpy(t_next_out, t_next_in, bytes);
1755 t_avail_in -= bytes;
1756 t_avail_out -= bytes;
1757 if (o_avail_in == 0)
1758 ret = ARCHIVE_EOF;
1759 break;
1760 }
1761 #ifdef HAVE_LZMA_H
1762 case _7Z_LZMA: case _7Z_LZMA2:
1763 zip->lzstream.next_in = t_next_in;
1764 zip->lzstream.avail_in = t_avail_in;
1765 zip->lzstream.next_out = t_next_out;
1766 zip->lzstream.avail_out = t_avail_out;
1767
1768 r = lzma_code(&(zip->lzstream), LZMA_RUN);
1769 switch (r) {
1770 case LZMA_STREAM_END: /* Found end of stream. */
1771 lzma_end(&(zip->lzstream));
1772 zip->lzstream_valid = 0;
1773 ret = ARCHIVE_EOF;
1774 break;
1775 case LZMA_OK: /* Decompressor made some progress. */
1776 break;
1777 default:
1778 archive_set_error(&(a->archive),
1779 ARCHIVE_ERRNO_MISC,
1780 "Decompression failed (%d)",
1781 r);
1782 return (ARCHIVE_FAILED);
1783 }
1784 t_avail_in = zip->lzstream.avail_in;
1785 t_avail_out = zip->lzstream.avail_out;
1786 break;
1787 #endif
1788 #if defined(HAVE_BZLIB_H) && defined(BZ_CONFIG_ERROR)
1789 case _7Z_BZ2:
1790 zip->bzstream.next_in = (char *)(uintptr_t)t_next_in;
1791 zip->bzstream.avail_in = (uint32_t)t_avail_in;
1792 zip->bzstream.next_out = (char *)(uintptr_t)t_next_out;
1793 zip->bzstream.avail_out = (uint32_t)t_avail_out;
1794 r = BZ2_bzDecompress(&(zip->bzstream));
1795 switch (r) {
1796 case BZ_STREAM_END: /* Found end of stream. */
1797 switch (BZ2_bzDecompressEnd(&(zip->bzstream))) {
1798 case BZ_OK:
1799 break;
1800 default:
1801 archive_set_error(&(a->archive),
1802 ARCHIVE_ERRNO_MISC,
1803 "Failed to clean up decompressor");
1804 return (ARCHIVE_FAILED);
1805 }
1806 zip->bzstream_valid = 0;
1807 ret = ARCHIVE_EOF;
1808 break;
1809 case BZ_OK: /* Decompressor made some progress. */
1810 break;
1811 default:
1812 archive_set_error(&(a->archive),
1813 ARCHIVE_ERRNO_MISC,
1814 "bzip decompression failed");
1815 return (ARCHIVE_FAILED);
1816 }
1817 t_avail_in = zip->bzstream.avail_in;
1818 t_avail_out = zip->bzstream.avail_out;
1819 break;
1820 #endif
1821 #ifdef HAVE_ZLIB_H
1822 case _7Z_DEFLATE:
1823 zip->stream.next_in = (Bytef *)(uintptr_t)t_next_in;
1824 zip->stream.avail_in = (uInt)t_avail_in;
1825 zip->stream.next_out = t_next_out;
1826 zip->stream.avail_out = (uInt)t_avail_out;
1827 r = inflate(&(zip->stream), 0);
1828 switch (r) {
1829 case Z_STREAM_END: /* Found end of stream. */
1830 ret = ARCHIVE_EOF;
1831 break;
1832 case Z_OK: /* Decompressor made some progress.*/
1833 break;
1834 default:
1835 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1836 "File decompression failed (%d)", r);
1837 return (ARCHIVE_FAILED);
1838 }
1839 t_avail_in = zip->stream.avail_in;
1840 t_avail_out = zip->stream.avail_out;
1841 break;
1842 #endif
1843 #ifdef HAVE_ZSTD_H
1844 case _7Z_ZSTD:
1845 {
1846 ZSTD_inBuffer input = { t_next_in, t_avail_in, 0 }; // src, size, pos
1847 ZSTD_outBuffer output = { t_next_out, t_avail_out, 0 }; // dst, size, pos
1848
1849 size_t const zret = ZSTD_decompressStream(zip->zstd_dstream, &output, &input);
1850 if (ZSTD_isError(zret)) {
1851 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, "Zstd decompression failed: %s", ZSTD_getErrorName(zret));
1852 return ARCHIVE_FAILED;
1853 }
1854 t_avail_in -= input.pos;
1855 t_avail_out -= output.pos;
1856 break;
1857 }
1858 #endif
1859 case _7Z_PPMD:
1860 {
1861 uint64_t flush_bytes;
1862
1863 if (!zip->ppmd7_valid || zip->ppmd7_stat < 0 ||
1864 t_avail_out <= 0) {
1865 archive_set_error(&(a->archive),
1866 ARCHIVE_ERRNO_MISC,
1867 "Decompression internal error");
1868 return (ARCHIVE_FAILED);
1869 }
1870 zip->ppstream.next_in = t_next_in;
1871 zip->ppstream.avail_in = t_avail_in;
1872 zip->ppstream.stream_in = 0;
1873 zip->ppstream.next_out = t_next_out;
1874 zip->ppstream.avail_out = t_avail_out;
1875 if (zip->ppmd7_stat == 0) {
1876 zip->bytein.a = a;
1877 zip->bytein.Read = &ppmd_read;
1878 zip->range_dec.Stream = &zip->bytein;
1879 r = __archive_ppmd7_functions.Ppmd7z_RangeDec_Init(
1880 &(zip->range_dec));
1881 if (r == 0) {
1882 zip->ppmd7_stat = -1;
1883 archive_set_error(&a->archive,
1884 ARCHIVE_ERRNO_MISC,
1885 "Failed to initialize PPMd range decoder");
1886 return (ARCHIVE_FAILED);
1887 }
1888 if (zip->ppstream.overconsumed) {
1889 zip->ppmd7_stat = -1;
1890 return (ARCHIVE_FAILED);
1891 }
1892 zip->ppmd7_stat = 1;
1893 }
1894
1895 if (t_avail_in == 0)
1896 /* XXX Flush out remaining decoded data XXX */
1897 flush_bytes = zip->folder_outbytes_remaining;
1898 else
1899 flush_bytes = 0;
1900
1901 do {
1902 int sym;
1903
1904 sym = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
1905 &(zip->ppmd7_context), &(zip->range_dec.p));
1906 if (sym < 0) {
1907 zip->ppmd7_stat = -1;
1908 archive_set_error(&a->archive,
1909 ARCHIVE_ERRNO_FILE_FORMAT,
1910 "Failed to decode PPMd");
1911 return (ARCHIVE_FAILED);
1912 }
1913 if (zip->ppstream.overconsumed) {
1914 zip->ppmd7_stat = -1;
1915 return (ARCHIVE_FAILED);
1916 }
1917 *zip->ppstream.next_out++ = (unsigned char)sym;
1918 zip->ppstream.avail_out--;
1919 zip->ppstream.total_out++;
1920 if (flush_bytes)
1921 flush_bytes--;
1922 } while (zip->ppstream.avail_out &&
1923 (zip->ppstream.avail_in || flush_bytes));
1924
1925 t_avail_in = (size_t)zip->ppstream.avail_in;
1926 t_avail_out = (size_t)zip->ppstream.avail_out;
1927 break;
1928 }
1929 default:
1930 archive_set_error(&(a->archive), ARCHIVE_ERRNO_MISC,
1931 "Decompression internal error");
1932 return (ARCHIVE_FAILED);
1933 }
1934 if (ret != ARCHIVE_OK && ret != ARCHIVE_EOF)
1935 return (ret);
1936
1937 *used = o_avail_in - t_avail_in;
1938 *outbytes = o_avail_out - t_avail_out;
1939
1940 /*
1941 * Decord BCJ.
1942 */
1943 if (zip->codec != _7Z_LZMA2) {
1944 if (zip->codec2 == _7Z_X86) {
1945 size_t l = x86_Convert(zip, buff, *outbytes);
1946
1947 zip->odd_bcj_size = *outbytes - l;
1948 if (zip->odd_bcj_size > 0 && zip->odd_bcj_size <= 4 &&
1949 o_avail_in && ret != ARCHIVE_EOF) {
1950 memcpy(zip->odd_bcj, ((unsigned char *)buff) + l,
1951 zip->odd_bcj_size);
1952 *outbytes = l;
1953 } else
1954 zip->odd_bcj_size = 0;
1955 } else if (zip->codec2 == _7Z_ARM) {
1956 *outbytes = arm_Convert(zip, buff, *outbytes);
1957 } else if (zip->codec2 == _7Z_ARM64) {
1958 *outbytes = arm64_Convert(zip, buff, *outbytes);
1959 } else if (zip->codec2 == _7Z_SPARC) {
1960 *outbytes = sparc_Convert(zip, buff, *outbytes);
1961 } else if (zip->codec2 == _7Z_POWERPC) {
1962 *outbytes = powerpc_Convert(zip, buff, *outbytes);
1963 }
1964 }
1965
1966 /*
1967 * Decord BCJ2 with a decompressed main stream.
1968 */
1969 if (zip->codec2 == _7Z_X86_BCJ2) {
1970 ssize_t bytes;
1971
1972 zip->tmp_stream_bytes_avail =
1973 zip->tmp_stream_buff_size - t_avail_out;
1974 if (zip->tmp_stream_bytes_avail >
1975 zip->main_stream_bytes_remaining)
1976 zip->tmp_stream_bytes_avail =
1977 zip->main_stream_bytes_remaining;
1978 zip->tmp_stream_bytes_remaining = zip->tmp_stream_bytes_avail;
1979 bytes = Bcj2_Decode(zip, bcj2_next_out, bcj2_avail_out);
1980 if (bytes < 0) {
1981 archive_set_error(&(a->archive),
1982 ARCHIVE_ERRNO_MISC, "BCJ2 conversion failed");
1983 return (ARCHIVE_FAILED);
1984 }
1985 zip->main_stream_bytes_remaining -=
1986 zip->tmp_stream_bytes_avail
1987 - zip->tmp_stream_bytes_remaining;
1988 bcj2_avail_out -= bytes;
1989 *outbytes = o_avail_out - bcj2_avail_out;
1990 }
1991
1992 return (ret);
1993 }
1994
1995 static int
free_decompression(struct archive_read * a,struct _7zip * zip)1996 free_decompression(struct archive_read *a, struct _7zip *zip)
1997 {
1998 int r = ARCHIVE_OK;
1999
2000 #if !defined(HAVE_ZLIB_H) &&\
2001 !(defined(HAVE_BZLIB_H) && defined(BZ_CONFIG_ERROR))
2002 (void)a;/* UNUSED */
2003 #endif
2004 #ifdef HAVE_LZMA_H
2005 if (zip->lzstream_valid)
2006 lzma_end(&(zip->lzstream));
2007 #endif
2008 #if defined(HAVE_BZLIB_H) && defined(BZ_CONFIG_ERROR)
2009 if (zip->bzstream_valid) {
2010 if (BZ2_bzDecompressEnd(&(zip->bzstream)) != BZ_OK) {
2011 archive_set_error(&a->archive,
2012 ARCHIVE_ERRNO_MISC,
2013 "Failed to clean up bzip2 decompressor");
2014 r = ARCHIVE_FATAL;
2015 }
2016 zip->bzstream_valid = 0;
2017 }
2018 #endif
2019 #ifdef HAVE_ZLIB_H
2020 if (zip->stream_valid) {
2021 if (inflateEnd(&(zip->stream)) != Z_OK) {
2022 archive_set_error(&a->archive,
2023 ARCHIVE_ERRNO_MISC,
2024 "Failed to clean up zlib decompressor");
2025 r = ARCHIVE_FATAL;
2026 }
2027 zip->stream_valid = 0;
2028 }
2029 #endif
2030 #ifdef HAVE_ZSTD_H
2031 if (zip->zstdstream_valid)
2032 ZSTD_freeDStream(zip->zstd_dstream);
2033 #endif
2034 if (zip->ppmd7_valid) {
2035 __archive_ppmd7_functions.Ppmd7_Free(
2036 &zip->ppmd7_context);
2037 zip->ppmd7_valid = 0;
2038 }
2039 return (r);
2040 }
2041
2042 static int
parse_7zip_uint64(struct archive_read * a,uint64_t * val)2043 parse_7zip_uint64(struct archive_read *a, uint64_t *val)
2044 {
2045 const unsigned char *p;
2046 unsigned char avail, mask;
2047 int i;
2048
2049 if ((p = header_bytes(a, 1)) == NULL)
2050 return (-1);
2051 avail = *p;
2052 mask = 0x80;
2053 *val = 0;
2054 for (i = 0; i < 8; i++) {
2055 if (avail & mask) {
2056 if ((p = header_bytes(a, 1)) == NULL)
2057 return (-1);
2058 *val |= ((uint64_t)*p) << (8 * i);
2059 mask >>= 1;
2060 continue;
2061 }
2062 *val += ((uint64_t)(avail & (mask -1))) << (8 * i);
2063 break;
2064 }
2065 return (0);
2066 }
2067
2068 static int
read_Bools(struct archive_read * a,unsigned char * data,size_t num)2069 read_Bools(struct archive_read *a, unsigned char *data, size_t num)
2070 {
2071 const unsigned char *p;
2072 unsigned i, mask = 0, avail = 0;
2073
2074 for (i = 0; i < num; i++) {
2075 if (mask == 0) {
2076 if ((p = header_bytes(a, 1)) == NULL)
2077 return (-1);
2078 avail = *p;
2079 mask = 0x80;
2080 }
2081 data[i] = (avail & mask)?1:0;
2082 mask >>= 1;
2083 }
2084 return (0);
2085 }
2086
2087 static void
free_Digest(struct _7z_digests * d)2088 free_Digest(struct _7z_digests *d)
2089 {
2090 free(d->defineds);
2091 free(d->digests);
2092 }
2093
2094 static int
read_Digests(struct archive_read * a,struct _7z_digests * d,size_t num)2095 read_Digests(struct archive_read *a, struct _7z_digests *d, size_t num)
2096 {
2097 const unsigned char *p;
2098 unsigned i;
2099
2100 if (num == 0)
2101 return (-1);
2102 memset(d, 0, sizeof(*d));
2103
2104 d->defineds = malloc(num);
2105 if (d->defineds == NULL)
2106 return (-1);
2107 /*
2108 * Read Bools.
2109 */
2110 if ((p = header_bytes(a, 1)) == NULL)
2111 return (-1);
2112 if (*p == 0) {
2113 if (read_Bools(a, d->defineds, num) < 0)
2114 return (-1);
2115 } else
2116 /* All are defined */
2117 memset(d->defineds, 1, num);
2118
2119 d->digests = calloc(num, sizeof(*d->digests));
2120 if (d->digests == NULL)
2121 return (-1);
2122 for (i = 0; i < num; i++) {
2123 if (d->defineds[i]) {
2124 if ((p = header_bytes(a, 4)) == NULL)
2125 return (-1);
2126 d->digests[i] = archive_le32dec(p);
2127 }
2128 }
2129
2130 return (0);
2131 }
2132
2133 static void
free_PackInfo(struct _7z_pack_info * pi)2134 free_PackInfo(struct _7z_pack_info *pi)
2135 {
2136 free(pi->sizes);
2137 free(pi->positions);
2138 free_Digest(&(pi->digest));
2139 }
2140
2141 static int
read_PackInfo(struct archive_read * a,struct _7z_pack_info * pi)2142 read_PackInfo(struct archive_read *a, struct _7z_pack_info *pi)
2143 {
2144 const unsigned char *p;
2145 unsigned i;
2146
2147 memset(pi, 0, sizeof(*pi));
2148
2149 /*
2150 * Read PackPos.
2151 */
2152 if (parse_7zip_uint64(a, &(pi->pos)) < 0)
2153 return (-1);
2154
2155 /*
2156 * Read NumPackStreams.
2157 */
2158 if (parse_7zip_uint64(a, &(pi->numPackStreams)) < 0)
2159 return (-1);
2160 if (pi->numPackStreams == 0)
2161 return (-1);
2162 if (UMAX_ENTRY < pi->numPackStreams)
2163 return (-1);
2164
2165 /*
2166 * Read PackSizes[num]
2167 */
2168 if ((p = header_bytes(a, 1)) == NULL)
2169 return (-1);
2170 if (*p == kEnd)
2171 /* PackSizes[num] are not present. */
2172 return (0);
2173 if (*p != kSize)
2174 return (-1);
2175 pi->sizes = calloc((size_t)pi->numPackStreams, sizeof(uint64_t));
2176 pi->positions = calloc((size_t)pi->numPackStreams, sizeof(uint64_t));
2177 if (pi->sizes == NULL || pi->positions == NULL)
2178 return (-1);
2179
2180 for (i = 0; i < pi->numPackStreams; i++) {
2181 if (parse_7zip_uint64(a, &(pi->sizes[i])) < 0)
2182 return (-1);
2183 }
2184
2185 /*
2186 * Read PackStreamDigests[num]
2187 */
2188 if ((p = header_bytes(a, 1)) == NULL)
2189 return (-1);
2190 if (*p == kEnd) {
2191 /* PackStreamDigests[num] are not present. */
2192 pi->digest.defineds =
2193 calloc((size_t)pi->numPackStreams, sizeof(*pi->digest.defineds));
2194 pi->digest.digests =
2195 calloc((size_t)pi->numPackStreams, sizeof(*pi->digest.digests));
2196 if (pi->digest.defineds == NULL || pi->digest.digests == NULL)
2197 return (-1);
2198 return (0);
2199 }
2200
2201 if (*p != kCRC)
2202 return (-1);
2203
2204 if (read_Digests(a, &(pi->digest), (size_t)pi->numPackStreams) < 0)
2205 return (-1);
2206
2207 /*
2208 * Must be marked by kEnd.
2209 */
2210 if ((p = header_bytes(a, 1)) == NULL)
2211 return (-1);
2212 if (*p != kEnd)
2213 return (-1);
2214 return (0);
2215 }
2216
2217 static void
free_Folder(struct _7z_folder * f)2218 free_Folder(struct _7z_folder *f)
2219 {
2220 unsigned i;
2221
2222 if (f->coders) {
2223 for (i = 0; i< f->numCoders; i++) {
2224 free(f->coders[i].properties);
2225 }
2226 free(f->coders);
2227 }
2228 free(f->bindPairs);
2229 free(f->packedStreams);
2230 free(f->unPackSize);
2231 }
2232
2233 static int
read_Folder(struct archive_read * a,struct _7z_folder * f)2234 read_Folder(struct archive_read *a, struct _7z_folder *f)
2235 {
2236 struct _7zip *zip = (struct _7zip *)a->format->data;
2237 const unsigned char *p;
2238 uint64_t numInStreamsTotal = 0;
2239 uint64_t numOutStreamsTotal = 0;
2240 unsigned i;
2241
2242 memset(f, 0, sizeof(*f));
2243
2244 /*
2245 * Read NumCoders.
2246 */
2247 if (parse_7zip_uint64(a, &(f->numCoders)) < 0)
2248 return (-1);
2249 if (f->numCoders > 4)
2250 /* Too many coders. */
2251 return (-1);
2252
2253 f->coders = calloc((size_t)f->numCoders, sizeof(*f->coders));
2254 if (f->coders == NULL)
2255 return (-1);
2256 for (i = 0; i< f->numCoders; i++) {
2257 size_t codec_size;
2258 int simple, attr;
2259
2260 if ((p = header_bytes(a, 1)) == NULL)
2261 return (-1);
2262 /*
2263 * 0:3 CodecIdSize
2264 * 4: 0 - IsSimple
2265 * 1 - Is not Simple
2266 * 5: 0 - No Attributes
2267 * 1 - There are Attributes;
2268 * 7: Must be zero.
2269 */
2270 codec_size = *p & 0xf;
2271 simple = (*p & 0x10)?0:1;
2272 attr = *p & 0x20;
2273 if (*p & 0x80)
2274 return (-1);/* Not supported. */
2275
2276 /*
2277 * Read Decompression Method IDs.
2278 */
2279 if ((p = header_bytes(a, codec_size)) == NULL)
2280 return (-1);
2281
2282 f->coders[i].codec = decode_codec_id(p, codec_size);
2283
2284 if (simple) {
2285 f->coders[i].numInStreams = 1;
2286 f->coders[i].numOutStreams = 1;
2287 } else {
2288 if (parse_7zip_uint64(
2289 a, &(f->coders[i].numInStreams)) < 0)
2290 return (-1);
2291 if (UMAX_ENTRY < f->coders[i].numInStreams)
2292 return (-1);
2293 if (parse_7zip_uint64(
2294 a, &(f->coders[i].numOutStreams)) < 0)
2295 return (-1);
2296 if (UMAX_ENTRY < f->coders[i].numOutStreams)
2297 return (-1);
2298 }
2299
2300 if (attr) {
2301 if (parse_7zip_uint64(
2302 a, &(f->coders[i].propertiesSize)) < 0)
2303 return (-1);
2304 if (UMAX_ENTRY < f->coders[i].propertiesSize)
2305 return (-1);
2306 if ((p = header_bytes(
2307 a, (size_t)f->coders[i].propertiesSize)) == NULL)
2308 return (-1);
2309 f->coders[i].properties =
2310 malloc((size_t)f->coders[i].propertiesSize);
2311 if (f->coders[i].properties == NULL)
2312 return (-1);
2313 memcpy(f->coders[i].properties, p,
2314 (size_t)f->coders[i].propertiesSize);
2315 }
2316
2317 numInStreamsTotal += f->coders[i].numInStreams;
2318 numOutStreamsTotal += f->coders[i].numOutStreams;
2319 }
2320
2321 if (numOutStreamsTotal == 0 ||
2322 numInStreamsTotal < numOutStreamsTotal-1)
2323 return (-1);
2324
2325 f->numBindPairs = numOutStreamsTotal - 1;
2326 if (zip->header_bytes_remaining < f->numBindPairs)
2327 return (-1);
2328 if (f->numBindPairs > 0) {
2329 f->bindPairs =
2330 calloc((size_t)f->numBindPairs, sizeof(*f->bindPairs));
2331 if (f->bindPairs == NULL)
2332 return (-1);
2333 } else
2334 f->bindPairs = NULL;
2335 for (i = 0; i < f->numBindPairs; i++) {
2336 if (parse_7zip_uint64(a, &(f->bindPairs[i].inIndex)) < 0)
2337 return (-1);
2338 if (UMAX_ENTRY < f->bindPairs[i].inIndex)
2339 return (-1);
2340 if (parse_7zip_uint64(a, &(f->bindPairs[i].outIndex)) < 0)
2341 return (-1);
2342 if (UMAX_ENTRY < f->bindPairs[i].outIndex)
2343 return (-1);
2344 }
2345
2346 f->numPackedStreams = numInStreamsTotal - f->numBindPairs;
2347 f->packedStreams =
2348 calloc((size_t)f->numPackedStreams, sizeof(*f->packedStreams));
2349 if (f->packedStreams == NULL)
2350 return (-1);
2351 if (f->numPackedStreams == 1) {
2352 for (i = 0; i < numInStreamsTotal; i++) {
2353 unsigned j;
2354 for (j = 0; j < f->numBindPairs; j++) {
2355 if (f->bindPairs[j].inIndex == i)
2356 break;
2357 }
2358 if (j == f->numBindPairs)
2359 break;
2360 }
2361 if (i == numInStreamsTotal)
2362 return (-1);
2363 f->packedStreams[0] = i;
2364 } else {
2365 for (i = 0; i < f->numPackedStreams; i++) {
2366 if (parse_7zip_uint64(a, &(f->packedStreams[i])) < 0)
2367 return (-1);
2368 if (UMAX_ENTRY < f->packedStreams[i])
2369 return (-1);
2370 }
2371 }
2372 f->numInStreams = numInStreamsTotal;
2373 f->numOutStreams = numOutStreamsTotal;
2374
2375 return (0);
2376 }
2377
2378 static void
free_CodersInfo(struct _7z_coders_info * ci)2379 free_CodersInfo(struct _7z_coders_info *ci)
2380 {
2381 unsigned i;
2382
2383 if (ci->folders) {
2384 for (i = 0; i < ci->numFolders; i++)
2385 free_Folder(&(ci->folders[i]));
2386 free(ci->folders);
2387 }
2388 }
2389
2390 static int
read_CodersInfo(struct archive_read * a,struct _7z_coders_info * ci)2391 read_CodersInfo(struct archive_read *a, struct _7z_coders_info *ci)
2392 {
2393 const unsigned char *p;
2394 struct _7z_digests digest;
2395 unsigned i;
2396
2397 memset(ci, 0, sizeof(*ci));
2398 memset(&digest, 0, sizeof(digest));
2399
2400 if ((p = header_bytes(a, 1)) == NULL)
2401 goto failed;
2402 if (*p != kFolder)
2403 goto failed;
2404
2405 /*
2406 * Read NumFolders.
2407 */
2408 if (parse_7zip_uint64(a, &(ci->numFolders)) < 0)
2409 goto failed;
2410 if (UMAX_ENTRY < ci->numFolders)
2411 return (-1);
2412
2413 /*
2414 * Read External.
2415 */
2416 if ((p = header_bytes(a, 1)) == NULL)
2417 goto failed;
2418 switch (*p) {
2419 case 0:
2420 ci->folders =
2421 calloc((size_t)ci->numFolders, sizeof(*ci->folders));
2422 if (ci->folders == NULL)
2423 return (-1);
2424 for (i = 0; i < ci->numFolders; i++) {
2425 if (read_Folder(a, &(ci->folders[i])) < 0)
2426 goto failed;
2427 }
2428 break;
2429 case 1:
2430 if (parse_7zip_uint64(a, &(ci->dataStreamIndex)) < 0)
2431 return (-1);
2432 if (UMAX_ENTRY < ci->dataStreamIndex)
2433 return (-1);
2434 if (ci->numFolders > 0) {
2435 archive_set_error(&a->archive, -1,
2436 "Malformed 7-Zip archive");
2437 goto failed;
2438 }
2439 break;
2440 default:
2441 archive_set_error(&a->archive, -1,
2442 "Malformed 7-Zip archive");
2443 goto failed;
2444 }
2445
2446 if ((p = header_bytes(a, 1)) == NULL)
2447 goto failed;
2448 if (*p != kCodersUnPackSize)
2449 goto failed;
2450
2451 for (i = 0; i < ci->numFolders; i++) {
2452 struct _7z_folder *folder = &(ci->folders[i]);
2453 unsigned j;
2454
2455 folder->unPackSize =
2456 calloc((size_t)folder->numOutStreams, sizeof(*folder->unPackSize));
2457 if (folder->unPackSize == NULL)
2458 goto failed;
2459 for (j = 0; j < folder->numOutStreams; j++) {
2460 if (parse_7zip_uint64(a, &(folder->unPackSize[j])) < 0)
2461 goto failed;
2462 }
2463 }
2464
2465 /*
2466 * Read CRCs.
2467 */
2468 if ((p = header_bytes(a, 1)) == NULL)
2469 goto failed;
2470 if (*p == kEnd)
2471 return (0);
2472 if (*p != kCRC)
2473 goto failed;
2474 if (read_Digests(a, &digest, (size_t)ci->numFolders) < 0)
2475 goto failed;
2476 for (i = 0; i < ci->numFolders; i++) {
2477 ci->folders[i].digest_defined = digest.defineds[i];
2478 ci->folders[i].digest = digest.digests[i];
2479 }
2480
2481 /*
2482 * Must be kEnd.
2483 */
2484 if ((p = header_bytes(a, 1)) == NULL)
2485 goto failed;
2486 if (*p != kEnd)
2487 goto failed;
2488 free_Digest(&digest);
2489 return (0);
2490 failed:
2491 free_Digest(&digest);
2492 return (-1);
2493 }
2494
2495 static uint64_t
folder_uncompressed_size(struct _7z_folder * f)2496 folder_uncompressed_size(struct _7z_folder *f)
2497 {
2498 int n = (int)f->numOutStreams;
2499 unsigned pairs = (unsigned)f->numBindPairs;
2500
2501 while (--n >= 0) {
2502 unsigned i;
2503 for (i = 0; i < pairs; i++) {
2504 if (f->bindPairs[i].outIndex == (uint64_t)n)
2505 break;
2506 }
2507 if (i >= pairs)
2508 return (f->unPackSize[n]);
2509 }
2510 return (0);
2511 }
2512
2513 static void
free_SubStreamsInfo(struct _7z_substream_info * ss)2514 free_SubStreamsInfo(struct _7z_substream_info *ss)
2515 {
2516 free(ss->unpackSizes);
2517 free(ss->digestsDefined);
2518 free(ss->digests);
2519 }
2520
2521 static int
read_SubStreamsInfo(struct archive_read * a,struct _7z_substream_info * ss,struct _7z_folder * f,size_t numFolders)2522 read_SubStreamsInfo(struct archive_read *a, struct _7z_substream_info *ss,
2523 struct _7z_folder *f, size_t numFolders)
2524 {
2525 const unsigned char *p;
2526 uint64_t *usizes;
2527 size_t unpack_streams;
2528 int type;
2529 unsigned i;
2530 uint32_t numDigests;
2531
2532 memset(ss, 0, sizeof(*ss));
2533
2534 for (i = 0; i < numFolders; i++)
2535 f[i].numUnpackStreams = 1;
2536
2537 if ((p = header_bytes(a, 1)) == NULL)
2538 return (-1);
2539 type = *p;
2540
2541 if (type == kNumUnPackStream) {
2542 unpack_streams = 0;
2543 for (i = 0; i < numFolders; i++) {
2544 if (parse_7zip_uint64(a, &(f[i].numUnpackStreams)) < 0)
2545 return (-1);
2546 if (UMAX_ENTRY < f[i].numUnpackStreams)
2547 return (-1);
2548 if (unpack_streams > SIZE_MAX - UMAX_ENTRY) {
2549 return (-1);
2550 }
2551 unpack_streams += (size_t)f[i].numUnpackStreams;
2552 }
2553 if ((p = header_bytes(a, 1)) == NULL)
2554 return (-1);
2555 type = *p;
2556 } else
2557 unpack_streams = numFolders;
2558
2559 ss->unpack_streams = unpack_streams;
2560 if (unpack_streams) {
2561 ss->unpackSizes = calloc(unpack_streams,
2562 sizeof(*ss->unpackSizes));
2563 ss->digestsDefined = calloc(unpack_streams,
2564 sizeof(*ss->digestsDefined));
2565 ss->digests = calloc(unpack_streams,
2566 sizeof(*ss->digests));
2567 if (ss->unpackSizes == NULL || ss->digestsDefined == NULL ||
2568 ss->digests == NULL)
2569 return (-1);
2570 }
2571
2572 usizes = ss->unpackSizes;
2573 for (i = 0; i < numFolders; i++) {
2574 unsigned pack;
2575 uint64_t size, sum;
2576
2577 if (f[i].numUnpackStreams == 0)
2578 continue;
2579
2580 sum = 0;
2581 if (type == kSize) {
2582 for (pack = 1; pack < f[i].numUnpackStreams; pack++) {
2583 if (parse_7zip_uint64(a, usizes) < 0)
2584 return (-1);
2585 if (*usizes > UINT64_MAX - sum)
2586 return (-1);
2587 sum += *usizes++;
2588 }
2589 }
2590 size = folder_uncompressed_size(&f[i]);
2591 if (size < sum)
2592 return (-1);
2593 *usizes++ = size - sum;
2594 }
2595
2596 if (type == kSize) {
2597 if ((p = header_bytes(a, 1)) == NULL)
2598 return (-1);
2599 type = *p;
2600 }
2601
2602 for (i = 0; i < unpack_streams; i++) {
2603 ss->digestsDefined[i] = 0;
2604 ss->digests[i] = 0;
2605 }
2606
2607 numDigests = 0;
2608 for (i = 0; i < numFolders; i++) {
2609 if (f[i].numUnpackStreams != 1 || !f[i].digest_defined)
2610 numDigests += (uint32_t)f[i].numUnpackStreams;
2611 }
2612
2613 if (type == kCRC) {
2614 struct _7z_digests tmpDigests;
2615 unsigned char *digestsDefined = ss->digestsDefined;
2616 uint32_t * digests = ss->digests;
2617 int di = 0;
2618
2619 memset(&tmpDigests, 0, sizeof(tmpDigests));
2620 if (read_Digests(a, &(tmpDigests), numDigests) < 0) {
2621 free_Digest(&tmpDigests);
2622 return (-1);
2623 }
2624 for (i = 0; i < numFolders; i++) {
2625 if (f[i].numUnpackStreams == 1 && f[i].digest_defined) {
2626 *digestsDefined++ = 1;
2627 *digests++ = f[i].digest;
2628 } else {
2629 unsigned j;
2630
2631 for (j = 0; j < f[i].numUnpackStreams;
2632 j++, di++) {
2633 *digestsDefined++ =
2634 tmpDigests.defineds[di];
2635 *digests++ =
2636 tmpDigests.digests[di];
2637 }
2638 }
2639 }
2640 free_Digest(&tmpDigests);
2641 if ((p = header_bytes(a, 1)) == NULL)
2642 return (-1);
2643 type = *p;
2644 }
2645
2646 /*
2647 * Must be kEnd.
2648 */
2649 if (type != kEnd)
2650 return (-1);
2651 return (0);
2652 }
2653
2654 static void
free_StreamsInfo(struct _7z_stream_info * si)2655 free_StreamsInfo(struct _7z_stream_info *si)
2656 {
2657 free_PackInfo(&(si->pi));
2658 free_CodersInfo(&(si->ci));
2659 free_SubStreamsInfo(&(si->ss));
2660 }
2661
2662 static int
read_StreamsInfo(struct archive_read * a,struct _7z_stream_info * si)2663 read_StreamsInfo(struct archive_read *a, struct _7z_stream_info *si)
2664 {
2665 struct _7zip *zip = (struct _7zip *)a->format->data;
2666 const unsigned char *p;
2667 unsigned i;
2668
2669 memset(si, 0, sizeof(*si));
2670
2671 if ((p = header_bytes(a, 1)) == NULL)
2672 return (-1);
2673 if (*p == kPackInfo) {
2674 uint64_t packPos;
2675
2676 if (read_PackInfo(a, &(si->pi)) < 0)
2677 return (-1);
2678
2679 if (si->pi.positions == NULL || si->pi.sizes == NULL)
2680 return (-1);
2681 /*
2682 * Calculate packed stream positions.
2683 */
2684 packPos = si->pi.pos;
2685 for (i = 0; i < si->pi.numPackStreams; i++) {
2686 si->pi.positions[i] = packPos;
2687 if (packPos > UINT64_MAX - si->pi.sizes[i])
2688 return (-1);
2689 packPos += si->pi.sizes[i];
2690 if (packPos > zip->header_offset)
2691 return (-1);
2692 }
2693 if ((p = header_bytes(a, 1)) == NULL)
2694 return (-1);
2695 }
2696 if (*p == kUnPackInfo) {
2697 uint32_t packIndex;
2698 struct _7z_folder *f;
2699
2700 if (read_CodersInfo(a, &(si->ci)) < 0)
2701 return (-1);
2702
2703 /*
2704 * Calculate packed stream indexes.
2705 */
2706 packIndex = 0;
2707 f = si->ci.folders;
2708 for (i = 0; i < si->ci.numFolders; i++) {
2709 f[i].packIndex = packIndex;
2710 if (f[i].numPackedStreams > UINT32_MAX)
2711 return (-1);
2712 if (packIndex > UINT32_MAX - (uint32_t)f[i].numPackedStreams)
2713 return (-1);
2714 packIndex += (uint32_t)f[i].numPackedStreams;
2715 if (packIndex > si->pi.numPackStreams)
2716 return (-1);
2717 }
2718 if ((p = header_bytes(a, 1)) == NULL)
2719 return (-1);
2720 }
2721
2722 if (*p == kSubStreamsInfo) {
2723 if (read_SubStreamsInfo(a, &(si->ss),
2724 si->ci.folders, (size_t)si->ci.numFolders) < 0)
2725 return (-1);
2726 if ((p = header_bytes(a, 1)) == NULL)
2727 return (-1);
2728 }
2729
2730 /*
2731 * Must be kEnd.
2732 */
2733 if (*p != kEnd)
2734 return (-1);
2735 return (0);
2736 }
2737
2738 static void
free_Header(struct _7z_header_info * h)2739 free_Header(struct _7z_header_info *h)
2740 {
2741 free(h->emptyStreamBools);
2742 free(h->emptyFileBools);
2743 free(h->antiBools);
2744 free(h->attrBools);
2745 }
2746
2747 static int
read_Header(struct archive_read * a,struct _7z_header_info * h,int check_header_id)2748 read_Header(struct archive_read *a, struct _7z_header_info *h,
2749 int check_header_id)
2750 {
2751 struct _7zip *zip = (struct _7zip *)a->format->data;
2752 const unsigned char *p;
2753 struct _7z_folder *folders;
2754 struct _7z_stream_info *si = &(zip->si);
2755 struct _7zip_entry *entries;
2756 uint32_t folderIndex, indexInFolder;
2757 unsigned i;
2758 int eindex, empty_streams, sindex;
2759
2760 if (check_header_id) {
2761 /*
2762 * Read Header.
2763 */
2764 if ((p = header_bytes(a, 1)) == NULL)
2765 return (-1);
2766 if (*p != kHeader)
2767 return (-1);
2768 }
2769
2770 /*
2771 * Read ArchiveProperties.
2772 */
2773 if ((p = header_bytes(a, 1)) == NULL)
2774 return (-1);
2775 if (*p == kArchiveProperties) {
2776 for (;;) {
2777 uint64_t size;
2778 if ((p = header_bytes(a, 1)) == NULL)
2779 return (-1);
2780 if (*p == 0)
2781 break;
2782 if (parse_7zip_uint64(a, &size) < 0)
2783 return (-1);
2784 }
2785 if ((p = header_bytes(a, 1)) == NULL)
2786 return (-1);
2787 }
2788
2789 /*
2790 * Read MainStreamsInfo.
2791 */
2792 if (*p == kMainStreamsInfo) {
2793 if (read_StreamsInfo(a, &(zip->si)) < 0)
2794 return (-1);
2795 if ((p = header_bytes(a, 1)) == NULL)
2796 return (-1);
2797 }
2798 if (*p == kEnd)
2799 return (0);
2800
2801 /*
2802 * Read FilesInfo.
2803 */
2804 if (*p != kFilesInfo)
2805 return (-1);
2806
2807 if (parse_7zip_uint64(a, &(zip->numFiles)) < 0)
2808 return (-1);
2809 if (UMAX_ENTRY < zip->numFiles)
2810 return (-1);
2811
2812 zip->entries = calloc((size_t)zip->numFiles, sizeof(*zip->entries));
2813 if (zip->entries == NULL)
2814 return (-1);
2815 entries = zip->entries;
2816
2817 empty_streams = 0;
2818 for (;;) {
2819 int type;
2820 uint64_t size;
2821 size_t ll;
2822
2823 if ((p = header_bytes(a, 1)) == NULL)
2824 return (-1);
2825 type = *p;
2826 if (type == kEnd)
2827 break;
2828
2829 if (parse_7zip_uint64(a, &size) < 0)
2830 return (-1);
2831 if (zip->header_bytes_remaining < size)
2832 return (-1);
2833 ll = (size_t)size;
2834
2835 switch (type) {
2836 case kEmptyStream:
2837 if (h->emptyStreamBools != NULL)
2838 return (-1);
2839 h->emptyStreamBools = calloc((size_t)zip->numFiles,
2840 sizeof(*h->emptyStreamBools));
2841 if (h->emptyStreamBools == NULL)
2842 return (-1);
2843 if (read_Bools(
2844 a, h->emptyStreamBools, (size_t)zip->numFiles) < 0)
2845 return (-1);
2846 empty_streams = 0;
2847 for (i = 0; i < zip->numFiles; i++) {
2848 if (h->emptyStreamBools[i])
2849 empty_streams++;
2850 }
2851 break;
2852 case kEmptyFile:
2853 if (empty_streams <= 0) {
2854 /* Unexcepted sequence. Skip this. */
2855 if (header_bytes(a, ll) == NULL)
2856 return (-1);
2857 break;
2858 }
2859 if (h->emptyFileBools != NULL)
2860 return (-1);
2861 h->emptyFileBools = calloc(empty_streams,
2862 sizeof(*h->emptyFileBools));
2863 if (h->emptyFileBools == NULL)
2864 return (-1);
2865 if (read_Bools(a, h->emptyFileBools, empty_streams) < 0)
2866 return (-1);
2867 break;
2868 case kAnti:
2869 if (empty_streams <= 0) {
2870 /* Unexcepted sequence. Skip this. */
2871 if (header_bytes(a, ll) == NULL)
2872 return (-1);
2873 break;
2874 }
2875 if (h->antiBools != NULL)
2876 return (-1);
2877 h->antiBools = calloc(empty_streams,
2878 sizeof(*h->antiBools));
2879 if (h->antiBools == NULL)
2880 return (-1);
2881 if (read_Bools(a, h->antiBools, empty_streams) < 0)
2882 return (-1);
2883 break;
2884 case kCTime:
2885 case kATime:
2886 case kMTime:
2887 if (read_Times(a, h, type) < 0)
2888 return (-1);
2889 break;
2890 case kName:
2891 {
2892 unsigned char *np;
2893 size_t nl, nb;
2894
2895 /* Skip one byte. */
2896 if ((p = header_bytes(a, 1)) == NULL)
2897 return (-1);
2898 ll--;
2899
2900 if ((ll & 1) || ll < zip->numFiles * 4)
2901 return (-1);
2902
2903 if (zip->entry_names != NULL)
2904 return (-1);
2905 zip->entry_names = malloc(ll);
2906 if (zip->entry_names == NULL)
2907 return (-1);
2908 np = zip->entry_names;
2909 nb = ll;
2910 /*
2911 * Copy whole file names.
2912 * NOTE: This loop prevents from expanding
2913 * the uncompressed buffer in order not to
2914 * use extra memory resource.
2915 */
2916 while (nb) {
2917 size_t b;
2918 if (nb > UBUFF_SIZE)
2919 b = UBUFF_SIZE;
2920 else
2921 b = nb;
2922 if ((p = header_bytes(a, b)) == NULL)
2923 return (-1);
2924 memcpy(np, p, b);
2925 np += b;
2926 nb -= b;
2927 }
2928 np = zip->entry_names;
2929 nl = ll;
2930
2931 for (i = 0; i < zip->numFiles; i++) {
2932 entries[i].utf16name = np;
2933 #if defined(_WIN32) && !defined(__CYGWIN__) && defined(_DEBUG)
2934 entries[i].wname = (wchar_t *)np;
2935 #endif
2936
2937 /* Find a terminator. */
2938 while (nl >= 2 && (np[0] || np[1])) {
2939 np += 2;
2940 nl -= 2;
2941 }
2942 if (nl < 2)
2943 return (-1);/* Terminator not found */
2944 entries[i].name_len = np - entries[i].utf16name;
2945 np += 2;
2946 nl -= 2;
2947 }
2948 break;
2949 }
2950 case kAttributes:
2951 {
2952 int allAreDefined;
2953
2954 if ((p = header_bytes(a, 2)) == NULL)
2955 return (-1);
2956 allAreDefined = *p;
2957 if (h->attrBools != NULL)
2958 return (-1);
2959 h->attrBools = calloc((size_t)zip->numFiles,
2960 sizeof(*h->attrBools));
2961 if (h->attrBools == NULL)
2962 return (-1);
2963 if (allAreDefined)
2964 memset(h->attrBools, 1, (size_t)zip->numFiles);
2965 else {
2966 if (read_Bools(a, h->attrBools,
2967 (size_t)zip->numFiles) < 0)
2968 return (-1);
2969 }
2970 for (i = 0; i < zip->numFiles; i++) {
2971 if (h->attrBools[i]) {
2972 if ((p = header_bytes(a, 4)) == NULL)
2973 return (-1);
2974 entries[i].attr = archive_le32dec(p);
2975 }
2976 }
2977 break;
2978 }
2979 case kDummy:
2980 if (ll == 0)
2981 break;
2982 __LA_FALLTHROUGH;
2983 default:
2984 if (header_bytes(a, ll) == NULL)
2985 return (-1);
2986 break;
2987 }
2988 }
2989
2990 /*
2991 * Set up entry's attributes.
2992 */
2993 folders = si->ci.folders;
2994 eindex = sindex = 0;
2995 folderIndex = indexInFolder = 0;
2996 for (i = 0; i < zip->numFiles; i++) {
2997 if (h->emptyStreamBools == NULL || h->emptyStreamBools[i] == 0)
2998 entries[i].flg |= HAS_STREAM;
2999 /* The high 16 bits of attributes is a posix file mode. */
3000 entries[i].mode = entries[i].attr >> 16;
3001
3002 if (!(entries[i].attr & FILE_ATTRIBUTE_UNIX_EXTENSION)) {
3003 // Only windows permissions specified for this entry. Translate to
3004 // reasonable corresponding unix permissions.
3005
3006 if (entries[i].attr & FILE_ATTRIBUTE_DIRECTORY) {
3007 if (entries[i].attr & FILE_ATTRIBUTE_READONLY) {
3008 // Read-only directory.
3009 entries[i].mode = AE_IFDIR | 0555;
3010 } else {
3011 // Read-write directory.
3012 entries[i].mode = AE_IFDIR | 0755;
3013 }
3014 } else if (entries[i].attr & FILE_ATTRIBUTE_READONLY) {
3015 // Readonly file.
3016 entries[i].mode = AE_IFREG | 0444;
3017 } else {
3018 // Assume read-write file.
3019 entries[i].mode = AE_IFREG | 0644;
3020 }
3021 }
3022
3023 if (entries[i].flg & HAS_STREAM) {
3024 if ((size_t)sindex >= si->ss.unpack_streams)
3025 return (-1);
3026 if (entries[i].mode == 0)
3027 entries[i].mode = AE_IFREG | 0666;
3028 if (si->ss.digestsDefined[sindex])
3029 entries[i].flg |= CRC32_IS_SET;
3030 entries[i].ssIndex = sindex;
3031 sindex++;
3032 } else {
3033 int dir;
3034 if (h->emptyFileBools == NULL)
3035 dir = 1;
3036 else {
3037 if (h->emptyFileBools[eindex])
3038 dir = 0;
3039 else
3040 dir = 1;
3041 eindex++;
3042 }
3043 if (entries[i].mode == 0) {
3044 if (dir)
3045 entries[i].mode = AE_IFDIR | 0777;
3046 else
3047 entries[i].mode = AE_IFREG | 0666;
3048 } else if (dir &&
3049 (entries[i].mode & AE_IFMT) != AE_IFDIR) {
3050 entries[i].mode &= ~AE_IFMT;
3051 entries[i].mode |= AE_IFDIR;
3052 }
3053 if ((entries[i].mode & AE_IFMT) == AE_IFDIR &&
3054 entries[i].name_len >= 2 &&
3055 (entries[i].utf16name[entries[i].name_len-2] != '/' ||
3056 entries[i].utf16name[entries[i].name_len-1] != 0)) {
3057 entries[i].utf16name[entries[i].name_len] = '/';
3058 entries[i].utf16name[entries[i].name_len+1] = 0;
3059 entries[i].name_len += 2;
3060 }
3061 entries[i].ssIndex = -1;
3062 }
3063 if (entries[i].attr & FILE_ATTRIBUTE_READONLY)
3064 entries[i].mode &= ~0222;/* Read only. */
3065
3066 if ((entries[i].flg & HAS_STREAM) == 0 && indexInFolder == 0) {
3067 /*
3068 * The entry is an empty file or a directory file,
3069 * those both have no contents.
3070 */
3071 entries[i].folderIndex = -1;
3072 continue;
3073 }
3074 if (indexInFolder == 0) {
3075 for (;;) {
3076 if (folderIndex >= si->ci.numFolders)
3077 return (-1);
3078 if (folders[folderIndex].numUnpackStreams)
3079 break;
3080 folderIndex++;
3081 }
3082 }
3083 entries[i].folderIndex = folderIndex;
3084 if ((entries[i].flg & HAS_STREAM) == 0)
3085 continue;
3086 indexInFolder++;
3087 if (indexInFolder >= folders[folderIndex].numUnpackStreams) {
3088 folderIndex++;
3089 indexInFolder = 0;
3090 }
3091 }
3092
3093 return (0);
3094 }
3095
3096 static int
read_Times(struct archive_read * a,struct _7z_header_info * h,int type)3097 read_Times(struct archive_read *a, struct _7z_header_info *h, int type)
3098 {
3099 struct _7zip *zip = (struct _7zip *)a->format->data;
3100 const unsigned char *p;
3101 struct _7zip_entry *entries = zip->entries;
3102 unsigned char *timeBools;
3103 int allAreDefined;
3104 unsigned i;
3105
3106 timeBools = calloc((size_t)zip->numFiles, sizeof(*timeBools));
3107 if (timeBools == NULL)
3108 return (-1);
3109
3110 /* Read allAreDefined. */
3111 if ((p = header_bytes(a, 1)) == NULL)
3112 goto failed;
3113 allAreDefined = *p;
3114 if (allAreDefined)
3115 memset(timeBools, 1, (size_t)zip->numFiles);
3116 else {
3117 if (read_Bools(a, timeBools, (size_t)zip->numFiles) < 0)
3118 goto failed;
3119 }
3120
3121 /* Read external. */
3122 if ((p = header_bytes(a, 1)) == NULL)
3123 goto failed;
3124 if (*p) {
3125 if (parse_7zip_uint64(a, &(h->dataIndex)) < 0)
3126 goto failed;
3127 if (UMAX_ENTRY < h->dataIndex)
3128 goto failed;
3129 }
3130
3131 for (i = 0; i < zip->numFiles; i++) {
3132 if (!timeBools[i])
3133 continue;
3134 if ((p = header_bytes(a, 8)) == NULL)
3135 goto failed;
3136 switch (type) {
3137 case kCTime:
3138 ntfs_to_unix(archive_le64dec(p),
3139 &(entries[i].ctime),
3140 &(entries[i].ctime_ns));
3141 entries[i].flg |= CTIME_IS_SET;
3142 break;
3143 case kATime:
3144 ntfs_to_unix(archive_le64dec(p),
3145 &(entries[i].atime),
3146 &(entries[i].atime_ns));
3147 entries[i].flg |= ATIME_IS_SET;
3148 break;
3149 case kMTime:
3150 ntfs_to_unix(archive_le64dec(p),
3151 &(entries[i].mtime),
3152 &(entries[i].mtime_ns));
3153 entries[i].flg |= MTIME_IS_SET;
3154 break;
3155 }
3156 }
3157
3158 free(timeBools);
3159 return (0);
3160 failed:
3161 free(timeBools);
3162 return (-1);
3163 }
3164
3165 static int
decode_encoded_header_info(struct archive_read * a,struct _7z_stream_info * si)3166 decode_encoded_header_info(struct archive_read *a, struct _7z_stream_info *si)
3167 {
3168 struct _7zip *zip = (struct _7zip *)a->format->data;
3169
3170 errno = 0;
3171 if (read_StreamsInfo(a, si) < 0) {
3172 if (errno == ENOMEM)
3173 archive_set_error(&a->archive, -1,
3174 "Couldn't allocate memory");
3175 else
3176 archive_set_error(&a->archive, -1,
3177 "Malformed 7-Zip archive");
3178 return (ARCHIVE_FATAL);
3179 }
3180
3181 if (si->pi.numPackStreams == 0 || si->ci.numFolders == 0) {
3182 archive_set_error(&a->archive, -1, "Malformed 7-Zip archive");
3183 return (ARCHIVE_FATAL);
3184 }
3185
3186 if (zip->header_offset < si->pi.pos + si->pi.sizes[0] ||
3187 (int64_t)(si->pi.pos + si->pi.sizes[0]) < 0 ||
3188 si->pi.sizes[0] == 0 || (int64_t)si->pi.pos < 0) {
3189 archive_set_error(&a->archive, -1, "Malformed Header offset");
3190 return (ARCHIVE_FATAL);
3191 }
3192
3193 return (ARCHIVE_OK);
3194 }
3195
3196 static const unsigned char *
header_bytes(struct archive_read * a,size_t rbytes)3197 header_bytes(struct archive_read *a, size_t rbytes)
3198 {
3199 struct _7zip *zip = (struct _7zip *)a->format->data;
3200 const unsigned char *p;
3201
3202 if (zip->header_bytes_remaining < rbytes)
3203 return (NULL);
3204 if (zip->pack_stream_bytes_unconsumed)
3205 read_consume(a);
3206
3207 if (zip->header_is_encoded == 0) {
3208 p = __archive_read_ahead(a, rbytes, NULL);
3209 if (p == NULL)
3210 return (NULL);
3211 zip->header_bytes_remaining -= rbytes;
3212 zip->pack_stream_bytes_unconsumed = rbytes;
3213 } else {
3214 const void *buff;
3215 ssize_t bytes;
3216
3217 bytes = read_stream(a, &buff, rbytes, rbytes);
3218 if (bytes <= 0)
3219 return (NULL);
3220 zip->header_bytes_remaining -= bytes;
3221 p = buff;
3222 }
3223
3224 /* Update checksum */
3225 zip->header_crc32 = crc32(zip->header_crc32, p, (unsigned)rbytes);
3226 return (p);
3227 }
3228
3229 static int
slurp_central_directory(struct archive_read * a,struct _7zip * zip,struct _7z_header_info * header)3230 slurp_central_directory(struct archive_read *a, struct _7zip *zip,
3231 struct _7z_header_info *header)
3232 {
3233 const unsigned char *p;
3234 uint64_t next_header_offset;
3235 uint64_t next_header_size;
3236 uint32_t next_header_crc;
3237 ssize_t bytes_avail;
3238 int check_header_crc, r;
3239
3240 if ((p = __archive_read_ahead(a, 32, &bytes_avail)) == NULL)
3241 return (ARCHIVE_FATAL);
3242
3243 if ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0) {
3244 /* This is an executable ? Must be self-extracting... */
3245 const ssize_t min_addr = p[0] == 'M' ? find_pe_overlay(a) :
3246 find_elf_data_sec(a);
3247 r = skip_sfx(a, min_addr);
3248 if (r < ARCHIVE_WARN)
3249 return (r);
3250 if ((p = __archive_read_ahead(a, 32, &bytes_avail)) == NULL)
3251 return (ARCHIVE_FATAL);
3252 }
3253 zip->seek_base += 32;
3254
3255 if (memcmp(p, _7ZIP_SIGNATURE, 6) != 0) {
3256 archive_set_error(&a->archive, -1, "Not 7-Zip archive file");
3257 return (ARCHIVE_FATAL);
3258 }
3259
3260 /* CRC check. */
3261 if (crc32(0, (const unsigned char *)p + 12, 20)
3262 != archive_le32dec(p + 8)) {
3263 #ifndef DONT_FAIL_ON_CRC_ERROR
3264 archive_set_error(&a->archive, -1, "Header CRC error");
3265 return (ARCHIVE_FATAL);
3266 #endif
3267 }
3268
3269 next_header_offset = archive_le64dec(p + 12);
3270 next_header_size = archive_le64dec(p + 20);
3271 next_header_crc = archive_le32dec(p + 28);
3272
3273 if (next_header_size == 0)
3274 /* There is no entry in an archive file. */
3275 return (ARCHIVE_EOF);
3276
3277 if (((int64_t)next_header_offset) < 0) {
3278 archive_set_error(&a->archive, -1, "Malformed 7-Zip archive");
3279 return (ARCHIVE_FATAL);
3280 }
3281 __archive_read_consume(a, 32);
3282 if (next_header_offset != 0) {
3283 if (bytes_avail >= (ssize_t)next_header_offset)
3284 __archive_read_consume(a, next_header_offset);
3285 else if (__archive_read_seek(a,
3286 next_header_offset + zip->seek_base, SEEK_SET) < 0)
3287 return (ARCHIVE_FATAL);
3288 }
3289 zip->stream_offset = next_header_offset;
3290 zip->header_offset = next_header_offset;
3291 zip->header_bytes_remaining = next_header_size;
3292 zip->header_crc32 = 0;
3293 zip->header_is_encoded = 0;
3294 zip->header_is_being_read = 1;
3295 zip->has_encrypted_entries = 0;
3296 check_header_crc = 1;
3297
3298 if ((p = header_bytes(a, 1)) == NULL) {
3299 archive_set_error(&a->archive,
3300 ARCHIVE_ERRNO_FILE_FORMAT,
3301 "Truncated 7-Zip file body");
3302 return (ARCHIVE_FATAL);
3303 }
3304 /* Parse ArchiveProperties. */
3305 switch (p[0]) {
3306 case kEncodedHeader:
3307 /*
3308 * The archive has an encoded header and we have to decode it
3309 * in order to parse the header correctly.
3310 */
3311 r = decode_encoded_header_info(a, &(zip->si));
3312
3313 /* Check the EncodedHeader CRC.*/
3314 if (r == 0 && zip->header_crc32 != next_header_crc) {
3315 #ifndef DONT_FAIL_ON_CRC_ERROR
3316 archive_set_error(&a->archive, -1,
3317 "Damaged 7-Zip archive");
3318 r = -1;
3319 #endif
3320 }
3321 if (r == 0) {
3322 if (zip->si.ci.folders[0].digest_defined)
3323 next_header_crc = zip->si.ci.folders[0].digest;
3324 else
3325 check_header_crc = 0;
3326 if (zip->pack_stream_bytes_unconsumed)
3327 read_consume(a);
3328 r = setup_decode_folder(a, zip->si.ci.folders, 1);
3329 if (r == 0) {
3330 zip->header_bytes_remaining =
3331 zip->folder_outbytes_remaining;
3332 r = seek_pack(a);
3333 }
3334 }
3335 /* Clean up StreamsInfo. */
3336 free_StreamsInfo(&(zip->si));
3337 memset(&(zip->si), 0, sizeof(zip->si));
3338 if (r < 0)
3339 return (ARCHIVE_FATAL);
3340 zip->header_is_encoded = 1;
3341 zip->header_crc32 = 0;
3342 /* FALL THROUGH */
3343 case kHeader:
3344 /*
3345 * Parse the header.
3346 */
3347 errno = 0;
3348 r = read_Header(a, header, zip->header_is_encoded);
3349 if (r < 0) {
3350 if (errno == ENOMEM)
3351 archive_set_error(&a->archive, -1,
3352 "Couldn't allocate memory");
3353 else
3354 archive_set_error(&a->archive, -1,
3355 "Damaged 7-Zip archive");
3356 return (ARCHIVE_FATAL);
3357 }
3358
3359 /*
3360 * Must be kEnd.
3361 */
3362 if ((p = header_bytes(a, 1)) == NULL ||*p != kEnd) {
3363 archive_set_error(&a->archive, -1,
3364 "Malformed 7-Zip archive");
3365 return (ARCHIVE_FATAL);
3366 }
3367
3368 /* Check the Header CRC.*/
3369 if (check_header_crc && zip->header_crc32 != next_header_crc) {
3370 #ifndef DONT_FAIL_ON_CRC_ERROR
3371 archive_set_error(&a->archive, -1,
3372 "Malformed 7-Zip archive");
3373 return (ARCHIVE_FATAL);
3374 #endif
3375 }
3376 break;
3377 default:
3378 archive_set_error(&a->archive, -1,
3379 "Unexpected Property ID = %X", p[0]);
3380 return (ARCHIVE_FATAL);
3381 }
3382
3383 /* Clean up variables be used for decoding the archive header */
3384 zip->pack_stream_remaining = 0;
3385 zip->pack_stream_index = 0;
3386 zip->folder_outbytes_remaining = 0;
3387 zip->uncompressed_buffer_bytes_remaining = 0;
3388 zip->pack_stream_bytes_unconsumed = 0;
3389 zip->header_is_being_read = 0;
3390
3391 return (ARCHIVE_OK);
3392 }
3393
3394 static ssize_t
get_uncompressed_data(struct archive_read * a,const void ** buff,size_t size,size_t minimum)3395 get_uncompressed_data(struct archive_read *a, const void **buff, size_t size,
3396 size_t minimum)
3397 {
3398 struct _7zip *zip = (struct _7zip *)a->format->data;
3399 ssize_t bytes_avail;
3400
3401 if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
3402 /* Copy mode. */
3403
3404 *buff = __archive_read_ahead(a, minimum, &bytes_avail);
3405 if (*buff == NULL) {
3406 archive_set_error(&a->archive,
3407 ARCHIVE_ERRNO_FILE_FORMAT,
3408 "Truncated 7-Zip file data");
3409 return (ARCHIVE_FATAL);
3410 }
3411 if ((size_t)bytes_avail >
3412 zip->uncompressed_buffer_bytes_remaining)
3413 bytes_avail = (ssize_t)
3414 zip->uncompressed_buffer_bytes_remaining;
3415 if ((size_t)bytes_avail > size)
3416 bytes_avail = (ssize_t)size;
3417
3418 zip->pack_stream_bytes_unconsumed = bytes_avail;
3419 } else if (zip->uncompressed_buffer_pointer == NULL) {
3420 /* Decompression has failed. */
3421 archive_set_error(&(a->archive),
3422 ARCHIVE_ERRNO_MISC, "Damaged 7-Zip archive");
3423 return (ARCHIVE_FATAL);
3424 } else {
3425 /* Packed mode. */
3426 if (minimum > zip->uncompressed_buffer_bytes_remaining) {
3427 /*
3428 * If remaining uncompressed data size is less than
3429 * the minimum size, fill the buffer up to the
3430 * minimum size.
3431 */
3432 if (extract_pack_stream(a, minimum) < 0)
3433 return (ARCHIVE_FATAL);
3434 }
3435 if (size > zip->uncompressed_buffer_bytes_remaining)
3436 bytes_avail = (ssize_t)
3437 zip->uncompressed_buffer_bytes_remaining;
3438 else
3439 bytes_avail = (ssize_t)size;
3440 *buff = zip->uncompressed_buffer_pointer;
3441 zip->uncompressed_buffer_pointer += bytes_avail;
3442 }
3443 zip->uncompressed_buffer_bytes_remaining -= bytes_avail;
3444 return (bytes_avail);
3445 }
3446
3447 static ssize_t
extract_pack_stream(struct archive_read * a,size_t minimum)3448 extract_pack_stream(struct archive_read *a, size_t minimum)
3449 {
3450 struct _7zip *zip = (struct _7zip *)a->format->data;
3451 ssize_t bytes_avail;
3452 int r;
3453
3454 if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
3455 if (minimum == 0)
3456 minimum = 1;
3457 if (__archive_read_ahead(a, minimum, &bytes_avail) == NULL
3458 || bytes_avail <= 0) {
3459 archive_set_error(&a->archive,
3460 ARCHIVE_ERRNO_FILE_FORMAT,
3461 "Truncated 7-Zip file body");
3462 return (ARCHIVE_FATAL);
3463 }
3464 if ((uint64_t)bytes_avail > zip->pack_stream_inbytes_remaining)
3465 bytes_avail = (ssize_t)zip->pack_stream_inbytes_remaining;
3466 zip->pack_stream_inbytes_remaining -= bytes_avail;
3467 if ((uint64_t)bytes_avail > zip->folder_outbytes_remaining)
3468 bytes_avail = (ssize_t)zip->folder_outbytes_remaining;
3469 zip->folder_outbytes_remaining -= bytes_avail;
3470 zip->uncompressed_buffer_bytes_remaining = bytes_avail;
3471 return (ARCHIVE_OK);
3472 }
3473
3474 /* If the buffer hasn't been allocated, allocate it now. */
3475 if (zip->uncompressed_buffer == NULL) {
3476 zip->uncompressed_buffer_size = UBUFF_SIZE;
3477 if (zip->uncompressed_buffer_size < minimum) {
3478 zip->uncompressed_buffer_size = minimum + 1023;
3479 zip->uncompressed_buffer_size &= ~0x3ff;
3480 }
3481 zip->uncompressed_buffer =
3482 malloc(zip->uncompressed_buffer_size);
3483 if (zip->uncompressed_buffer == NULL) {
3484 archive_set_error(&a->archive, ENOMEM,
3485 "No memory for 7-Zip decompression");
3486 return (ARCHIVE_FATAL);
3487 }
3488 zip->uncompressed_buffer_bytes_remaining = 0;
3489 } else if (zip->uncompressed_buffer_size < minimum ||
3490 zip->uncompressed_buffer_bytes_remaining < minimum) {
3491 /*
3492 * Make sure the uncompressed buffer can have bytes
3493 * at least `minimum' bytes.
3494 * NOTE: This case happen when reading the header.
3495 */
3496 size_t used;
3497 if (zip->uncompressed_buffer_pointer != 0)
3498 used = zip->uncompressed_buffer_pointer -
3499 zip->uncompressed_buffer;
3500 else
3501 used = 0;
3502 if (zip->uncompressed_buffer_size < minimum) {
3503 /*
3504 * Expand the uncompressed buffer up to
3505 * the minimum size.
3506 */
3507 void *p;
3508 size_t new_size;
3509
3510 new_size = minimum + 1023;
3511 new_size &= ~0x3ff;
3512 p = realloc(zip->uncompressed_buffer, new_size);
3513 if (p == NULL) {
3514 archive_set_error(&a->archive, ENOMEM,
3515 "No memory for 7-Zip decompression");
3516 return (ARCHIVE_FATAL);
3517 }
3518 zip->uncompressed_buffer = (unsigned char *)p;
3519 zip->uncompressed_buffer_size = new_size;
3520 }
3521 /*
3522 * Move unconsumed bytes to the head.
3523 */
3524 if (used) {
3525 memmove(zip->uncompressed_buffer,
3526 zip->uncompressed_buffer + used,
3527 zip->uncompressed_buffer_bytes_remaining);
3528 }
3529 } else
3530 zip->uncompressed_buffer_bytes_remaining = 0;
3531 zip->uncompressed_buffer_pointer = NULL;
3532 for (;;) {
3533 size_t bytes_in, bytes_out;
3534 const void *buff_in;
3535 unsigned char *buff_out;
3536 int end_of_data;
3537
3538 /*
3539 * Note: '1' here is a performance optimization.
3540 * Recall that the decompression layer returns a count of
3541 * available bytes; asking for more than that forces the
3542 * decompressor to combine reads by copying data.
3543 */
3544 buff_in = __archive_read_ahead(a, 1, &bytes_avail);
3545 if (bytes_avail <= 0) {
3546 archive_set_error(&a->archive,
3547 ARCHIVE_ERRNO_FILE_FORMAT,
3548 "Truncated 7-Zip file body");
3549 return (ARCHIVE_FATAL);
3550 }
3551
3552 buff_out = zip->uncompressed_buffer
3553 + zip->uncompressed_buffer_bytes_remaining;
3554 bytes_out = zip->uncompressed_buffer_size
3555 - zip->uncompressed_buffer_bytes_remaining;
3556 bytes_in = bytes_avail;
3557 if (bytes_in > zip->pack_stream_inbytes_remaining)
3558 bytes_in = (size_t)zip->pack_stream_inbytes_remaining;
3559 /* Drive decompression. */
3560 r = decompress(a, zip, buff_out, &bytes_out,
3561 buff_in, &bytes_in);
3562 switch (r) {
3563 case ARCHIVE_OK:
3564 end_of_data = 0;
3565 break;
3566 case ARCHIVE_EOF:
3567 end_of_data = 1;
3568 break;
3569 default:
3570 return (ARCHIVE_FATAL);
3571 }
3572 zip->pack_stream_inbytes_remaining -= bytes_in;
3573 if (bytes_out > zip->folder_outbytes_remaining)
3574 bytes_out = (size_t)zip->folder_outbytes_remaining;
3575 zip->folder_outbytes_remaining -= bytes_out;
3576 zip->uncompressed_buffer_bytes_remaining += bytes_out;
3577 zip->pack_stream_bytes_unconsumed = bytes_in;
3578
3579 /*
3580 * Continue decompression until uncompressed_buffer is full.
3581 */
3582 if (zip->uncompressed_buffer_bytes_remaining ==
3583 zip->uncompressed_buffer_size)
3584 break;
3585 if (zip->codec2 == _7Z_X86 && zip->odd_bcj_size &&
3586 zip->uncompressed_buffer_bytes_remaining + 5 >
3587 zip->uncompressed_buffer_size)
3588 break;
3589 if (zip->pack_stream_inbytes_remaining == 0 &&
3590 zip->folder_outbytes_remaining == 0)
3591 break;
3592 if (end_of_data || (bytes_in == 0 && bytes_out == 0)) {
3593 archive_set_error(&(a->archive),
3594 ARCHIVE_ERRNO_MISC, "Damaged 7-Zip archive");
3595 return (ARCHIVE_FATAL);
3596 }
3597 read_consume(a);
3598 }
3599 if (zip->uncompressed_buffer_bytes_remaining < minimum) {
3600 archive_set_error(&(a->archive),
3601 ARCHIVE_ERRNO_MISC, "Damaged 7-Zip archive");
3602 return (ARCHIVE_FATAL);
3603 }
3604 zip->uncompressed_buffer_pointer = zip->uncompressed_buffer;
3605 return (ARCHIVE_OK);
3606 }
3607
3608 static int
seek_pack(struct archive_read * a)3609 seek_pack(struct archive_read *a)
3610 {
3611 struct _7zip *zip = (struct _7zip *)a->format->data;
3612 int64_t pack_offset;
3613
3614 if (zip->pack_stream_remaining <= 0) {
3615 archive_set_error(&(a->archive),
3616 ARCHIVE_ERRNO_MISC, "Damaged 7-Zip archive");
3617 return (ARCHIVE_FATAL);
3618 }
3619 zip->pack_stream_inbytes_remaining =
3620 zip->si.pi.sizes[zip->pack_stream_index];
3621 pack_offset = zip->si.pi.positions[zip->pack_stream_index];
3622 if (zip->stream_offset != pack_offset) {
3623 if (0 > __archive_read_seek(a, pack_offset + zip->seek_base,
3624 SEEK_SET))
3625 return (ARCHIVE_FATAL);
3626 zip->stream_offset = pack_offset;
3627 }
3628 zip->pack_stream_index++;
3629 zip->pack_stream_remaining--;
3630 return (ARCHIVE_OK);
3631 }
3632
3633 static ssize_t
read_stream(struct archive_read * a,const void ** buff,size_t size,size_t minimum)3634 read_stream(struct archive_read *a, const void **buff, size_t size,
3635 size_t minimum)
3636 {
3637 struct _7zip *zip = (struct _7zip *)a->format->data;
3638 uint64_t skip_bytes = 0;
3639 ssize_t r;
3640
3641 if (zip->uncompressed_buffer_bytes_remaining == 0) {
3642 if (zip->pack_stream_inbytes_remaining > 0) {
3643 r = extract_pack_stream(a, 0);
3644 if (r < 0)
3645 return (r);
3646 return (get_uncompressed_data(a, buff, size, minimum));
3647 } else if (zip->folder_outbytes_remaining > 0) {
3648 /* Extract a remaining pack stream. */
3649 r = extract_pack_stream(a, 0);
3650 if (r < 0)
3651 return (r);
3652 return (get_uncompressed_data(a, buff, size, minimum));
3653 }
3654 } else
3655 return (get_uncompressed_data(a, buff, size, minimum));
3656
3657 /*
3658 * Current pack stream has been consumed.
3659 */
3660 if (zip->pack_stream_remaining == 0) {
3661 if (zip->header_is_being_read) {
3662 /* Invalid sequence. This might happen when
3663 * reading a malformed archive. */
3664 archive_set_error(&(a->archive),
3665 ARCHIVE_ERRNO_MISC, "Malformed 7-Zip archive");
3666 return (ARCHIVE_FATAL);
3667 }
3668
3669 /*
3670 * All current folder's pack streams have been
3671 * consumed. Switch to next folder.
3672 */
3673 if (zip->folder_index == 0 &&
3674 (zip->si.ci.folders[zip->entry->folderIndex].skipped_bytes
3675 || zip->folder_index != zip->entry->folderIndex)) {
3676 zip->folder_index = zip->entry->folderIndex;
3677 skip_bytes =
3678 zip->si.ci.folders[zip->folder_index].skipped_bytes;
3679 }
3680
3681 if (zip->folder_index >= zip->si.ci.numFolders) {
3682 /*
3683 * We have consumed all folders and its pack streams.
3684 */
3685 *buff = NULL;
3686 return (0);
3687 }
3688 r = setup_decode_folder(a,
3689 &(zip->si.ci.folders[zip->folder_index]), 0);
3690 if (r != ARCHIVE_OK)
3691 return (ARCHIVE_FATAL);
3692
3693 zip->folder_index++;
3694 }
3695
3696 /*
3697 * Switch to next pack stream.
3698 */
3699 r = seek_pack(a);
3700 if (r < 0)
3701 return (r);
3702
3703 /* Extract a new pack stream. */
3704 r = extract_pack_stream(a, 0);
3705 if (r < 0)
3706 return (r);
3707
3708 /*
3709 * Skip the bytes we already has skipped in skip_stream().
3710 */
3711 while (1) {
3712 ssize_t skipped;
3713
3714 if (zip->uncompressed_buffer_bytes_remaining == 0) {
3715 if (zip->pack_stream_inbytes_remaining > 0) {
3716 r = extract_pack_stream(a, 0);
3717 if (r < 0)
3718 return (r);
3719 } else if (zip->folder_outbytes_remaining > 0) {
3720 /* Extract a remaining pack stream. */
3721 r = extract_pack_stream(a, 0);
3722 if (r < 0)
3723 return (r);
3724 } else {
3725 archive_set_error(&a->archive,
3726 ARCHIVE_ERRNO_FILE_FORMAT,
3727 "Truncated 7-Zip file body");
3728 return (ARCHIVE_FATAL);
3729 }
3730 }
3731
3732 if (!skip_bytes)
3733 break;
3734
3735 skipped = get_uncompressed_data(
3736 a, buff, (size_t)skip_bytes, 0);
3737 if (skipped < 0)
3738 return (skipped);
3739 skip_bytes -= skipped;
3740 if (zip->pack_stream_bytes_unconsumed)
3741 read_consume(a);
3742 }
3743
3744 return (get_uncompressed_data(a, buff, size, minimum));
3745 }
3746
3747 static int
setup_decode_folder(struct archive_read * a,struct _7z_folder * folder,int header)3748 setup_decode_folder(struct archive_read *a, struct _7z_folder *folder,
3749 int header)
3750 {
3751 struct _7zip *zip = (struct _7zip *)a->format->data;
3752 const struct _7z_coder *coder1, *coder2;
3753 const char *cname = (header)?"archive header":"file content";
3754 unsigned i;
3755 int r, found_bcj2 = 0;
3756
3757 /*
3758 * Release the memory which the previous folder used for BCJ2.
3759 */
3760 for (i = 0; i < 3; i++) {
3761 free(zip->sub_stream_buff[i]);
3762 zip->sub_stream_buff[i] = NULL;
3763 }
3764
3765 /*
3766 * Initialize a stream reader.
3767 */
3768 zip->pack_stream_remaining = (unsigned)folder->numPackedStreams;
3769 zip->pack_stream_index = (unsigned)folder->packIndex;
3770 zip->folder_outbytes_remaining = folder_uncompressed_size(folder);
3771 zip->uncompressed_buffer_bytes_remaining = 0;
3772
3773 /*
3774 * Check coder types.
3775 */
3776 for (i = 0; i < folder->numCoders; i++) {
3777 switch(folder->coders[i].codec) {
3778 case _7Z_CRYPTO_MAIN_ZIP:
3779 case _7Z_CRYPTO_RAR_29:
3780 case _7Z_CRYPTO_AES_256_SHA_256: {
3781 /* For entry that is associated with this folder, mark
3782 it as encrypted (data+metadata). */
3783 zip->has_encrypted_entries = 1;
3784 if (a->entry) {
3785 archive_entry_set_is_data_encrypted(a->entry, 1);
3786 archive_entry_set_is_metadata_encrypted(a->entry, 1);
3787 }
3788 archive_set_error(&(a->archive),
3789 ARCHIVE_ERRNO_MISC,
3790 "The %s is encrypted, "
3791 "but currently not supported", cname);
3792 return (ARCHIVE_FATAL);
3793 }
3794 case _7Z_X86_BCJ2: {
3795 found_bcj2++;
3796 break;
3797 }
3798 }
3799 }
3800 /* Now that we've checked for encryption, if there were still no
3801 * encrypted entries found we can say for sure that there are none.
3802 */
3803 if (zip->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
3804 zip->has_encrypted_entries = 0;
3805 }
3806
3807 if ((folder->numCoders > 2 && !found_bcj2) || found_bcj2 > 1) {
3808 archive_set_error(&(a->archive),
3809 ARCHIVE_ERRNO_MISC,
3810 "The %s is encoded with many filters, "
3811 "but currently not supported", cname);
3812 return (ARCHIVE_FATAL);
3813 }
3814 coder1 = &(folder->coders[0]);
3815 if (folder->numCoders == 2)
3816 coder2 = &(folder->coders[1]);
3817 else
3818 coder2 = NULL;
3819
3820 if (found_bcj2) {
3821 /*
3822 * Preparation to decode BCJ2.
3823 * Decoding BCJ2 requires four sources. Those are at least,
3824 * as far as I know, two types of the storage form.
3825 */
3826 const struct _7z_coder *fc = folder->coders;
3827 static const struct _7z_coder coder_copy = {0, 1, 1, 0, NULL};
3828 const struct _7z_coder *scoder[3] =
3829 {&coder_copy, &coder_copy, &coder_copy};
3830 const void *buff;
3831 ssize_t bytes;
3832 unsigned char *b[3] = {NULL, NULL, NULL};
3833 uint64_t sunpack[3] ={-1, -1, -1};
3834 size_t s[3] = {0, 0, 0};
3835 int idx[3] = {0, 1, 2};
3836
3837 if (folder->numCoders == 4 && fc[3].codec == _7Z_X86_BCJ2 &&
3838 folder->numInStreams == 7 && folder->numOutStreams == 4 &&
3839 zip->pack_stream_remaining == 4) {
3840 /* Source type 1 made by 7zr or 7z with -m options. */
3841 if (folder->bindPairs[0].inIndex == 5) {
3842 /* The form made by 7zr */
3843 idx[0] = 1; idx[1] = 2; idx[2] = 0;
3844 scoder[1] = &(fc[1]);
3845 scoder[2] = &(fc[0]);
3846 sunpack[1] = folder->unPackSize[1];
3847 sunpack[2] = folder->unPackSize[0];
3848 coder1 = &(fc[2]);
3849 } else {
3850 /*
3851 * NOTE: Some patterns do not work.
3852 * work:
3853 * 7z a -m0=BCJ2 -m1=COPY -m2=COPY
3854 * -m3=(any)
3855 * 7z a -m0=BCJ2 -m1=COPY -m2=(any)
3856 * -m3=COPY
3857 * 7z a -m0=BCJ2 -m1=(any) -m2=COPY
3858 * -m3=COPY
3859 * not work:
3860 * other patterns.
3861 *
3862 * We have to handle this like `pipe' or
3863 * our libarchive7s filter frame work,
3864 * decoding the BCJ2 main stream sequentially,
3865 * m3 -> m2 -> m1 -> BCJ2.
3866 *
3867 */
3868 if (fc[0].codec == _7Z_COPY &&
3869 fc[1].codec == _7Z_COPY)
3870 coder1 = &(folder->coders[2]);
3871 else if (fc[0].codec == _7Z_COPY &&
3872 fc[2].codec == _7Z_COPY)
3873 coder1 = &(folder->coders[1]);
3874 else if (fc[1].codec == _7Z_COPY &&
3875 fc[2].codec == _7Z_COPY)
3876 coder1 = &(folder->coders[0]);
3877 else {
3878 archive_set_error(&(a->archive),
3879 ARCHIVE_ERRNO_MISC,
3880 "Unsupported form of "
3881 "BCJ2 streams");
3882 return (ARCHIVE_FATAL);
3883 }
3884 }
3885 coder2 = &(fc[3]);
3886 zip->main_stream_bytes_remaining =
3887 (size_t)folder->unPackSize[2];
3888 } else if (coder2 != NULL && coder2->codec == _7Z_X86_BCJ2 &&
3889 zip->pack_stream_remaining == 4 &&
3890 folder->numInStreams == 5 && folder->numOutStreams == 2) {
3891 /* Source type 0 made by 7z */
3892 zip->main_stream_bytes_remaining =
3893 (size_t)folder->unPackSize[0];
3894 } else {
3895 /* We got an unexpected form. */
3896 archive_set_error(&(a->archive),
3897 ARCHIVE_ERRNO_MISC,
3898 "Unsupported form of BCJ2 streams");
3899 return (ARCHIVE_FATAL);
3900 }
3901
3902 /* Skip the main stream at this time. */
3903 if ((r = seek_pack(a)) < 0)
3904 return (r);
3905 zip->pack_stream_bytes_unconsumed =
3906 (size_t)zip->pack_stream_inbytes_remaining;
3907 read_consume(a);
3908
3909 /* Read following three sub streams. */
3910 for (i = 0; i < 3; i++) {
3911 const struct _7z_coder *coder = scoder[i];
3912
3913 if ((r = seek_pack(a)) < 0) {
3914 free(b[0]); free(b[1]); free(b[2]);
3915 return (r);
3916 }
3917
3918 if (sunpack[i] == (uint64_t)-1)
3919 zip->folder_outbytes_remaining =
3920 zip->pack_stream_inbytes_remaining;
3921 else
3922 zip->folder_outbytes_remaining = sunpack[i];
3923
3924 r = init_decompression(a, zip, coder, NULL);
3925 if (r != ARCHIVE_OK) {
3926 free(b[0]); free(b[1]); free(b[2]);
3927 return (ARCHIVE_FATAL);
3928 }
3929
3930 /* Allocate memory for the decoded data of a sub
3931 * stream. */
3932 b[i] = malloc((size_t)zip->folder_outbytes_remaining);
3933 if (b[i] == NULL) {
3934 free(b[0]); free(b[1]); free(b[2]);
3935 archive_set_error(&a->archive, ENOMEM,
3936 "No memory for 7-Zip decompression");
3937 return (ARCHIVE_FATAL);
3938 }
3939
3940 /* Extract a sub stream. */
3941 while (zip->pack_stream_inbytes_remaining > 0) {
3942 r = (int)extract_pack_stream(a, 0);
3943 if (r < 0) {
3944 free(b[0]); free(b[1]); free(b[2]);
3945 return (r);
3946 }
3947 bytes = get_uncompressed_data(a, &buff,
3948 zip->uncompressed_buffer_bytes_remaining,
3949 0);
3950 if (bytes < 0) {
3951 free(b[0]); free(b[1]); free(b[2]);
3952 return ((int)bytes);
3953 }
3954 memcpy(b[i]+s[i], buff, bytes);
3955 s[i] += bytes;
3956 if (zip->pack_stream_bytes_unconsumed)
3957 read_consume(a);
3958 }
3959 }
3960
3961 /* Set the sub streams to the right place. */
3962 for (i = 0; i < 3; i++) {
3963 zip->sub_stream_buff[i] = b[idx[i]];
3964 zip->sub_stream_size[i] = s[idx[i]];
3965 zip->sub_stream_bytes_remaining[i] = s[idx[i]];
3966 }
3967
3968 /* Allocate memory used for decoded main stream bytes. */
3969 if (zip->tmp_stream_buff == NULL) {
3970 zip->tmp_stream_buff_size = 32 * 1024;
3971 zip->tmp_stream_buff =
3972 malloc(zip->tmp_stream_buff_size);
3973 if (zip->tmp_stream_buff == NULL) {
3974 archive_set_error(&a->archive, ENOMEM,
3975 "No memory for 7-Zip decompression");
3976 return (ARCHIVE_FATAL);
3977 }
3978 }
3979 zip->tmp_stream_bytes_avail = 0;
3980 zip->tmp_stream_bytes_remaining = 0;
3981 zip->odd_bcj_size = 0;
3982 zip->bcj2_outPos = 0;
3983
3984 /*
3985 * Reset a stream reader in order to read the main stream
3986 * of BCJ2.
3987 */
3988 zip->pack_stream_remaining = 1;
3989 zip->pack_stream_index = (unsigned)folder->packIndex;
3990 zip->folder_outbytes_remaining =
3991 folder_uncompressed_size(folder);
3992 zip->uncompressed_buffer_bytes_remaining = 0;
3993 }
3994
3995 /*
3996 * Initialize the decompressor for the new folder's pack streams.
3997 */
3998 r = init_decompression(a, zip, coder1, coder2);
3999 if (r != ARCHIVE_OK)
4000 return (ARCHIVE_FATAL);
4001 return (ARCHIVE_OK);
4002 }
4003
4004 static int64_t
skip_stream(struct archive_read * a,size_t skip_bytes)4005 skip_stream(struct archive_read *a, size_t skip_bytes)
4006 {
4007 struct _7zip *zip = (struct _7zip *)a->format->data;
4008 const void *p;
4009 int64_t skipped_bytes;
4010 size_t bytes = skip_bytes;
4011
4012 if (zip->folder_index == 0) {
4013 /*
4014 * Optimization for a list mode.
4015 * Avoid unnecessary decoding operations.
4016 */
4017 zip->si.ci.folders[zip->entry->folderIndex].skipped_bytes
4018 += skip_bytes;
4019 return (skip_bytes);
4020 }
4021
4022 while (bytes) {
4023 skipped_bytes = read_stream(a, &p, bytes, 0);
4024 if (skipped_bytes < 0)
4025 return (skipped_bytes);
4026 if (skipped_bytes == 0) {
4027 archive_set_error(&a->archive,
4028 ARCHIVE_ERRNO_FILE_FORMAT,
4029 "Truncated 7-Zip file body");
4030 return (ARCHIVE_FATAL);
4031 }
4032 bytes -= (size_t)skipped_bytes;
4033 if (zip->pack_stream_bytes_unconsumed)
4034 read_consume(a);
4035 }
4036 return (skip_bytes);
4037 }
4038
4039 /*
4040 * Brought from LZMA SDK.
4041 *
4042 * Bra86.c -- Converter for x86 code (BCJ)
4043 * 2008-10-04 : Igor Pavlov : Public domain
4044 *
4045 */
4046
4047 #define Test86MSByte(b) ((b) == 0 || (b) == 0xFF)
4048
4049 static void
x86_Init(struct _7zip * zip)4050 x86_Init(struct _7zip *zip)
4051 {
4052 zip->bcj_state = 0;
4053 zip->bcj_prevPosT = (size_t)0 - 1;
4054 zip->bcj_prevMask = 0;
4055 zip->bcj_ip = 5;
4056 }
4057
4058 static size_t
x86_Convert(struct _7zip * zip,uint8_t * data,size_t size)4059 x86_Convert(struct _7zip *zip, uint8_t *data, size_t size)
4060 {
4061 static const uint8_t kMaskToAllowedStatus[8] = {1, 1, 1, 0, 1, 0, 0, 0};
4062 static const uint8_t kMaskToBitNumber[8] = {0, 1, 2, 2, 3, 3, 3, 3};
4063 size_t bufferPos, prevPosT;
4064 uint32_t ip, prevMask;
4065
4066 if (size < 5)
4067 return 0;
4068
4069 bufferPos = 0;
4070 prevPosT = zip->bcj_prevPosT;
4071 prevMask = zip->bcj_prevMask;
4072 ip = zip->bcj_ip;
4073
4074 for (;;) {
4075 uint8_t *p = data + bufferPos;
4076 uint8_t *limit = data + size - 4;
4077
4078 for (; p < limit; p++)
4079 if ((*p & 0xFE) == 0xE8)
4080 break;
4081 bufferPos = (size_t)(p - data);
4082 if (p >= limit)
4083 break;
4084 prevPosT = bufferPos - prevPosT;
4085 if (prevPosT > 3)
4086 prevMask = 0;
4087 else {
4088 prevMask = (prevMask << ((int)prevPosT - 1)) & 0x7;
4089 if (prevMask != 0) {
4090 unsigned char b =
4091 p[4 - kMaskToBitNumber[prevMask]];
4092 if (!kMaskToAllowedStatus[prevMask] ||
4093 Test86MSByte(b)) {
4094 prevPosT = bufferPos;
4095 prevMask = ((prevMask << 1) & 0x7) | 1;
4096 bufferPos++;
4097 continue;
4098 }
4099 }
4100 }
4101 prevPosT = bufferPos;
4102
4103 if (Test86MSByte(p[4])) {
4104 uint32_t src = ((uint32_t)p[4] << 24) |
4105 ((uint32_t)p[3] << 16) | ((uint32_t)p[2] << 8) |
4106 ((uint32_t)p[1]);
4107 uint32_t dest;
4108 for (;;) {
4109 uint8_t b;
4110 int b_index;
4111
4112 dest = src - (ip + (uint32_t)bufferPos);
4113 if (prevMask == 0)
4114 break;
4115 b_index = kMaskToBitNumber[prevMask] * 8;
4116 b = (uint8_t)(dest >> (24 - b_index));
4117 if (!Test86MSByte(b))
4118 break;
4119 src = dest ^ ((1 << (32 - b_index)) - 1);
4120 }
4121 p[4] = (uint8_t)(~(((dest >> 24) & 1) - 1));
4122 p[3] = (uint8_t)(dest >> 16);
4123 p[2] = (uint8_t)(dest >> 8);
4124 p[1] = (uint8_t)dest;
4125 bufferPos += 5;
4126 } else {
4127 prevMask = ((prevMask << 1) & 0x7) | 1;
4128 bufferPos++;
4129 }
4130 }
4131 zip->bcj_prevPosT = prevPosT;
4132 zip->bcj_prevMask = prevMask;
4133 zip->bcj_ip += (uint32_t)bufferPos;
4134 return (bufferPos);
4135 }
4136
4137 static void
arm_Init(struct _7zip * zip)4138 arm_Init(struct _7zip *zip)
4139 {
4140 zip->bcj_ip = 8;
4141 }
4142
4143 static size_t
arm_Convert(struct _7zip * zip,uint8_t * buf,size_t size)4144 arm_Convert(struct _7zip *zip, uint8_t *buf, size_t size)
4145 {
4146 // This function was adapted from
4147 // static size_t bcj_arm(struct xz_dec_bcj *s, uint8_t *buf, size_t size)
4148 // in https://git.tukaani.org/xz-embedded.git
4149
4150 /*
4151 * Branch/Call/Jump (BCJ) filter decoders
4152 *
4153 * Authors: Lasse Collin <lasse.collin@tukaani.org>
4154 * Igor Pavlov <https://7-zip.org/>
4155 *
4156 * This file has been put into the public domain.
4157 * You can do whatever you want with this file.
4158 */
4159
4160 size_t i;
4161 uint32_t addr;
4162
4163 for (i = 0; i + 4 <= size; i += 4) {
4164 if (buf[i + 3] == 0xEB) {
4165 // Calculate the transformed addr.
4166 addr = (uint32_t)buf[i] | ((uint32_t)buf[i + 1] << 8)
4167 | ((uint32_t)buf[i + 2] << 16);
4168 addr <<= 2;
4169 addr -= zip->bcj_ip + (uint32_t)i;
4170 addr >>= 2;
4171
4172 // Store the transformed addr in buf.
4173 buf[i] = (uint8_t)addr;
4174 buf[i + 1] = (uint8_t)(addr >> 8);
4175 buf[i + 2] = (uint8_t)(addr >> 16);
4176 }
4177 }
4178
4179 zip->bcj_ip += (uint32_t)i;
4180
4181 return i;
4182 }
4183
4184 static size_t
arm64_Convert(struct _7zip * zip,uint8_t * buf,size_t size)4185 arm64_Convert(struct _7zip *zip, uint8_t *buf, size_t size)
4186 {
4187 // This function was adapted from
4188 // static size_t bcj_arm64(struct xz_dec_bcj *s, uint8_t *buf, size_t size)
4189 // in https://git.tukaani.org/xz-embedded.git
4190
4191 /*
4192 * Branch/Call/Jump (BCJ) filter decoders
4193 *
4194 * Authors: Lasse Collin <lasse.collin@tukaani.org>
4195 * Igor Pavlov <https://7-zip.org/>
4196 *
4197 * This file has been put into the public domain.
4198 * You can do whatever you want with this file.
4199 */
4200
4201 size_t i;
4202 uint32_t instr;
4203 uint32_t addr;
4204
4205 for (i = 0; i + 4 <= size; i += 4) {
4206 instr = (uint32_t)buf[i]
4207 | ((uint32_t)buf[i+1] << 8)
4208 | ((uint32_t)buf[i+2] << 16)
4209 | ((uint32_t)buf[i+3] << 24);
4210
4211 if ((instr >> 26) == 0x25) {
4212 /* BL instruction */
4213 addr = instr - ((zip->bcj_ip + (uint32_t)i) >> 2);
4214 instr = 0x94000000 | (addr & 0x03FFFFFF);
4215
4216 buf[i] = (uint8_t)instr;
4217 buf[i+1] = (uint8_t)(instr >> 8);
4218 buf[i+2] = (uint8_t)(instr >> 16);
4219 buf[i+3] = (uint8_t)(instr >> 24);
4220 } else if ((instr & 0x9F000000) == 0x90000000) {
4221 /* ADRP instruction */
4222 addr = ((instr >> 29) & 3) | ((instr >> 3) & 0x1FFFFC);
4223
4224 /* Only convert values in the range +/-512 MiB. */
4225 if ((addr + 0x020000) & 0x1C0000)
4226 continue;
4227
4228 addr -= (zip->bcj_ip + (uint32_t)i) >> 12;
4229
4230 instr &= 0x9000001F;
4231 instr |= (addr & 3) << 29;
4232 instr |= (addr & 0x03FFFC) << 3;
4233 instr |= (0U - (addr & 0x020000)) & 0xE00000;
4234
4235 buf[i] = (uint8_t)instr;
4236 buf[i+1] = (uint8_t)(instr >> 8);
4237 buf[i+2] = (uint8_t)(instr >> 16);
4238 buf[i+3] = (uint8_t)(instr >> 24);
4239 }
4240 }
4241
4242 zip->bcj_ip += (uint32_t)i;
4243
4244 return i;
4245 }
4246
4247 static size_t
sparc_Convert(struct _7zip * zip,uint8_t * buf,size_t size)4248 sparc_Convert(struct _7zip *zip, uint8_t *buf, size_t size)
4249 {
4250 // This function was adapted from
4251 // static size_t bcj_sparc(struct xz_dec_bcj *s, uint8_t *buf, size_t size)
4252 // in https://git.tukaani.org/xz-embedded.git
4253
4254 /*
4255 * Branch/Call/Jump (BCJ) filter decoders
4256 *
4257 * Authors: Lasse Collin <lasse.collin@tukaani.org>
4258 * Igor Pavlov <https://7-zip.org/>
4259 *
4260 * Copyright (C) The XZ Embedded authors and contributors
4261 *
4262 * Permission to use, copy, modify, and/or distribute this
4263 * software for any purpose with or without fee is hereby granted.
4264 *
4265 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
4266 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
4267 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
4268 * THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
4269 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
4270 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
4271 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
4272 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
4273 */
4274
4275 size_t i;
4276 uint32_t instr;
4277
4278 size &= ~(size_t)3;
4279
4280 for (i = 0; i < size; i += 4) {
4281 instr = (uint32_t)(buf[i] << 24)
4282 | ((uint32_t)buf[i+1] << 16)
4283 | ((uint32_t)buf[i+2] << 8)
4284 | (uint32_t)buf[i+3];
4285
4286 if ((instr >> 22) == 0x100 || (instr >> 22) == 0x1FF) {
4287 instr <<= 2;
4288 instr -= zip->bcj_ip + (uint32_t)i;
4289 instr >>= 2;
4290 instr = ((uint32_t)0x40000000 - (instr & 0x400000))
4291 | 0x40000000 | (instr & 0x3FFFFF);
4292
4293 buf[i] = (uint8_t)(instr >> 24);
4294 buf[i+1] = (uint8_t)(instr >> 16);
4295 buf[i+2] = (uint8_t)(instr >> 8);
4296 buf[i+3] = (uint8_t)instr;
4297 }
4298 }
4299
4300 zip->bcj_ip += (uint32_t)i;
4301
4302 return i;
4303 }
4304
4305 static size_t
powerpc_Convert(struct _7zip * zip,uint8_t * buf,size_t size)4306 powerpc_Convert(struct _7zip *zip, uint8_t *buf, size_t size)
4307 {
4308 // This function was adapted from
4309 // static size_t powerpc_code(void *simple, uint32_t now_pos, bool is_encoder, uint8_t *buffer, size_t size)
4310 // in https://git.tukaani.org/xz.git
4311
4312 /*
4313 * Filter for PowerPC (big endian) binaries
4314 *
4315 * Authors: Igor Pavlov
4316 * Lasse Collin
4317 *
4318 * Copyright (C) The XZ Utils authors and contributors
4319 *
4320 * Permission to use, copy, modify, and/or distribute this
4321 * software for any purpose with or without fee is hereby granted.
4322 *
4323 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
4324 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
4325 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
4326 * THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
4327 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
4328 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
4329 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
4330 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
4331 */
4332
4333 size &= ~(size_t)3;
4334
4335 size_t i;
4336 for (i = 0; i < size; i += 4) {
4337 // PowerPC branch 6(48) 24(Offset) 1(Abs) 1(Link)
4338 if ((buf[i] >> 2) == 0x12
4339 && ((buf[i + 3] & 3) == 1)) {
4340
4341 const uint32_t src
4342 = (((uint32_t)(buf[i + 0]) & 3) << 24)
4343 | ((uint32_t)(buf[i + 1]) << 16)
4344 | ((uint32_t)(buf[i + 2]) << 8)
4345 | ((uint32_t)(buf[i + 3]) & ~UINT32_C(3));
4346
4347 uint32_t dest = src - (zip->bcj_ip + (uint32_t)(i));
4348
4349 buf[i + 0] = 0x48 | ((dest >> 24) & 0x03);
4350 buf[i + 1] = (dest >> 16);
4351 buf[i + 2] = (dest >> 8);
4352 buf[i + 3] &= 0x03;
4353 buf[i + 3] |= dest;
4354 }
4355 }
4356
4357 zip->bcj_ip += (uint32_t)i;
4358
4359 return i;
4360 }
4361
4362 /*
4363 * Brought from LZMA SDK.
4364 *
4365 * Bcj2.c -- Converter for x86 code (BCJ2)
4366 * 2008-10-04 : Igor Pavlov : Public domain
4367 *
4368 */
4369
4370 #define SZ_ERROR_DATA ARCHIVE_FAILED
4371
4372 #define IsJcc(b0, b1) ((b0) == 0x0F && ((b1) & 0xF0) == 0x80)
4373 #define IsJ(b0, b1) ((b1 & 0xFE) == 0xE8 || IsJcc(b0, b1))
4374
4375 #define kNumTopBits 24
4376 #define kTopValue ((uint32_t)1 << kNumTopBits)
4377
4378 #define kNumBitModelTotalBits 11
4379 #define kBitModelTotal (1 << kNumBitModelTotalBits)
4380 #define kNumMoveBits 5
4381
4382 #define RC_READ_BYTE (*buffer++)
4383 #define RC_TEST { if (buffer == bufferLim) return SZ_ERROR_DATA; }
4384 #define RC_INIT2 do { \
4385 zip->bcj2_code = 0; \
4386 zip->bcj2_range = 0xFFFFFFFF; \
4387 { \
4388 int ii; \
4389 for (ii = 0; ii < 5; ii++) { \
4390 RC_TEST; \
4391 zip->bcj2_code = (zip->bcj2_code << 8) | RC_READ_BYTE; \
4392 } \
4393 } \
4394 } while (0)
4395
4396 #define NORMALIZE if (zip->bcj2_range < kTopValue) { RC_TEST; zip->bcj2_range <<= 8; zip->bcj2_code = (zip->bcj2_code << 8) | RC_READ_BYTE; }
4397
4398 #define IF_BIT_0(p) ttt = *(p); bound = (zip->bcj2_range >> kNumBitModelTotalBits) * ttt; if (zip->bcj2_code < bound)
4399 #define UPDATE_0(p) zip->bcj2_range = bound; *(p) = (CProb)(ttt + ((kBitModelTotal - ttt) >> kNumMoveBits)); NORMALIZE;
4400 #define UPDATE_1(p) zip->bcj2_range -= bound; zip->bcj2_code -= bound; *(p) = (CProb)(ttt - (ttt >> kNumMoveBits)); NORMALIZE;
4401
4402 static ssize_t
Bcj2_Decode(struct _7zip * zip,uint8_t * outBuf,size_t outSize)4403 Bcj2_Decode(struct _7zip *zip, uint8_t *outBuf, size_t outSize)
4404 {
4405 size_t inPos = 0, outPos = 0;
4406 const uint8_t *buf0, *buf1, *buf2, *buf3;
4407 size_t size0, size1, size2, size3;
4408 const uint8_t *buffer, *bufferLim;
4409 unsigned int i, j;
4410
4411 size0 = zip->tmp_stream_bytes_remaining;
4412 buf0 = zip->tmp_stream_buff + zip->tmp_stream_bytes_avail - size0;
4413 size1 = zip->sub_stream_bytes_remaining[0];
4414 buf1 = zip->sub_stream_buff[0] + zip->sub_stream_size[0] - size1;
4415 size2 = zip->sub_stream_bytes_remaining[1];
4416 buf2 = zip->sub_stream_buff[1] + zip->sub_stream_size[1] - size2;
4417 size3 = zip->sub_stream_bytes_remaining[2];
4418 buf3 = zip->sub_stream_buff[2] + zip->sub_stream_size[2] - size3;
4419
4420 buffer = buf3;
4421 bufferLim = buffer + size3;
4422
4423 if (zip->bcj_state == 0) {
4424 /*
4425 * Initialize.
4426 */
4427 zip->bcj2_prevByte = 0;
4428 for (i = 0;
4429 i < sizeof(zip->bcj2_p) / sizeof(zip->bcj2_p[0]); i++)
4430 zip->bcj2_p[i] = kBitModelTotal >> 1;
4431 RC_INIT2;
4432 zip->bcj_state = 1;
4433 }
4434
4435 /*
4436 * Gather the odd bytes of a previous call.
4437 */
4438 for (i = 0; zip->odd_bcj_size > 0 && outPos < outSize; i++) {
4439 outBuf[outPos++] = zip->odd_bcj[i];
4440 zip->odd_bcj_size--;
4441 }
4442
4443 if (outSize == 0) {
4444 zip->bcj2_outPos += outPos;
4445 return (outPos);
4446 }
4447
4448 for (;;) {
4449 uint8_t b;
4450 CProb *prob;
4451 uint32_t bound;
4452 uint32_t ttt;
4453
4454 size_t limit = size0 - inPos;
4455 if (outSize - outPos < limit)
4456 limit = outSize - outPos;
4457
4458 if (zip->bcj_state == 1) {
4459 while (limit != 0) {
4460 uint8_t bb = buf0[inPos];
4461 outBuf[outPos++] = bb;
4462 if (IsJ(zip->bcj2_prevByte, bb)) {
4463 zip->bcj_state = 2;
4464 break;
4465 }
4466 inPos++;
4467 zip->bcj2_prevByte = bb;
4468 limit--;
4469 }
4470 }
4471
4472 if (limit == 0 || outPos == outSize)
4473 break;
4474 zip->bcj_state = 1;
4475
4476 b = buf0[inPos++];
4477
4478 if (b == 0xE8)
4479 prob = zip->bcj2_p + zip->bcj2_prevByte;
4480 else if (b == 0xE9)
4481 prob = zip->bcj2_p + 256;
4482 else
4483 prob = zip->bcj2_p + 257;
4484
4485 IF_BIT_0(prob) {
4486 UPDATE_0(prob)
4487 zip->bcj2_prevByte = b;
4488 } else {
4489 uint32_t dest;
4490 const uint8_t *v;
4491 uint8_t out[4];
4492
4493 UPDATE_1(prob)
4494 if (b == 0xE8) {
4495 v = buf1;
4496 if (size1 < 4)
4497 return SZ_ERROR_DATA;
4498 buf1 += 4;
4499 size1 -= 4;
4500 } else {
4501 v = buf2;
4502 if (size2 < 4)
4503 return SZ_ERROR_DATA;
4504 buf2 += 4;
4505 size2 -= 4;
4506 }
4507 dest = (((uint32_t)v[0] << 24) |
4508 ((uint32_t)v[1] << 16) |
4509 ((uint32_t)v[2] << 8) |
4510 ((uint32_t)v[3])) -
4511 ((uint32_t)zip->bcj2_outPos + (uint32_t)outPos + 4);
4512 out[0] = (uint8_t)dest;
4513 out[1] = (uint8_t)(dest >> 8);
4514 out[2] = (uint8_t)(dest >> 16);
4515 out[3] = zip->bcj2_prevByte = (uint8_t)(dest >> 24);
4516
4517 for (i = 0; i < 4 && outPos < outSize; i++)
4518 outBuf[outPos++] = out[i];
4519 if (i < 4) {
4520 /*
4521 * Save odd bytes which we could not add into
4522 * the output buffer because of out of space.
4523 */
4524 zip->odd_bcj_size = 4 -i;
4525 for (; i < 4; i++) {
4526 j = i - 4 + (unsigned)zip->odd_bcj_size;
4527 zip->odd_bcj[j] = out[i];
4528 }
4529 break;
4530 }
4531 }
4532 }
4533 zip->tmp_stream_bytes_remaining -= inPos;
4534 zip->sub_stream_bytes_remaining[0] = size1;
4535 zip->sub_stream_bytes_remaining[1] = size2;
4536 zip->sub_stream_bytes_remaining[2] = bufferLim - buffer;
4537 zip->bcj2_outPos += outPos;
4538
4539 return ((ssize_t)outPos);
4540 }
4541