1 /*-
2 * Copyright (c) 2010-2012 Michihiro NAKAJIMA
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26 #include "archive_platform.h"
27
28 #ifdef HAVE_ERRNO_H
29 #include <errno.h>
30 #endif
31 #ifdef HAVE_LIMITS_H
32 #include <limits.h>
33 #endif
34 #ifdef HAVE_STDLIB_H
35 #include <stdlib.h>
36 #endif
37 #ifdef HAVE_STRING_H
38 #include <string.h>
39 #endif
40 #ifdef HAVE_ZLIB_H
41 #include <zlib.h>
42 #endif
43
44 #include "archive.h"
45 #include "archive_entry.h"
46 #include "archive_entry_locale.h"
47 #include "archive_private.h"
48 #include "archive_read_private.h"
49 #include "archive_endian.h"
50
51
52 struct lzx_dec {
53 /* Decoding status. */
54 int state;
55
56 /*
57 * Window to see last decoded data, from 32KBi to 2MBi.
58 */
59 int w_size;
60 int w_mask;
61 /* Window buffer, which is a loop buffer. */
62 unsigned char *w_buff;
63 /* The insert position to the window. */
64 int w_pos;
65 /* The position where we can copy decoded code from the window. */
66 int copy_pos;
67 /* The length how many bytes we can copy decoded code from
68 * the window. */
69 int copy_len;
70 /* Translation reversal for x86 processor CALL byte sequence(E8).
71 * This is used for LZX only. */
72 uint32_t translation_size;
73 char translation;
74 char block_type;
75 #define VERBATIM_BLOCK 1
76 #define ALIGNED_OFFSET_BLOCK 2
77 #define UNCOMPRESSED_BLOCK 3
78 size_t block_size;
79 size_t block_bytes_avail;
80 /* Repeated offset. */
81 int r0, r1, r2;
82 unsigned char rbytes[4];
83 int rbytes_avail;
84 int length_header;
85 int position_slot;
86 int offset_bits;
87
88 struct lzx_pos_tbl {
89 int base;
90 int footer_bits;
91 } *pos_tbl;
92 /*
93 * Bit stream reader.
94 */
95 struct lzx_br {
96 #define CACHE_TYPE uint64_t
97 #define CACHE_BITS (8 * sizeof(CACHE_TYPE))
98 /* Cache buffer. */
99 CACHE_TYPE cache_buffer;
100 /* Indicates how many bits avail in cache_buffer. */
101 int cache_avail;
102 unsigned char odd;
103 char have_odd;
104 } br;
105
106 /*
107 * Huffman coding.
108 */
109 struct huffman {
110 int len_size;
111 int freq[17];
112 unsigned char *bitlen;
113
114 /*
115 * Use a index table. It's faster than searching a huffman
116 * coding tree, which is a binary tree. But a use of a large
117 * index table causes L1 cache read miss many times.
118 */
119 int max_bits;
120 int tbl_bits;
121 int tree_used;
122 /* Direct access table. */
123 uint16_t *tbl;
124 } at, lt, mt, pt;
125
126 int loop;
127 int error;
128 };
129
130 static const int slots[] = {
131 30, 32, 34, 36, 38, 42, 50, 66, 98, 162, 290
132 };
133 #define SLOT_BASE 15
134 #define SLOT_MAX 21/*->25*/
135
136 struct lzx_stream {
137 const unsigned char *next_in;
138 int64_t avail_in;
139 int64_t total_in;
140 unsigned char *next_out;
141 int64_t avail_out;
142 int64_t total_out;
143 struct lzx_dec *ds;
144 };
145
146 /*
147 * Cabinet file definitions.
148 */
149 /* CFHEADER offset */
150 #define CFHEADER_signature 0
151 #define CFHEADER_cbCabinet 8
152 #define CFHEADER_coffFiles 16
153 #define CFHEADER_versionMinor 24
154 #define CFHEADER_versionMajor 25
155 #define CFHEADER_cFolders 26
156 #define CFHEADER_cFiles 28
157 #define CFHEADER_flags 30
158 #define CFHEADER_setID 32
159 #define CFHEADER_iCabinet 34
160 #define CFHEADER_cbCFHeader 36
161 #define CFHEADER_cbCFFolder 38
162 #define CFHEADER_cbCFData 39
163
164 /* CFFOLDER offset */
165 #define CFFOLDER_coffCabStart 0
166 #define CFFOLDER_cCFData 4
167 #define CFFOLDER_typeCompress 6
168 #define CFFOLDER_abReserve 8
169
170 /* CFFILE offset */
171 #define CFFILE_cbFile 0
172 #define CFFILE_uoffFolderStart 4
173 #define CFFILE_iFolder 8
174 #define CFFILE_date_time 10
175 #define CFFILE_attribs 14
176
177 /* CFDATA offset */
178 #define CFDATA_csum 0
179 #define CFDATA_cbData 4
180 #define CFDATA_cbUncomp 6
181
182 static const char * const compression_name[] = {
183 "NONE",
184 "MSZIP",
185 "Quantum",
186 "LZX",
187 };
188
189 struct cfdata {
190 /* Sum value of this CFDATA. */
191 uint32_t sum;
192 uint16_t compressed_size;
193 uint16_t compressed_bytes_remaining;
194 uint16_t uncompressed_size;
195 uint16_t uncompressed_bytes_remaining;
196 /* To know how many bytes we have decompressed. */
197 uint16_t uncompressed_avail;
198 /* Offset from the beginning of compressed data of this CFDATA */
199 uint16_t read_offset;
200 int64_t unconsumed;
201 /* To keep memory image of this CFDATA to compute the sum. */
202 size_t memimage_size;
203 unsigned char *memimage;
204 /* Result of calculation of sum. */
205 uint32_t sum_calculated;
206 unsigned char sum_extra[4];
207 int sum_extra_avail;
208 const void *sum_ptr;
209 };
210
211 struct cffolder {
212 uint32_t cfdata_offset_in_cab;
213 uint16_t cfdata_count;
214 uint16_t comptype;
215 #define COMPTYPE_NONE 0x0000
216 #define COMPTYPE_MSZIP 0x0001
217 #define COMPTYPE_QUANTUM 0x0002
218 #define COMPTYPE_LZX 0x0003
219 uint16_t compdata;
220 const char *compname;
221 /* At the time reading CFDATA */
222 struct cfdata cfdata;
223 int cfdata_index;
224 /* Flags to mark progress of decompression. */
225 char decompress_init;
226 };
227
228 struct cffile {
229 uint32_t uncompressed_size;
230 uint32_t offset;
231 time_t mtime;
232 uint16_t folder;
233 #define iFoldCONTINUED_FROM_PREV 0xFFFD
234 #define iFoldCONTINUED_TO_NEXT 0xFFFE
235 #define iFoldCONTINUED_PREV_AND_NEXT 0xFFFF
236 unsigned char attr;
237 #define ATTR_RDONLY 0x01
238 #define ATTR_NAME_IS_UTF 0x80
239 struct archive_string pathname;
240 };
241
242 struct cfheader {
243 /* Total bytes of all file size in a Cabinet. */
244 uint32_t total_bytes;
245 uint32_t files_offset;
246 uint16_t folder_count;
247 uint16_t file_count;
248 uint16_t flags;
249 #define PREV_CABINET 0x0001
250 #define NEXT_CABINET 0x0002
251 #define RESERVE_PRESENT 0x0004
252 uint16_t setid;
253 uint16_t cabinet;
254 /* Version number. */
255 unsigned char major;
256 unsigned char minor;
257 unsigned char cffolder;
258 unsigned char cfdata;
259 /* All folders in a cabinet. */
260 struct cffolder *folder_array;
261 /* All files in a cabinet. */
262 struct cffile *file_array;
263 int file_index;
264 };
265
266 struct cab {
267 /* entry_bytes_remaining is the number of bytes we expect. */
268 int64_t entry_offset;
269 int64_t entry_bytes_remaining;
270 int64_t entry_unconsumed;
271 int64_t entry_compressed_bytes_read;
272 int64_t entry_uncompressed_bytes_read;
273 struct cffolder *entry_cffolder;
274 struct cffile *entry_cffile;
275 struct cfdata *entry_cfdata;
276
277 /* Offset from beginning of a cabinet file. */
278 int64_t cab_offset;
279 struct cfheader cfheader;
280 struct archive_wstring ws;
281
282 /* Flag to mark progress that an archive was read their first header.*/
283 char found_header;
284 char end_of_archive;
285 char end_of_entry;
286 char end_of_entry_cleanup;
287 char read_data_invoked;
288 int64_t bytes_skipped;
289
290 unsigned char *uncompressed_buffer;
291 size_t uncompressed_buffer_size;
292
293 int init_default_conversion;
294 struct archive_string_conv *sconv;
295 struct archive_string_conv *sconv_default;
296 struct archive_string_conv *sconv_utf8;
297 char format_name[64];
298
299 #ifdef HAVE_ZLIB_H
300 z_stream stream;
301 char stream_valid;
302 #endif
303 struct lzx_stream xstrm;
304 };
305
306 static int archive_read_format_cab_bid(struct archive_read *, int);
307 static int archive_read_format_cab_options(struct archive_read *,
308 const char *, const char *);
309 static int archive_read_format_cab_read_header(struct archive_read *,
310 struct archive_entry *);
311 static int archive_read_format_cab_read_data(struct archive_read *,
312 const void **, size_t *, int64_t *);
313 static int archive_read_format_cab_read_data_skip(struct archive_read *);
314 static int archive_read_format_cab_cleanup(struct archive_read *);
315
316 static int cab_skip_sfx(struct archive_read *);
317 static time_t cab_dos_time(const unsigned char *);
318 static int cab_read_data(struct archive_read *, const void **,
319 size_t *, int64_t *);
320 static int cab_read_header(struct archive_read *);
321 static uint32_t cab_checksum_cfdata_4(const void *, size_t bytes, uint32_t);
322 static uint32_t cab_checksum_cfdata(const void *, size_t bytes, uint32_t);
323 static void cab_checksum_update(struct archive_read *, size_t);
324 static int cab_checksum_finish(struct archive_read *);
325 static int cab_next_cfdata(struct archive_read *);
326 static const void *cab_read_ahead_cfdata(struct archive_read *, ssize_t *);
327 static const void *cab_read_ahead_cfdata_none(struct archive_read *, ssize_t *);
328 static const void *cab_read_ahead_cfdata_deflate(struct archive_read *,
329 ssize_t *);
330 static const void *cab_read_ahead_cfdata_lzx(struct archive_read *,
331 ssize_t *);
332 static int64_t cab_consume_cfdata(struct archive_read *, int64_t);
333 static int64_t cab_minimum_consume_cfdata(struct archive_read *, int64_t);
334 static int lzx_decode_init(struct lzx_stream *, int);
335 static int lzx_read_blocks(struct lzx_stream *, int);
336 static int lzx_decode_blocks(struct lzx_stream *, int);
337 static void lzx_decode_free(struct lzx_stream *);
338 static void lzx_translation(struct lzx_stream *, void *, size_t, uint32_t);
339 static void lzx_cleanup_bitstream(struct lzx_stream *);
340 static int lzx_decode(struct lzx_stream *, int);
341 static int lzx_read_pre_tree(struct lzx_stream *);
342 static int lzx_read_bitlen(struct lzx_stream *, struct huffman *, int);
343 static int lzx_huffman_init(struct huffman *, size_t, int);
344 static void lzx_huffman_free(struct huffman *);
345 static int lzx_make_huffman_table(struct huffman *);
346 static inline int lzx_decode_huffman(struct huffman *, unsigned);
347
348
349 int
archive_read_support_format_cab(struct archive * _a)350 archive_read_support_format_cab(struct archive *_a)
351 {
352 struct archive_read *a = (struct archive_read *)_a;
353 struct cab *cab;
354 int r;
355
356 archive_check_magic(_a, ARCHIVE_READ_MAGIC,
357 ARCHIVE_STATE_NEW, "archive_read_support_format_cab");
358
359 cab = calloc(1, sizeof(*cab));
360 if (cab == NULL) {
361 archive_set_error(&a->archive, ENOMEM,
362 "Can't allocate CAB data");
363 return (ARCHIVE_FATAL);
364 }
365 archive_string_init(&cab->ws);
366 if (archive_wstring_ensure(&cab->ws, 256) == NULL) {
367 archive_set_error(&a->archive, ENOMEM,
368 "Can't allocate memory");
369 free(cab);
370 return (ARCHIVE_FATAL);
371 }
372
373 r = __archive_read_register_format(a,
374 cab,
375 "cab",
376 archive_read_format_cab_bid,
377 archive_read_format_cab_options,
378 archive_read_format_cab_read_header,
379 archive_read_format_cab_read_data,
380 archive_read_format_cab_read_data_skip,
381 NULL,
382 archive_read_format_cab_cleanup,
383 NULL,
384 NULL);
385
386 if (r != ARCHIVE_OK) {
387 archive_wstring_free(&cab->ws);
388 free(cab);
389 }
390 return (ARCHIVE_OK);
391 }
392
393 static int
find_cab_magic(const char * p)394 find_cab_magic(const char *p)
395 {
396 switch (p[4]) {
397 case 0:
398 /*
399 * Note: Self-Extraction program has 'MSCF' string in their
400 * program. If we were finding 'MSCF' string only, we got
401 * wrong place for Cabinet header, thus, we have to check
402 * following four bytes which are reserved and must be set
403 * to zero.
404 */
405 if (memcmp(p, "MSCF\0\0\0\0", 8) == 0)
406 return 0;
407 return 5;
408 case 'F': return 1;
409 case 'C': return 2;
410 case 'S': return 3;
411 case 'M': return 4;
412 default: return 5;
413 }
414 }
415
416 static int
archive_read_format_cab_bid(struct archive_read * a,int best_bid)417 archive_read_format_cab_bid(struct archive_read *a, int best_bid)
418 {
419 const char *p;
420 ssize_t bytes_avail, offset, window;
421
422 /* If there's already a better bid than we can ever
423 make, don't bother testing. */
424 if (best_bid > 64)
425 return (-1);
426
427 if ((p = __archive_read_ahead(a, 8, NULL)) == NULL)
428 return (-1);
429
430 if (memcmp(p, "MSCF\0\0\0\0", 8) == 0)
431 return (64);
432
433 /*
434 * Attempt to handle self-extracting archives
435 * by noting a PE header and searching forward
436 * up to 128k for a 'MSCF' marker.
437 */
438 if (p[0] == 'M' && p[1] == 'Z') {
439 offset = 0;
440 window = 4096;
441 while (offset < (1024 * 128)) {
442 const char *h = __archive_read_ahead(a, offset + window,
443 &bytes_avail);
444 if (h == NULL) {
445 /* Remaining bytes are less than window. */
446 window >>= 1;
447 if (window < 128)
448 return (0);
449 continue;
450 }
451 p = h + offset;
452 while (p + 8 < h + bytes_avail) {
453 int next;
454 if ((next = find_cab_magic(p)) == 0)
455 return (64);
456 p += next;
457 }
458 offset = p - h;
459 }
460 }
461 return (0);
462 }
463
464 static int
archive_read_format_cab_options(struct archive_read * a,const char * key,const char * val)465 archive_read_format_cab_options(struct archive_read *a,
466 const char *key, const char *val)
467 {
468 struct cab *cab;
469 int ret = ARCHIVE_FAILED;
470
471 cab = (struct cab *)(a->format->data);
472 if (strcmp(key, "hdrcharset") == 0) {
473 if (val == NULL || val[0] == 0)
474 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
475 "cab: hdrcharset option needs a character-set name");
476 else {
477 cab->sconv = archive_string_conversion_from_charset(
478 &a->archive, val, 0);
479 if (cab->sconv != NULL)
480 ret = ARCHIVE_OK;
481 else
482 ret = ARCHIVE_FATAL;
483 }
484 return (ret);
485 }
486
487 /* Note: The "warn" return is just to inform the options
488 * supervisor that we didn't handle it. It will generate
489 * a suitable error if no one used this option. */
490 return (ARCHIVE_WARN);
491 }
492
493 static int
cab_skip_sfx(struct archive_read * a)494 cab_skip_sfx(struct archive_read *a)
495 {
496 const char *p, *q;
497 size_t skip;
498 ssize_t bytes, window;
499
500 window = 4096;
501 for (;;) {
502 const char *h = __archive_read_ahead(a, window, &bytes);
503 if (h == NULL) {
504 /* Remaining size are less than window. */
505 window >>= 1;
506 if (window < 128) {
507 archive_set_error(&a->archive,
508 ARCHIVE_ERRNO_FILE_FORMAT,
509 "Couldn't find out CAB header");
510 return (ARCHIVE_FATAL);
511 }
512 continue;
513 }
514 p = h;
515 q = p + bytes;
516
517 /*
518 * Scan ahead until we find something that looks
519 * like the cab header.
520 */
521 while (p + 8 < q) {
522 int next;
523 if ((next = find_cab_magic(p)) == 0) {
524 skip = p - h;
525 __archive_read_consume(a, skip);
526 return (ARCHIVE_OK);
527 }
528 p += next;
529 }
530 skip = p - h;
531 __archive_read_consume(a, skip);
532 }
533 }
534
535 static int
truncated_error(struct archive_read * a)536 truncated_error(struct archive_read *a)
537 {
538 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
539 "Truncated CAB header");
540 return (ARCHIVE_FATAL);
541 }
542
543 static ssize_t
cab_strnlen(const unsigned char * p,size_t maxlen)544 cab_strnlen(const unsigned char *p, size_t maxlen)
545 {
546 size_t i;
547
548 for (i = 0; i <= maxlen; i++) {
549 if (p[i] == 0)
550 break;
551 }
552 if (i > maxlen)
553 return (-1);/* invalid */
554 return ((ssize_t)i);
555 }
556
557 /* Read bytes as much as remaining. */
558 static const void *
cab_read_ahead_remaining(struct archive_read * a,size_t min,ssize_t * avail)559 cab_read_ahead_remaining(struct archive_read *a, size_t min, ssize_t *avail)
560 {
561 const void *p;
562
563 while (min > 0) {
564 p = __archive_read_ahead(a, min, avail);
565 if (p != NULL)
566 return (p);
567 min--;
568 }
569 return (NULL);
570 }
571
572 /* Convert a path separator '\' -> '/' */
573 static int
cab_convert_path_separator_1(struct archive_string * fn,unsigned char attr)574 cab_convert_path_separator_1(struct archive_string *fn, unsigned char attr)
575 {
576 size_t i;
577 int mb;
578
579 /* Easy check if we have '\' in multi-byte string. */
580 mb = 0;
581 for (i = 0; i < archive_strlen(fn); i++) {
582 if (fn->s[i] == '\\') {
583 if (mb) {
584 /* This may be second byte of multi-byte
585 * character. */
586 break;
587 }
588 fn->s[i] = '/';
589 mb = 0;
590 } else if ((fn->s[i] & 0x80) && !(attr & ATTR_NAME_IS_UTF))
591 mb = 1;
592 else
593 mb = 0;
594 }
595 if (i == archive_strlen(fn))
596 return (0);
597 return (-1);
598 }
599
600 /*
601 * Replace a character '\' with '/' in wide character.
602 */
603 static void
cab_convert_path_separator_2(struct cab * cab,struct archive_entry * entry)604 cab_convert_path_separator_2(struct cab *cab, struct archive_entry *entry)
605 {
606 const wchar_t *wp;
607 size_t i;
608
609 /* If a conversion to wide character failed, force the replacement. */
610 if ((wp = archive_entry_pathname_w(entry)) != NULL) {
611 archive_wstrcpy(&(cab->ws), wp);
612 for (i = 0; i < archive_strlen(&(cab->ws)); i++) {
613 if (cab->ws.s[i] == L'\\')
614 cab->ws.s[i] = L'/';
615 }
616 archive_entry_copy_pathname_w(entry, cab->ws.s);
617 }
618 }
619
620 /*
621 * Read CFHEADER, CFFOLDER and CFFILE.
622 */
623 static int
cab_read_header(struct archive_read * a)624 cab_read_header(struct archive_read *a)
625 {
626 const unsigned char *p;
627 struct cab *cab;
628 struct cfheader *hd;
629 size_t bytes, used;
630 ssize_t len;
631 int64_t skip;
632 int err, i;
633 int cur_folder, prev_folder;
634 uint32_t offset32;
635
636 a->archive.archive_format = ARCHIVE_FORMAT_CAB;
637 if (a->archive.archive_format_name == NULL)
638 a->archive.archive_format_name = "CAB";
639
640 if ((p = __archive_read_ahead(a, 42, NULL)) == NULL)
641 return (truncated_error(a));
642
643 cab = (struct cab *)(a->format->data);
644 if (cab->found_header == 0 &&
645 p[0] == 'M' && p[1] == 'Z') {
646 /* This is an executable? Must be self-extracting... */
647 err = cab_skip_sfx(a);
648 if (err < ARCHIVE_WARN)
649 return (err);
650
651 /* Re-read header after processing the SFX. */
652 if ((p = __archive_read_ahead(a, 42, NULL)) == NULL)
653 return (truncated_error(a));
654 }
655
656 cab->cab_offset = 0;
657 /*
658 * Read CFHEADER.
659 */
660 hd = &cab->cfheader;
661 if (p[CFHEADER_signature+0] != 'M' || p[CFHEADER_signature+1] != 'S' ||
662 p[CFHEADER_signature+2] != 'C' || p[CFHEADER_signature+3] != 'F') {
663 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
664 "Couldn't find out CAB header");
665 return (ARCHIVE_FATAL);
666 }
667 hd->total_bytes = archive_le32dec(p + CFHEADER_cbCabinet);
668 hd->files_offset = archive_le32dec(p + CFHEADER_coffFiles);
669 hd->minor = p[CFHEADER_versionMinor];
670 hd->major = p[CFHEADER_versionMajor];
671 hd->folder_count = archive_le16dec(p + CFHEADER_cFolders);
672 if (hd->folder_count == 0)
673 goto invalid;
674 hd->file_count = archive_le16dec(p + CFHEADER_cFiles);
675 if (hd->file_count == 0)
676 goto invalid;
677 hd->flags = archive_le16dec(p + CFHEADER_flags);
678 hd->setid = archive_le16dec(p + CFHEADER_setID);
679 hd->cabinet = archive_le16dec(p + CFHEADER_iCabinet);
680 used = CFHEADER_iCabinet + 2;
681 if (hd->flags & RESERVE_PRESENT) {
682 uint16_t cfheader;
683 cfheader = archive_le16dec(p + CFHEADER_cbCFHeader);
684 if (cfheader > 60000U)
685 goto invalid;
686 hd->cffolder = p[CFHEADER_cbCFFolder];
687 hd->cfdata = p[CFHEADER_cbCFData];
688 used += 4;/* cbCFHeader, cbCFFolder and cbCFData */
689 used += cfheader;/* abReserve */
690 } else
691 hd->cffolder = 0;/* Avoid compiling warning. */
692 if (hd->flags & PREV_CABINET) {
693 /* How many bytes are used for szCabinetPrev. */
694 if ((p = __archive_read_ahead(a, used+256, NULL)) == NULL)
695 return (truncated_error(a));
696 if ((len = cab_strnlen(p + used, 255)) <= 0)
697 goto invalid;
698 used += len + 1;
699 /* How many bytes are used for szDiskPrev. */
700 if ((p = __archive_read_ahead(a, used+256, NULL)) == NULL)
701 return (truncated_error(a));
702 if ((len = cab_strnlen(p + used, 255)) <= 0)
703 goto invalid;
704 used += len + 1;
705 }
706 if (hd->flags & NEXT_CABINET) {
707 /* How many bytes are used for szCabinetNext. */
708 if ((p = __archive_read_ahead(a, used+256, NULL)) == NULL)
709 return (truncated_error(a));
710 if ((len = cab_strnlen(p + used, 255)) <= 0)
711 goto invalid;
712 used += len + 1;
713 /* How many bytes are used for szDiskNext. */
714 if ((p = __archive_read_ahead(a, used+256, NULL)) == NULL)
715 return (truncated_error(a));
716 if ((len = cab_strnlen(p + used, 255)) <= 0)
717 goto invalid;
718 used += len + 1;
719 }
720 __archive_read_consume(a, used);
721 cab->cab_offset += used;
722 used = 0;
723
724 /*
725 * Read CFFOLDER.
726 */
727 hd->folder_array = calloc(
728 hd->folder_count, sizeof(struct cffolder));
729 if (hd->folder_array == NULL)
730 goto nomem;
731
732 bytes = 8;
733 if (hd->flags & RESERVE_PRESENT)
734 bytes += hd->cffolder;
735 bytes *= hd->folder_count;
736 if ((p = __archive_read_ahead(a, bytes, NULL)) == NULL)
737 return (truncated_error(a));
738 offset32 = 0;
739 for (i = 0; i < hd->folder_count; i++) {
740 struct cffolder *folder = &(hd->folder_array[i]);
741 folder->cfdata_offset_in_cab =
742 archive_le32dec(p + CFFOLDER_coffCabStart);
743 folder->cfdata_count = archive_le16dec(p+CFFOLDER_cCFData);
744 folder->comptype =
745 archive_le16dec(p+CFFOLDER_typeCompress) & 0x0F;
746 folder->compdata =
747 archive_le16dec(p+CFFOLDER_typeCompress) >> 8;
748 /* Get a compression name. */
749 if (folder->comptype <
750 sizeof(compression_name) / sizeof(compression_name[0]))
751 folder->compname = compression_name[folder->comptype];
752 else
753 folder->compname = "UNKNOWN";
754 p += 8;
755 used += 8;
756 if (hd->flags & RESERVE_PRESENT) {
757 p += hd->cffolder;/* abReserve */
758 used += hd->cffolder;
759 }
760 /*
761 * Sanity check if each data is acceptable.
762 */
763 if (offset32 >= folder->cfdata_offset_in_cab)
764 goto invalid;
765 offset32 = folder->cfdata_offset_in_cab;
766
767 /* Set a request to initialize zlib for the CFDATA of
768 * this folder. */
769 folder->decompress_init = 0;
770 }
771 __archive_read_consume(a, used);
772 cab->cab_offset += used;
773
774 /*
775 * Read CFFILE.
776 */
777 /* Seek read pointer to the offset of CFFILE if needed. */
778 skip = (int64_t)hd->files_offset - cab->cab_offset;
779 if (skip < 0) {
780 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
781 "Invalid offset of CFFILE %jd < %jd",
782 (intmax_t)hd->files_offset, (intmax_t)cab->cab_offset);
783 return (ARCHIVE_FATAL);
784 }
785 if (skip) {
786 __archive_read_consume(a, skip);
787 cab->cab_offset += skip;
788 }
789 /* Allocate memory for CFDATA */
790 hd->file_array = calloc(
791 hd->file_count, sizeof(struct cffile));
792 if (hd->file_array == NULL)
793 goto nomem;
794
795 prev_folder = -1;
796 for (i = 0; i < hd->file_count; i++) {
797 struct cffile *file = &(hd->file_array[i]);
798 ssize_t avail;
799
800 if ((p = __archive_read_ahead(a, 16, NULL)) == NULL)
801 return (truncated_error(a));
802 file->uncompressed_size = archive_le32dec(p + CFFILE_cbFile);
803 file->offset = archive_le32dec(p + CFFILE_uoffFolderStart);
804 file->folder = archive_le16dec(p + CFFILE_iFolder);
805 file->mtime = cab_dos_time(p + CFFILE_date_time);
806 file->attr = (uint8_t)archive_le16dec(p + CFFILE_attribs);
807 __archive_read_consume(a, 16);
808
809 cab->cab_offset += 16;
810 if ((p = cab_read_ahead_remaining(a, 256, &avail)) == NULL)
811 return (truncated_error(a));
812 if ((len = cab_strnlen(p, avail-1)) <= 0)
813 goto invalid;
814
815 /* Copy a pathname. */
816 archive_string_init(&(file->pathname));
817 archive_strncpy(&(file->pathname), p, len);
818 __archive_read_consume(a, len + 1);
819 cab->cab_offset += len + 1;
820
821 /*
822 * Sanity check if each data is acceptable.
823 */
824 if (file->uncompressed_size > 0x7FFF8000)
825 goto invalid;/* Too large */
826 if ((int64_t)file->offset + (int64_t)file->uncompressed_size
827 > ARCHIVE_LITERAL_LL(0x7FFF8000))
828 goto invalid;/* Too large */
829 switch (file->folder) {
830 case iFoldCONTINUED_TO_NEXT:
831 /* This must be last file in a folder. */
832 if (i != hd->file_count -1)
833 goto invalid;
834 cur_folder = hd->folder_count -1;
835 break;
836 case iFoldCONTINUED_PREV_AND_NEXT:
837 /* This must be only one file in a folder. */
838 if (hd->file_count != 1)
839 goto invalid;
840 /* FALL THROUGH */
841 case iFoldCONTINUED_FROM_PREV:
842 /* This must be first file in a folder. */
843 if (i != 0)
844 goto invalid;
845 prev_folder = cur_folder = 0;
846 offset32 = file->offset;
847 break;
848 default:
849 if (file->folder >= hd->folder_count)
850 goto invalid;
851 cur_folder = file->folder;
852 break;
853 }
854 /* Dot not back track. */
855 if (cur_folder < prev_folder)
856 goto invalid;
857 if (cur_folder != prev_folder)
858 offset32 = 0;
859 prev_folder = cur_folder;
860
861 /* Make sure there are not any blanks from last file
862 * contents. */
863 if (offset32 != file->offset)
864 goto invalid;
865 offset32 += file->uncompressed_size;
866
867 /* CFDATA is available for file contents. */
868 if (file->uncompressed_size > 0 &&
869 hd->folder_array[cur_folder].cfdata_count == 0)
870 goto invalid;
871 }
872
873 if (hd->cabinet != 0 || hd->flags & (PREV_CABINET | NEXT_CABINET)) {
874 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
875 "Multivolume cabinet file is unsupported");
876 return (ARCHIVE_WARN);
877 }
878 return (ARCHIVE_OK);
879 invalid:
880 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
881 "Invalid CAB header");
882 return (ARCHIVE_FATAL);
883 nomem:
884 archive_set_error(&a->archive, ENOMEM,
885 "Can't allocate memory for CAB data");
886 return (ARCHIVE_FATAL);
887 }
888
889 static int
archive_read_format_cab_read_header(struct archive_read * a,struct archive_entry * entry)890 archive_read_format_cab_read_header(struct archive_read *a,
891 struct archive_entry *entry)
892 {
893 struct cab *cab;
894 struct cfheader *hd;
895 struct cffolder *prev_folder;
896 struct cffile *file;
897 struct archive_string_conv *sconv;
898 int err = ARCHIVE_OK, r;
899
900 cab = (struct cab *)(a->format->data);
901 if (cab->found_header == 0) {
902 err = cab_read_header(a);
903 if (err < ARCHIVE_WARN)
904 return (err);
905 /* We've found the header. */
906 cab->found_header = 1;
907 }
908 hd = &cab->cfheader;
909
910 if (hd->file_index >= hd->file_count) {
911 cab->end_of_archive = 1;
912 return (ARCHIVE_EOF);
913 }
914 file = &hd->file_array[hd->file_index++];
915
916 cab->end_of_entry = 0;
917 cab->end_of_entry_cleanup = 0;
918 cab->entry_compressed_bytes_read = 0;
919 cab->entry_uncompressed_bytes_read = 0;
920 cab->entry_unconsumed = 0;
921 cab->entry_cffile = file;
922
923 /*
924 * Choose a proper folder.
925 */
926 prev_folder = cab->entry_cffolder;
927 switch (file->folder) {
928 case iFoldCONTINUED_FROM_PREV:
929 case iFoldCONTINUED_PREV_AND_NEXT:
930 cab->entry_cffolder = &hd->folder_array[0];
931 break;
932 case iFoldCONTINUED_TO_NEXT:
933 cab->entry_cffolder = &hd->folder_array[hd->folder_count-1];
934 break;
935 default:
936 cab->entry_cffolder = &hd->folder_array[file->folder];
937 break;
938 }
939 /* If a cffolder of this file is changed, reset a cfdata to read
940 * file contents from next cfdata. */
941 if (prev_folder != cab->entry_cffolder)
942 cab->entry_cfdata = NULL;
943
944 /* If a pathname is UTF-8, prepare a string conversion object
945 * for UTF-8 and use it. */
946 if (file->attr & ATTR_NAME_IS_UTF) {
947 if (cab->sconv_utf8 == NULL) {
948 cab->sconv_utf8 =
949 archive_string_conversion_from_charset(
950 &(a->archive), "UTF-8", 1);
951 if (cab->sconv_utf8 == NULL)
952 return (ARCHIVE_FATAL);
953 }
954 sconv = cab->sconv_utf8;
955 } else if (cab->sconv != NULL) {
956 /* Choose the conversion specified by the option. */
957 sconv = cab->sconv;
958 } else {
959 /* Choose the default conversion. */
960 if (!cab->init_default_conversion) {
961 cab->sconv_default =
962 archive_string_default_conversion_for_read(
963 &(a->archive));
964 cab->init_default_conversion = 1;
965 }
966 sconv = cab->sconv_default;
967 }
968
969 /*
970 * Set a default value and common data
971 */
972 r = cab_convert_path_separator_1(&(file->pathname), file->attr);
973 if (archive_entry_copy_pathname_l(entry, file->pathname.s,
974 archive_strlen(&(file->pathname)), sconv) != 0) {
975 if (errno == ENOMEM) {
976 archive_set_error(&a->archive, ENOMEM,
977 "Can't allocate memory for Pathname");
978 return (ARCHIVE_FATAL);
979 }
980 archive_set_error(&a->archive,
981 ARCHIVE_ERRNO_FILE_FORMAT,
982 "Pathname cannot be converted "
983 "from %s to current locale",
984 archive_string_conversion_charset_name(sconv));
985 err = ARCHIVE_WARN;
986 }
987 if (r < 0) {
988 /* Convert a path separator '\' -> '/' */
989 cab_convert_path_separator_2(cab, entry);
990 }
991
992 archive_entry_set_size(entry, file->uncompressed_size);
993 if (file->attr & ATTR_RDONLY)
994 archive_entry_set_mode(entry, AE_IFREG | 0555);
995 else
996 archive_entry_set_mode(entry, AE_IFREG | 0666);
997 archive_entry_set_mtime(entry, file->mtime, 0);
998
999 cab->entry_bytes_remaining = file->uncompressed_size;
1000 cab->entry_offset = 0;
1001 /* We don't need compress data. */
1002 if (file->uncompressed_size == 0)
1003 cab->end_of_entry_cleanup = cab->end_of_entry = 1;
1004
1005 /* Set up a more descriptive format name. */
1006 snprintf(cab->format_name, sizeof(cab->format_name), "CAB %d.%d (%s)",
1007 hd->major, hd->minor, cab->entry_cffolder->compname);
1008 a->archive.archive_format_name = cab->format_name;
1009
1010 return (err);
1011 }
1012
1013 static int
archive_read_format_cab_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1014 archive_read_format_cab_read_data(struct archive_read *a,
1015 const void **buff, size_t *size, int64_t *offset)
1016 {
1017 struct cab *cab = (struct cab *)(a->format->data);
1018 int r;
1019
1020 switch (cab->entry_cffile->folder) {
1021 case iFoldCONTINUED_FROM_PREV:
1022 case iFoldCONTINUED_TO_NEXT:
1023 case iFoldCONTINUED_PREV_AND_NEXT:
1024 *buff = NULL;
1025 *size = 0;
1026 *offset = 0;
1027 archive_clear_error(&a->archive);
1028 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1029 "Cannot restore this file split in multivolume");
1030 return (ARCHIVE_FAILED);
1031 default:
1032 break;
1033 }
1034 if (cab->read_data_invoked == 0) {
1035 if (cab->bytes_skipped) {
1036 if (cab->entry_cfdata == NULL) {
1037 r = cab_next_cfdata(a);
1038 if (r < 0)
1039 return (r);
1040 }
1041 if (cab_consume_cfdata(a, cab->bytes_skipped) < 0)
1042 return (ARCHIVE_FATAL);
1043 cab->bytes_skipped = 0;
1044 }
1045 cab->read_data_invoked = 1;
1046 }
1047 if (cab->entry_unconsumed) {
1048 /* Consume as much as the compressor actually used. */
1049 r = (int)cab_consume_cfdata(a, cab->entry_unconsumed);
1050 cab->entry_unconsumed = 0;
1051 if (r < 0)
1052 return (r);
1053 }
1054 if (cab->end_of_archive || cab->end_of_entry) {
1055 if (!cab->end_of_entry_cleanup) {
1056 /* End-of-entry cleanup done. */
1057 cab->end_of_entry_cleanup = 1;
1058 }
1059 *offset = cab->entry_offset;
1060 *size = 0;
1061 *buff = NULL;
1062 return (ARCHIVE_EOF);
1063 }
1064
1065 return (cab_read_data(a, buff, size, offset));
1066 }
1067
1068 static uint32_t
cab_checksum_cfdata_4(const void * p,size_t bytes,uint32_t seed)1069 cab_checksum_cfdata_4(const void *p, size_t bytes, uint32_t seed)
1070 {
1071 const unsigned char *b;
1072 unsigned u32num;
1073 uint32_t sum;
1074
1075 u32num = (unsigned)bytes / 4;
1076 sum = seed;
1077 b = p;
1078 for (;u32num > 0; --u32num) {
1079 sum ^= archive_le32dec(b);
1080 b += 4;
1081 }
1082 return (sum);
1083 }
1084
1085 static uint32_t
cab_checksum_cfdata(const void * p,size_t bytes,uint32_t seed)1086 cab_checksum_cfdata(const void *p, size_t bytes, uint32_t seed)
1087 {
1088 const unsigned char *b;
1089 uint32_t sum;
1090 uint32_t t;
1091
1092 sum = cab_checksum_cfdata_4(p, bytes, seed);
1093 b = p;
1094 b += bytes & ~3;
1095 t = 0;
1096 switch (bytes & 3) {
1097 case 3:
1098 t |= ((uint32_t)(*b++)) << 16;
1099 /* FALL THROUGH */
1100 case 2:
1101 t |= ((uint32_t)(*b++)) << 8;
1102 /* FALL THROUGH */
1103 case 1:
1104 t |= *b;
1105 /* FALL THROUGH */
1106 default:
1107 break;
1108 }
1109 sum ^= t;
1110
1111 return (sum);
1112 }
1113
1114 static void
cab_checksum_update(struct archive_read * a,size_t bytes)1115 cab_checksum_update(struct archive_read *a, size_t bytes)
1116 {
1117 struct cab *cab = (struct cab *)(a->format->data);
1118 struct cfdata *cfdata = cab->entry_cfdata;
1119 const unsigned char *p;
1120 size_t sumbytes;
1121
1122 if (cfdata->sum == 0 || cfdata->sum_ptr == NULL)
1123 return;
1124 /*
1125 * Calculate the sum of this CFDATA.
1126 * Make sure CFDATA must be calculated in four bytes.
1127 */
1128 p = cfdata->sum_ptr;
1129 sumbytes = bytes;
1130 if (cfdata->sum_extra_avail) {
1131 while (cfdata->sum_extra_avail < 4 && sumbytes > 0) {
1132 cfdata->sum_extra[
1133 cfdata->sum_extra_avail++] = *p++;
1134 sumbytes--;
1135 }
1136 if (cfdata->sum_extra_avail == 4) {
1137 cfdata->sum_calculated = cab_checksum_cfdata_4(
1138 cfdata->sum_extra, 4, cfdata->sum_calculated);
1139 cfdata->sum_extra_avail = 0;
1140 }
1141 }
1142 if (sumbytes) {
1143 int odd = sumbytes & 3;
1144 if ((int)(sumbytes - odd) > 0)
1145 cfdata->sum_calculated = cab_checksum_cfdata_4(
1146 p, sumbytes - odd, cfdata->sum_calculated);
1147 if (odd)
1148 memcpy(cfdata->sum_extra, p + sumbytes - odd, odd);
1149 cfdata->sum_extra_avail = odd;
1150 }
1151 cfdata->sum_ptr = NULL;
1152 }
1153
1154 static int
cab_checksum_finish(struct archive_read * a)1155 cab_checksum_finish(struct archive_read *a)
1156 {
1157 struct cab *cab = (struct cab *)(a->format->data);
1158 struct cfdata *cfdata = cab->entry_cfdata;
1159 int l;
1160
1161 /* Do not need to compute a sum. */
1162 if (cfdata->sum == 0)
1163 return (ARCHIVE_OK);
1164
1165 /*
1166 * Calculate the sum of remaining CFDATA.
1167 */
1168 if (cfdata->sum_extra_avail) {
1169 cfdata->sum_calculated =
1170 cab_checksum_cfdata(cfdata->sum_extra,
1171 cfdata->sum_extra_avail, cfdata->sum_calculated);
1172 cfdata->sum_extra_avail = 0;
1173 }
1174
1175 l = 4;
1176 if (cab->cfheader.flags & RESERVE_PRESENT)
1177 l += cab->cfheader.cfdata;
1178 if (cfdata->memimage == NULL) {
1179 return (ARCHIVE_FAILED);
1180 }
1181 cfdata->sum_calculated = cab_checksum_cfdata(
1182 cfdata->memimage + CFDATA_cbData, l, cfdata->sum_calculated);
1183 if (cfdata->sum_calculated != cfdata->sum) {
1184 #ifndef DONT_FAIL_ON_CRC_ERROR
1185 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1186 "Checksum error CFDATA[%d] %" PRIx32 ":%" PRIx32 " in %d bytes",
1187 cab->entry_cffolder->cfdata_index -1,
1188 cfdata->sum, cfdata->sum_calculated,
1189 cfdata->compressed_size);
1190 return (ARCHIVE_FAILED);
1191 #endif
1192 }
1193 return (ARCHIVE_OK);
1194 }
1195
1196 /*
1197 * Read CFDATA if needed.
1198 */
1199 static int
cab_next_cfdata(struct archive_read * a)1200 cab_next_cfdata(struct archive_read *a)
1201 {
1202 struct cab *cab = (struct cab *)(a->format->data);
1203 struct cfdata *cfdata = cab->entry_cfdata;
1204
1205 /* There are remaining bytes in current CFDATA, use it first. */
1206 if (cfdata != NULL && cfdata->uncompressed_bytes_remaining > 0)
1207 return (ARCHIVE_OK);
1208
1209 if (cfdata == NULL) {
1210 int64_t skip;
1211
1212 cab->entry_cffolder->cfdata_index = 0;
1213
1214 /* Seek read pointer to the offset of CFDATA if needed. */
1215 skip = cab->entry_cffolder->cfdata_offset_in_cab
1216 - cab->cab_offset;
1217 if (skip < 0) {
1218 int folder_index;
1219 switch (cab->entry_cffile->folder) {
1220 case iFoldCONTINUED_FROM_PREV:
1221 case iFoldCONTINUED_PREV_AND_NEXT:
1222 folder_index = 0;
1223 break;
1224 case iFoldCONTINUED_TO_NEXT:
1225 folder_index = cab->cfheader.folder_count-1;
1226 break;
1227 default:
1228 folder_index = cab->entry_cffile->folder;
1229 break;
1230 }
1231 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1232 "Invalid offset of CFDATA in folder(%d) %jd < %jd",
1233 folder_index,
1234 (intmax_t)cab->entry_cffolder->cfdata_offset_in_cab,
1235 (intmax_t)cab->cab_offset);
1236 return (ARCHIVE_FATAL);
1237 }
1238 if (skip > 0) {
1239 if (__archive_read_consume(a, skip) < 0)
1240 return (ARCHIVE_FATAL);
1241 cab->cab_offset =
1242 cab->entry_cffolder->cfdata_offset_in_cab;
1243 }
1244 }
1245
1246 /*
1247 * Read a CFDATA.
1248 */
1249 if (cab->entry_cffolder->cfdata_index <
1250 cab->entry_cffolder->cfdata_count) {
1251 const unsigned char *p;
1252 int l;
1253
1254 cfdata = &(cab->entry_cffolder->cfdata);
1255 cab->entry_cffolder->cfdata_index++;
1256 cab->entry_cfdata = cfdata;
1257 cfdata->sum_calculated = 0;
1258 cfdata->sum_extra_avail = 0;
1259 cfdata->sum_ptr = NULL;
1260 l = 8;
1261 if (cab->cfheader.flags & RESERVE_PRESENT)
1262 l += cab->cfheader.cfdata;
1263 if ((p = __archive_read_ahead(a, l, NULL)) == NULL)
1264 return (truncated_error(a));
1265 cfdata->sum = archive_le32dec(p + CFDATA_csum);
1266 cfdata->compressed_size = archive_le16dec(p + CFDATA_cbData);
1267 cfdata->compressed_bytes_remaining = cfdata->compressed_size;
1268 cfdata->uncompressed_size =
1269 archive_le16dec(p + CFDATA_cbUncomp);
1270 cfdata->uncompressed_bytes_remaining =
1271 cfdata->uncompressed_size;
1272 cfdata->uncompressed_avail = 0;
1273 cfdata->read_offset = 0;
1274 cfdata->unconsumed = 0;
1275
1276 /*
1277 * Sanity check if data size is acceptable.
1278 */
1279 if (cfdata->compressed_size == 0 ||
1280 cfdata->compressed_size > (0x8000+6144))
1281 goto invalid;
1282 if (cfdata->uncompressed_size > 0x8000)
1283 goto invalid;
1284 if (cfdata->uncompressed_size == 0) {
1285 switch (cab->entry_cffile->folder) {
1286 case iFoldCONTINUED_PREV_AND_NEXT:
1287 case iFoldCONTINUED_TO_NEXT:
1288 break;
1289 case iFoldCONTINUED_FROM_PREV:
1290 default:
1291 goto invalid;
1292 }
1293 }
1294 /* If CFDATA is not last in a folder, an uncompressed
1295 * size must be 0x8000(32KBi) */
1296 if ((cab->entry_cffolder->cfdata_index <
1297 cab->entry_cffolder->cfdata_count) &&
1298 cfdata->uncompressed_size != 0x8000)
1299 goto invalid;
1300
1301 /* A compressed data size and an uncompressed data size must
1302 * be the same in no compression mode. */
1303 if (cab->entry_cffolder->comptype == COMPTYPE_NONE &&
1304 cfdata->compressed_size != cfdata->uncompressed_size)
1305 goto invalid;
1306
1307 /*
1308 * Save CFDATA image for sum check.
1309 */
1310 if (cfdata->memimage_size < (size_t)l) {
1311 free(cfdata->memimage);
1312 cfdata->memimage = malloc(l);
1313 if (cfdata->memimage == NULL) {
1314 archive_set_error(&a->archive, ENOMEM,
1315 "Can't allocate memory for CAB data");
1316 return (ARCHIVE_FATAL);
1317 }
1318 cfdata->memimage_size = l;
1319 }
1320 memcpy(cfdata->memimage, p, l);
1321
1322 /* Consume bytes as much as we used. */
1323 __archive_read_consume(a, l);
1324 cab->cab_offset += l;
1325 } else if (cab->entry_cffolder->cfdata_count > 0) {
1326 /* Run out of all CFDATA in a folder. */
1327 cfdata->compressed_size = 0;
1328 cfdata->uncompressed_size = 0;
1329 cfdata->compressed_bytes_remaining = 0;
1330 cfdata->uncompressed_bytes_remaining = 0;
1331 } else {
1332 /* Current folder does not have any CFDATA. */
1333 cfdata = &(cab->entry_cffolder->cfdata);
1334 cab->entry_cfdata = cfdata;
1335 memset(cfdata, 0, sizeof(*cfdata));
1336 }
1337 return (ARCHIVE_OK);
1338 invalid:
1339 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1340 "Invalid CFDATA");
1341 return (ARCHIVE_FATAL);
1342 }
1343
1344 /*
1345 * Read ahead CFDATA.
1346 */
1347 static const void *
cab_read_ahead_cfdata(struct archive_read * a,ssize_t * avail)1348 cab_read_ahead_cfdata(struct archive_read *a, ssize_t *avail)
1349 {
1350 struct cab *cab = (struct cab *)(a->format->data);
1351 int err;
1352
1353 err = cab_next_cfdata(a);
1354 if (err < ARCHIVE_OK) {
1355 *avail = err;
1356 return (NULL);
1357 }
1358
1359 switch (cab->entry_cffolder->comptype) {
1360 case COMPTYPE_NONE:
1361 return (cab_read_ahead_cfdata_none(a, avail));
1362 case COMPTYPE_MSZIP:
1363 return (cab_read_ahead_cfdata_deflate(a, avail));
1364 case COMPTYPE_LZX:
1365 return (cab_read_ahead_cfdata_lzx(a, avail));
1366 default: /* Unsupported compression. */
1367 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1368 "Unsupported CAB compression: %s",
1369 cab->entry_cffolder->compname);
1370 *avail = ARCHIVE_FAILED;
1371 return (NULL);
1372 }
1373 }
1374
1375 /*
1376 * Read ahead CFDATA as uncompressed data.
1377 */
1378 static const void *
cab_read_ahead_cfdata_none(struct archive_read * a,ssize_t * avail)1379 cab_read_ahead_cfdata_none(struct archive_read *a, ssize_t *avail)
1380 {
1381 struct cab *cab = (struct cab *)(a->format->data);
1382 struct cfdata *cfdata;
1383 const void *d;
1384
1385 cfdata = cab->entry_cfdata;
1386
1387 /*
1388 * Note: '1' here is a performance optimization.
1389 * Recall that the decompression layer returns a count of
1390 * available bytes; asking for more than that forces the
1391 * decompressor to combine reads by copying data.
1392 */
1393 d = __archive_read_ahead(a, 1, avail);
1394 if (*avail <= 0) {
1395 *avail = truncated_error(a);
1396 return (NULL);
1397 }
1398 if (*avail > cfdata->uncompressed_bytes_remaining)
1399 *avail = cfdata->uncompressed_bytes_remaining;
1400 cfdata->uncompressed_avail = cfdata->uncompressed_size;
1401 cfdata->unconsumed = *avail;
1402 cfdata->sum_ptr = d;
1403 return (d);
1404 }
1405
1406 /*
1407 * Read ahead CFDATA as deflate data.
1408 */
1409 #ifdef HAVE_ZLIB_H
1410 static const void *
cab_read_ahead_cfdata_deflate(struct archive_read * a,ssize_t * avail)1411 cab_read_ahead_cfdata_deflate(struct archive_read *a, ssize_t *avail)
1412 {
1413 struct cab *cab = (struct cab *)(a->format->data);
1414 struct cfdata *cfdata;
1415 const void *d;
1416 int r, mszip;
1417 uint16_t uavail;
1418 char eod = 0;
1419
1420 cfdata = cab->entry_cfdata;
1421 /* If the buffer hasn't been allocated, allocate it now. */
1422 if (cab->uncompressed_buffer == NULL) {
1423 cab->uncompressed_buffer_size = 0x8000;
1424 cab->uncompressed_buffer
1425 = malloc(cab->uncompressed_buffer_size);
1426 if (cab->uncompressed_buffer == NULL) {
1427 archive_set_error(&a->archive, ENOMEM,
1428 "No memory for CAB reader");
1429 *avail = ARCHIVE_FATAL;
1430 return (NULL);
1431 }
1432 }
1433
1434 uavail = cfdata->uncompressed_avail;
1435 if (uavail == cfdata->uncompressed_size) {
1436 d = cab->uncompressed_buffer + cfdata->read_offset;
1437 *avail = uavail - cfdata->read_offset;
1438 return (d);
1439 }
1440
1441 if (!cab->entry_cffolder->decompress_init) {
1442 cab->stream.next_in = NULL;
1443 cab->stream.avail_in = 0;
1444 cab->stream.total_in = 0;
1445 cab->stream.next_out = NULL;
1446 cab->stream.avail_out = 0;
1447 cab->stream.total_out = 0;
1448 if (cab->stream_valid)
1449 r = inflateReset(&cab->stream);
1450 else
1451 r = inflateInit2(&cab->stream,
1452 -15 /* Don't check for zlib header */);
1453 if (r != Z_OK) {
1454 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1455 "Can't initialize deflate decompression");
1456 *avail = ARCHIVE_FATAL;
1457 return (NULL);
1458 }
1459 /* Stream structure has been set up. */
1460 cab->stream_valid = 1;
1461 /* We've initialized decompression for this stream. */
1462 cab->entry_cffolder->decompress_init = 1;
1463 }
1464
1465 if (cfdata->compressed_bytes_remaining == cfdata->compressed_size)
1466 mszip = 2;
1467 else
1468 mszip = 0;
1469 eod = 0;
1470 cab->stream.total_out = uavail;
1471 /*
1472 * We always uncompress all data in current CFDATA.
1473 */
1474 while (!eod && cab->stream.total_out < cfdata->uncompressed_size) {
1475 ssize_t bytes_avail;
1476
1477 cab->stream.next_out =
1478 cab->uncompressed_buffer + cab->stream.total_out;
1479 cab->stream.avail_out =
1480 cfdata->uncompressed_size - cab->stream.total_out;
1481
1482 d = __archive_read_ahead(a, 1, &bytes_avail);
1483 if (bytes_avail <= 0) {
1484 *avail = truncated_error(a);
1485 return (NULL);
1486 }
1487 if (bytes_avail > cfdata->compressed_bytes_remaining)
1488 bytes_avail = cfdata->compressed_bytes_remaining;
1489 /*
1490 * A bug in zlib.h: stream.next_in should be marked 'const'
1491 * but isn't (the library never alters data through the
1492 * next_in pointer, only reads it). The result: this ugly
1493 * cast to remove 'const'.
1494 */
1495 cab->stream.next_in = (Bytef *)(uintptr_t)d;
1496 cab->stream.avail_in = (uInt)bytes_avail;
1497 cab->stream.total_in = 0;
1498
1499 /* Cut out a tow-byte MSZIP signature(0x43, 0x4b). */
1500 if (mszip > 0) {
1501 if (bytes_avail <= 0)
1502 goto nomszip;
1503 if (bytes_avail <= mszip) {
1504 if (mszip == 2) {
1505 if (cab->stream.next_in[0] != 0x43)
1506 goto nomszip;
1507 if (bytes_avail > 1 &&
1508 cab->stream.next_in[1] != 0x4b)
1509 goto nomszip;
1510 } else if (cab->stream.next_in[0] != 0x4b)
1511 goto nomszip;
1512 cfdata->unconsumed = bytes_avail;
1513 cfdata->sum_ptr = d;
1514 if (cab_minimum_consume_cfdata(
1515 a, cfdata->unconsumed) < 0) {
1516 *avail = ARCHIVE_FATAL;
1517 return (NULL);
1518 }
1519 mszip -= (int)bytes_avail;
1520 continue;
1521 }
1522 if (mszip == 1 && cab->stream.next_in[0] != 0x4b)
1523 goto nomszip;
1524 else if (mszip == 2 && (cab->stream.next_in[0] != 0x43 ||
1525 cab->stream.next_in[1] != 0x4b))
1526 goto nomszip;
1527 cab->stream.next_in += mszip;
1528 cab->stream.avail_in -= mszip;
1529 cab->stream.total_in += mszip;
1530 mszip = 0;
1531 }
1532
1533 r = inflate(&cab->stream, 0);
1534 switch (r) {
1535 case Z_OK:
1536 break;
1537 case Z_STREAM_END:
1538 eod = 1;
1539 break;
1540 default:
1541 goto zlibfailed;
1542 }
1543 cfdata->unconsumed = cab->stream.total_in;
1544 cfdata->sum_ptr = d;
1545 if (cab_minimum_consume_cfdata(a, cfdata->unconsumed) < 0) {
1546 *avail = ARCHIVE_FATAL;
1547 return (NULL);
1548 }
1549 }
1550 uavail = (uint16_t)cab->stream.total_out;
1551
1552 if (uavail < cfdata->uncompressed_size) {
1553 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1554 "Invalid uncompressed size (%d < %d)",
1555 uavail, cfdata->uncompressed_size);
1556 *avail = ARCHIVE_FATAL;
1557 return (NULL);
1558 }
1559
1560 /*
1561 * Note: I suspect there is a bug in makecab.exe because, in rare
1562 * case, compressed bytes are still remaining regardless we have
1563 * gotten all uncompressed bytes, which size is recorded in CFDATA,
1564 * as much as we need, and we have to use the garbage so as to
1565 * correctly compute the sum of CFDATA accordingly.
1566 */
1567 if (cfdata->compressed_bytes_remaining > 0) {
1568 ssize_t bytes_avail;
1569
1570 d = __archive_read_ahead(a, cfdata->compressed_bytes_remaining,
1571 &bytes_avail);
1572 if (bytes_avail <= 0) {
1573 *avail = truncated_error(a);
1574 return (NULL);
1575 }
1576 cfdata->unconsumed = cfdata->compressed_bytes_remaining;
1577 cfdata->sum_ptr = d;
1578 if (cab_minimum_consume_cfdata(a, cfdata->unconsumed) < 0) {
1579 *avail = ARCHIVE_FATAL;
1580 return (NULL);
1581 }
1582 }
1583
1584 /*
1585 * Set dictionary data for decompressing of next CFDATA, which
1586 * in the same folder. This is why we always do decompress CFDATA
1587 * even if beginning CFDATA or some of CFDATA are not used in
1588 * skipping file data.
1589 */
1590 if (cab->entry_cffolder->cfdata_index <
1591 cab->entry_cffolder->cfdata_count) {
1592 r = inflateReset(&cab->stream);
1593 if (r != Z_OK)
1594 goto zlibfailed;
1595 r = inflateSetDictionary(&cab->stream,
1596 cab->uncompressed_buffer, cfdata->uncompressed_size);
1597 if (r != Z_OK)
1598 goto zlibfailed;
1599 }
1600
1601 d = cab->uncompressed_buffer + cfdata->read_offset;
1602 *avail = uavail - cfdata->read_offset;
1603 cfdata->uncompressed_avail = uavail;
1604
1605 return (d);
1606
1607 zlibfailed:
1608 switch (r) {
1609 case Z_MEM_ERROR:
1610 archive_set_error(&a->archive, ENOMEM,
1611 "Out of memory for deflate decompression");
1612 break;
1613 default:
1614 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1615 "Deflate decompression failed (%d)", r);
1616 break;
1617 }
1618 *avail = ARCHIVE_FATAL;
1619 return (NULL);
1620 nomszip:
1621 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1622 "CFDATA incorrect(no MSZIP signature)");
1623 *avail = ARCHIVE_FATAL;
1624 return (NULL);
1625 }
1626
1627 #else /* HAVE_ZLIB_H */
1628
1629 static const void *
cab_read_ahead_cfdata_deflate(struct archive_read * a,ssize_t * avail)1630 cab_read_ahead_cfdata_deflate(struct archive_read *a, ssize_t *avail)
1631 {
1632 *avail = ARCHIVE_FATAL;
1633 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1634 "libarchive compiled without deflate support (no libz)");
1635 return (NULL);
1636 }
1637
1638 #endif /* HAVE_ZLIB_H */
1639
1640 static const void *
cab_read_ahead_cfdata_lzx(struct archive_read * a,ssize_t * avail)1641 cab_read_ahead_cfdata_lzx(struct archive_read *a, ssize_t *avail)
1642 {
1643 struct cab *cab = (struct cab *)(a->format->data);
1644 struct cfdata *cfdata;
1645 const void *d;
1646 int r;
1647 uint16_t uavail;
1648
1649 cfdata = cab->entry_cfdata;
1650 /* If the buffer hasn't been allocated, allocate it now. */
1651 if (cab->uncompressed_buffer == NULL) {
1652 cab->uncompressed_buffer_size = 0x8000;
1653 cab->uncompressed_buffer
1654 = malloc(cab->uncompressed_buffer_size);
1655 if (cab->uncompressed_buffer == NULL) {
1656 archive_set_error(&a->archive, ENOMEM,
1657 "No memory for CAB reader");
1658 *avail = ARCHIVE_FATAL;
1659 return (NULL);
1660 }
1661 }
1662
1663 uavail = cfdata->uncompressed_avail;
1664 if (uavail == cfdata->uncompressed_size) {
1665 d = cab->uncompressed_buffer + cfdata->read_offset;
1666 *avail = uavail - cfdata->read_offset;
1667 return (d);
1668 }
1669
1670 if (!cab->entry_cffolder->decompress_init) {
1671 r = lzx_decode_init(&cab->xstrm,
1672 cab->entry_cffolder->compdata);
1673 if (r != ARCHIVE_OK) {
1674 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1675 "Can't initialize LZX decompression");
1676 *avail = ARCHIVE_FATAL;
1677 return (NULL);
1678 }
1679 /* We've initialized decompression for this stream. */
1680 cab->entry_cffolder->decompress_init = 1;
1681 }
1682
1683 /* Clean up remaining bits of previous CFDATA. */
1684 lzx_cleanup_bitstream(&cab->xstrm);
1685 cab->xstrm.total_out = uavail;
1686 while (cab->xstrm.total_out < cfdata->uncompressed_size) {
1687 ssize_t bytes_avail;
1688
1689 cab->xstrm.next_out =
1690 cab->uncompressed_buffer + cab->xstrm.total_out;
1691 cab->xstrm.avail_out =
1692 cfdata->uncompressed_size - cab->xstrm.total_out;
1693
1694 if ((size_t)cfdata->uncompressed_size > cab->uncompressed_buffer_size) {
1695 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1696 "Invalid CFDATA uncompressed size");
1697 *avail = ARCHIVE_FATAL;
1698 return (NULL);
1699 }
1700
1701 d = __archive_read_ahead(a, 1, &bytes_avail);
1702 if (d == NULL) {
1703 archive_set_error(&a->archive,
1704 ARCHIVE_ERRNO_FILE_FORMAT,
1705 "Truncated CAB file data");
1706 *avail = ARCHIVE_FATAL;
1707 return (NULL);
1708 }
1709 if (bytes_avail > cfdata->compressed_bytes_remaining)
1710 bytes_avail = cfdata->compressed_bytes_remaining;
1711
1712 cab->xstrm.next_in = d;
1713 cab->xstrm.avail_in = bytes_avail;
1714 cab->xstrm.total_in = 0;
1715 r = lzx_decode(&cab->xstrm,
1716 cfdata->compressed_bytes_remaining == bytes_avail);
1717 switch (r) {
1718 case ARCHIVE_OK:
1719 case ARCHIVE_EOF:
1720 break;
1721 default:
1722 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1723 "LZX decompression failed (%d)", r);
1724 *avail = ARCHIVE_FATAL;
1725 return (NULL);
1726 }
1727 cfdata->unconsumed = cab->xstrm.total_in;
1728 cfdata->sum_ptr = d;
1729 if (cab_minimum_consume_cfdata(a, cfdata->unconsumed) < 0) {
1730 *avail = ARCHIVE_FATAL;
1731 return (NULL);
1732 }
1733 }
1734
1735 uavail = (uint16_t)cab->xstrm.total_out;
1736 /*
1737 * Make sure a read pointer advances to next CFDATA.
1738 */
1739 if (cfdata->compressed_bytes_remaining > 0) {
1740 ssize_t bytes_avail;
1741
1742 d = __archive_read_ahead(a, cfdata->compressed_bytes_remaining,
1743 &bytes_avail);
1744 if (bytes_avail <= 0) {
1745 *avail = truncated_error(a);
1746 return (NULL);
1747 }
1748 cfdata->unconsumed = cfdata->compressed_bytes_remaining;
1749 cfdata->sum_ptr = d;
1750 if (cab_minimum_consume_cfdata(a, cfdata->unconsumed) < 0) {
1751 *avail = ARCHIVE_FATAL;
1752 return (NULL);
1753 }
1754 }
1755
1756 /*
1757 * Translation reversal of x86 processor CALL byte sequence(E8).
1758 */
1759 lzx_translation(&cab->xstrm, cab->uncompressed_buffer,
1760 cfdata->uncompressed_size,
1761 (cab->entry_cffolder->cfdata_index-1) * 0x8000);
1762
1763 d = cab->uncompressed_buffer + cfdata->read_offset;
1764 *avail = uavail - cfdata->read_offset;
1765 cfdata->uncompressed_avail = uavail;
1766
1767 return (d);
1768 }
1769
1770 /*
1771 * Consume CFDATA.
1772 * We always decompress CFDATA to consume CFDATA as much as we need
1773 * in uncompressed bytes because all CFDATA in a folder are related
1774 * so we do not skip any CFDATA without decompressing.
1775 * Note: If the folder of a CFFILE is iFoldCONTINUED_PREV_AND_NEXT or
1776 * iFoldCONTINUED_FROM_PREV, we won't decompress because a CFDATA for
1777 * the CFFILE is remaining bytes of previous Multivolume CAB file.
1778 */
1779 static int64_t
cab_consume_cfdata(struct archive_read * a,int64_t consumed_bytes)1780 cab_consume_cfdata(struct archive_read *a, int64_t consumed_bytes)
1781 {
1782 struct cab *cab = (struct cab *)(a->format->data);
1783 struct cfdata *cfdata;
1784 int64_t cbytes, rbytes;
1785 int err;
1786
1787 rbytes = cab_minimum_consume_cfdata(a, consumed_bytes);
1788 if (rbytes < 0)
1789 return (ARCHIVE_FATAL);
1790
1791 cfdata = cab->entry_cfdata;
1792 while (rbytes > 0) {
1793 ssize_t avail;
1794
1795 if (cfdata->compressed_size == 0) {
1796 archive_set_error(&a->archive,
1797 ARCHIVE_ERRNO_FILE_FORMAT,
1798 "Invalid CFDATA");
1799 return (ARCHIVE_FATAL);
1800 }
1801 cbytes = cfdata->uncompressed_bytes_remaining;
1802 if (cbytes > rbytes)
1803 cbytes = rbytes;
1804 rbytes -= cbytes;
1805
1806 if (cfdata->uncompressed_avail == 0 &&
1807 (cab->entry_cffile->folder == iFoldCONTINUED_PREV_AND_NEXT ||
1808 cab->entry_cffile->folder == iFoldCONTINUED_FROM_PREV)) {
1809 /* We have not read any data yet. */
1810 if (cbytes == cfdata->uncompressed_bytes_remaining) {
1811 /* Skip whole current CFDATA. */
1812 __archive_read_consume(a,
1813 cfdata->compressed_size);
1814 cab->cab_offset += cfdata->compressed_size;
1815 cfdata->compressed_bytes_remaining = 0;
1816 cfdata->uncompressed_bytes_remaining = 0;
1817 err = cab_next_cfdata(a);
1818 if (err < 0)
1819 return (err);
1820 cfdata = cab->entry_cfdata;
1821 if (cfdata->uncompressed_size == 0) {
1822 switch (cab->entry_cffile->folder) {
1823 case iFoldCONTINUED_PREV_AND_NEXT:
1824 case iFoldCONTINUED_TO_NEXT:
1825 case iFoldCONTINUED_FROM_PREV:
1826 rbytes = 0;
1827 break;
1828 default:
1829 break;
1830 }
1831 }
1832 continue;
1833 }
1834 cfdata->read_offset += (uint16_t)cbytes;
1835 cfdata->uncompressed_bytes_remaining -= (uint16_t)cbytes;
1836 break;
1837 } else if (cbytes == 0) {
1838 err = cab_next_cfdata(a);
1839 if (err < 0)
1840 return (err);
1841 cfdata = cab->entry_cfdata;
1842 if (cfdata->uncompressed_size == 0) {
1843 switch (cab->entry_cffile->folder) {
1844 case iFoldCONTINUED_PREV_AND_NEXT:
1845 case iFoldCONTINUED_TO_NEXT:
1846 case iFoldCONTINUED_FROM_PREV:
1847 return (ARCHIVE_FATAL);
1848 default:
1849 break;
1850 }
1851 }
1852 continue;
1853 }
1854 while (cbytes > 0) {
1855 (void)cab_read_ahead_cfdata(a, &avail);
1856 if (avail <= 0)
1857 return (ARCHIVE_FATAL);
1858 if (avail > cbytes)
1859 avail = (ssize_t)cbytes;
1860 if (cab_minimum_consume_cfdata(a, avail) < 0)
1861 return (ARCHIVE_FATAL);
1862 cbytes -= avail;
1863 }
1864 }
1865 return (consumed_bytes);
1866 }
1867
1868 /*
1869 * Consume CFDATA as much as we have already gotten and
1870 * compute the sum of CFDATA.
1871 */
1872 static int64_t
cab_minimum_consume_cfdata(struct archive_read * a,int64_t consumed_bytes)1873 cab_minimum_consume_cfdata(struct archive_read *a, int64_t consumed_bytes)
1874 {
1875 struct cab *cab = (struct cab *)(a->format->data);
1876 struct cfdata *cfdata;
1877 int64_t cbytes, rbytes;
1878 int err;
1879
1880 cfdata = cab->entry_cfdata;
1881 rbytes = consumed_bytes;
1882 if (cab->entry_cffolder->comptype == COMPTYPE_NONE) {
1883 if (consumed_bytes < cfdata->unconsumed)
1884 cbytes = consumed_bytes;
1885 else
1886 cbytes = cfdata->unconsumed;
1887 rbytes -= cbytes;
1888 cfdata->read_offset += (uint16_t)cbytes;
1889 cfdata->uncompressed_bytes_remaining -= (uint16_t)cbytes;
1890 cfdata->unconsumed -= cbytes;
1891 } else {
1892 cbytes = cfdata->uncompressed_avail - cfdata->read_offset;
1893 if (cbytes > 0) {
1894 if (consumed_bytes < cbytes)
1895 cbytes = consumed_bytes;
1896 rbytes -= cbytes;
1897 cfdata->read_offset += (uint16_t)cbytes;
1898 cfdata->uncompressed_bytes_remaining -= (uint16_t)cbytes;
1899 }
1900
1901 if (cfdata->unconsumed) {
1902 cbytes = cfdata->unconsumed;
1903 cfdata->unconsumed = 0;
1904 } else
1905 cbytes = 0;
1906 }
1907 if (cbytes) {
1908 /* Compute the sum. */
1909 cab_checksum_update(a, (size_t)cbytes);
1910
1911 /* Consume as much as the compressor actually used. */
1912 __archive_read_consume(a, cbytes);
1913 cab->cab_offset += cbytes;
1914 cfdata->compressed_bytes_remaining -= (uint16_t)cbytes;
1915 if (cfdata->compressed_bytes_remaining == 0) {
1916 err = cab_checksum_finish(a);
1917 if (err < 0)
1918 return (err);
1919 }
1920 }
1921 return (rbytes);
1922 }
1923
1924 /*
1925 * Returns ARCHIVE_OK if successful, ARCHIVE_FATAL otherwise, sets
1926 * cab->end_of_entry if it consumes all of the data.
1927 */
1928 static int
cab_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1929 cab_read_data(struct archive_read *a, const void **buff,
1930 size_t *size, int64_t *offset)
1931 {
1932 struct cab *cab = (struct cab *)(a->format->data);
1933 ssize_t bytes_avail;
1934
1935 if (cab->entry_bytes_remaining == 0) {
1936 *buff = NULL;
1937 *size = 0;
1938 *offset = cab->entry_offset;
1939 cab->end_of_entry = 1;
1940 return (ARCHIVE_OK);
1941 }
1942
1943 *buff = cab_read_ahead_cfdata(a, &bytes_avail);
1944 if (bytes_avail <= 0) {
1945 *buff = NULL;
1946 *size = 0;
1947 *offset = 0;
1948 if (bytes_avail == 0 &&
1949 cab->entry_cfdata->uncompressed_size == 0) {
1950 /* All of CFDATA in a folder has been handled. */
1951 archive_set_error(&a->archive,
1952 ARCHIVE_ERRNO_FILE_FORMAT, "Invalid CFDATA");
1953 return (ARCHIVE_FATAL);
1954 } else
1955 return ((int)bytes_avail);
1956 }
1957 if (bytes_avail > cab->entry_bytes_remaining)
1958 bytes_avail = (ssize_t)cab->entry_bytes_remaining;
1959
1960 *size = bytes_avail;
1961 *offset = cab->entry_offset;
1962 cab->entry_offset += bytes_avail;
1963 cab->entry_bytes_remaining -= bytes_avail;
1964 if (cab->entry_bytes_remaining == 0)
1965 cab->end_of_entry = 1;
1966 cab->entry_unconsumed = bytes_avail;
1967 if (cab->entry_cffolder->comptype == COMPTYPE_NONE) {
1968 /* Don't consume more than current entry used. */
1969 if (cab->entry_cfdata->unconsumed > cab->entry_unconsumed)
1970 cab->entry_cfdata->unconsumed = cab->entry_unconsumed;
1971 }
1972 return (ARCHIVE_OK);
1973 }
1974
1975 static int
archive_read_format_cab_read_data_skip(struct archive_read * a)1976 archive_read_format_cab_read_data_skip(struct archive_read *a)
1977 {
1978 struct cab *cab;
1979 int64_t bytes_skipped;
1980 int r;
1981
1982 cab = (struct cab *)(a->format->data);
1983
1984 if (cab->end_of_archive)
1985 return (ARCHIVE_EOF);
1986
1987 if (!cab->read_data_invoked) {
1988 cab->bytes_skipped += cab->entry_bytes_remaining;
1989 cab->entry_bytes_remaining = 0;
1990 /* This entry is finished and done. */
1991 cab->end_of_entry_cleanup = cab->end_of_entry = 1;
1992 return (ARCHIVE_OK);
1993 }
1994
1995 if (cab->entry_unconsumed) {
1996 /* Consume as much as the compressor actually used. */
1997 r = (int)cab_consume_cfdata(a, cab->entry_unconsumed);
1998 cab->entry_unconsumed = 0;
1999 if (r < 0)
2000 return (r);
2001 } else if (cab->entry_cfdata == NULL) {
2002 r = cab_next_cfdata(a);
2003 if (r < 0)
2004 return (r);
2005 }
2006
2007 /* if we've already read to end of data, we're done. */
2008 if (cab->end_of_entry_cleanup)
2009 return (ARCHIVE_OK);
2010
2011 /*
2012 * If the length is at the beginning, we can skip the
2013 * compressed data much more quickly.
2014 */
2015 bytes_skipped = cab_consume_cfdata(a, cab->entry_bytes_remaining);
2016 if (bytes_skipped < 0)
2017 return (ARCHIVE_FATAL);
2018
2019 /* If the compression type is none(uncompressed), we've already
2020 * consumed data as much as the current entry size. */
2021 if (cab->entry_cffolder->comptype == COMPTYPE_NONE &&
2022 cab->entry_cfdata != NULL)
2023 cab->entry_cfdata->unconsumed = 0;
2024
2025 /* This entry is finished and done. */
2026 cab->end_of_entry_cleanup = cab->end_of_entry = 1;
2027 return (ARCHIVE_OK);
2028 }
2029
2030 static int
archive_read_format_cab_cleanup(struct archive_read * a)2031 archive_read_format_cab_cleanup(struct archive_read *a)
2032 {
2033 struct cab *cab = (struct cab *)(a->format->data);
2034 struct cfheader *hd = &cab->cfheader;
2035 int i;
2036
2037 if (hd->folder_array != NULL) {
2038 for (i = 0; i < hd->folder_count; i++)
2039 free(hd->folder_array[i].cfdata.memimage);
2040 free(hd->folder_array);
2041 }
2042 if (hd->file_array != NULL) {
2043 for (i = 0; i < cab->cfheader.file_count; i++)
2044 archive_string_free(&(hd->file_array[i].pathname));
2045 free(hd->file_array);
2046 }
2047 #ifdef HAVE_ZLIB_H
2048 if (cab->stream_valid)
2049 inflateEnd(&cab->stream);
2050 #endif
2051 lzx_decode_free(&cab->xstrm);
2052 archive_wstring_free(&cab->ws);
2053 free(cab->uncompressed_buffer);
2054 free(cab);
2055 (a->format->data) = NULL;
2056 return (ARCHIVE_OK);
2057 }
2058
2059 /* Convert an MSDOS-style date/time into Unix-style time. */
2060 static time_t
cab_dos_time(const unsigned char * p)2061 cab_dos_time(const unsigned char *p)
2062 {
2063 int msTime, msDate;
2064 struct tm ts;
2065
2066 msDate = archive_le16dec(p);
2067 msTime = archive_le16dec(p+2);
2068
2069 memset(&ts, 0, sizeof(ts));
2070 ts.tm_year = ((msDate >> 9) & 0x7f) + 80; /* Years since 1900. */
2071 ts.tm_mon = ((msDate >> 5) & 0x0f) - 1; /* Month number. */
2072 ts.tm_mday = msDate & 0x1f; /* Day of month. */
2073 ts.tm_hour = (msTime >> 11) & 0x1f;
2074 ts.tm_min = (msTime >> 5) & 0x3f;
2075 ts.tm_sec = (msTime << 1) & 0x3e;
2076 ts.tm_isdst = -1;
2077 return (mktime(&ts));
2078 }
2079
2080 /*****************************************************************
2081 *
2082 * LZX decompression code.
2083 *
2084 *****************************************************************/
2085
2086 /*
2087 * Initialize LZX decoder.
2088 *
2089 * Returns ARCHIVE_OK if initialization was successful.
2090 * Returns ARCHIVE_FAILED if w_bits has unsupported value.
2091 * Returns ARCHIVE_FATAL if initialization failed; memory allocation
2092 * error occurred.
2093 */
2094 static int
lzx_decode_init(struct lzx_stream * strm,int w_bits)2095 lzx_decode_init(struct lzx_stream *strm, int w_bits)
2096 {
2097 struct lzx_dec *ds;
2098 int slot, w_size, w_slot;
2099 int base, footer;
2100 int base_inc[18];
2101
2102 if (strm->ds == NULL) {
2103 strm->ds = calloc(1, sizeof(*strm->ds));
2104 if (strm->ds == NULL)
2105 return (ARCHIVE_FATAL);
2106 }
2107 ds = strm->ds;
2108 ds->error = ARCHIVE_FAILED;
2109
2110 /* Allow bits from 15(32KBi) up to 21(2MBi) */
2111 if (w_bits < SLOT_BASE || w_bits > SLOT_MAX)
2112 return (ARCHIVE_FAILED);
2113
2114 ds->error = ARCHIVE_FATAL;
2115
2116 /*
2117 * Alloc window
2118 */
2119 w_size = ds->w_size;
2120 w_slot = slots[w_bits - SLOT_BASE];
2121 ds->w_size = 1U << w_bits;
2122 ds->w_mask = ds->w_size -1;
2123 if (ds->w_buff == NULL || w_size != ds->w_size) {
2124 free(ds->w_buff);
2125 ds->w_buff = malloc(ds->w_size);
2126 if (ds->w_buff == NULL)
2127 return (ARCHIVE_FATAL);
2128 free(ds->pos_tbl);
2129 ds->pos_tbl = malloc(sizeof(ds->pos_tbl[0]) * w_slot);
2130 if (ds->pos_tbl == NULL)
2131 return (ARCHIVE_FATAL);
2132 }
2133
2134 for (footer = 0; footer < 18; footer++)
2135 base_inc[footer] = 1 << footer;
2136 base = footer = 0;
2137 for (slot = 0; slot < w_slot; slot++) {
2138 int n;
2139 if (footer == 0)
2140 base = slot;
2141 else
2142 base += base_inc[footer];
2143 if (footer < 17) {
2144 footer = -2;
2145 for (n = base; n; n >>= 1)
2146 footer++;
2147 if (footer <= 0)
2148 footer = 0;
2149 }
2150 ds->pos_tbl[slot].base = base;
2151 ds->pos_tbl[slot].footer_bits = footer;
2152 }
2153
2154 ds->w_pos = 0;
2155 ds->state = 0;
2156 ds->br.cache_buffer = 0;
2157 ds->br.cache_avail = 0;
2158 ds->r0 = ds->r1 = ds->r2 = 1;
2159
2160 /* Initialize aligned offset tree. */
2161 if (lzx_huffman_init(&(ds->at), 8, 8) != ARCHIVE_OK)
2162 return (ARCHIVE_FATAL);
2163
2164 /* Initialize pre-tree. */
2165 if (lzx_huffman_init(&(ds->pt), 20, 10) != ARCHIVE_OK)
2166 return (ARCHIVE_FATAL);
2167
2168 /* Initialize Main tree. */
2169 if (lzx_huffman_init(&(ds->mt), 256+(w_slot<<3), 16)
2170 != ARCHIVE_OK)
2171 return (ARCHIVE_FATAL);
2172
2173 /* Initialize Length tree. */
2174 if (lzx_huffman_init(&(ds->lt), 249, 16) != ARCHIVE_OK)
2175 return (ARCHIVE_FATAL);
2176
2177 ds->error = 0;
2178
2179 return (ARCHIVE_OK);
2180 }
2181
2182 /*
2183 * Release LZX decoder.
2184 */
2185 static void
lzx_decode_free(struct lzx_stream * strm)2186 lzx_decode_free(struct lzx_stream *strm)
2187 {
2188
2189 if (strm->ds == NULL)
2190 return;
2191 free(strm->ds->w_buff);
2192 free(strm->ds->pos_tbl);
2193 lzx_huffman_free(&(strm->ds->at));
2194 lzx_huffman_free(&(strm->ds->pt));
2195 lzx_huffman_free(&(strm->ds->mt));
2196 lzx_huffman_free(&(strm->ds->lt));
2197 free(strm->ds);
2198 strm->ds = NULL;
2199 }
2200
2201 /*
2202 * E8 Call Translation reversal.
2203 */
2204 static void
lzx_translation(struct lzx_stream * strm,void * p,size_t size,uint32_t offset)2205 lzx_translation(struct lzx_stream *strm, void *p, size_t size, uint32_t offset)
2206 {
2207 struct lzx_dec *ds = strm->ds;
2208 unsigned char *b, *end;
2209
2210 if (!ds->translation || size <= 10)
2211 return;
2212 b = p;
2213 end = b + size - 10;
2214 while (b < end && (b = memchr(b, 0xE8, end - b)) != NULL) {
2215 size_t i = b - (unsigned char *)p;
2216 int32_t cp, displacement, value;
2217
2218 cp = (int32_t)(offset + (uint32_t)i);
2219 value = archive_le32dec(&b[1]);
2220 if (value >= -cp && value < (int32_t)ds->translation_size) {
2221 if (value >= 0)
2222 displacement = value - cp;
2223 else
2224 displacement = value + ds->translation_size;
2225 archive_le32enc(&b[1], (uint32_t)displacement);
2226 }
2227 b += 5;
2228 }
2229 }
2230
2231 /*
2232 * Bit stream reader.
2233 */
2234 /* Check that the cache buffer has enough bits. */
2235 #define lzx_br_has(br, n) ((br)->cache_avail >= n)
2236 /* Get compressed data by bit. */
2237 #define lzx_br_bits(br, n) \
2238 (((uint32_t)((br)->cache_buffer >> \
2239 ((br)->cache_avail - (n)))) & cache_masks[n])
2240 #define lzx_br_bits_forced(br, n) \
2241 (((uint32_t)((br)->cache_buffer << \
2242 ((n) - (br)->cache_avail))) & cache_masks[n])
2243 /* Read ahead to make sure the cache buffer has enough compressed data we
2244 * will use.
2245 * True : completed, there is enough data in the cache buffer.
2246 * False : we met that strm->next_in is empty, we have to get following
2247 * bytes. */
2248 #define lzx_br_read_ahead_0(strm, br, n) \
2249 (lzx_br_has((br), (n)) || lzx_br_fillup(strm, br))
2250 /* True : the cache buffer has some bits as much as we need.
2251 * False : there are no enough bits in the cache buffer to be used,
2252 * we have to get following bytes if we could. */
2253 #define lzx_br_read_ahead(strm, br, n) \
2254 (lzx_br_read_ahead_0((strm), (br), (n)) || lzx_br_has((br), (n)))
2255
2256 /* Notify how many bits we consumed. */
2257 #define lzx_br_consume(br, n) ((br)->cache_avail -= (n))
2258 #define lzx_br_consume_unaligned_bits(br) ((br)->cache_avail &= ~0x0f)
2259
2260 #define lzx_br_is_unaligned(br) ((br)->cache_avail & 0x0f)
2261
2262 static const uint32_t cache_masks[] = {
2263 0x00000000, 0x00000001, 0x00000003, 0x00000007,
2264 0x0000000F, 0x0000001F, 0x0000003F, 0x0000007F,
2265 0x000000FF, 0x000001FF, 0x000003FF, 0x000007FF,
2266 0x00000FFF, 0x00001FFF, 0x00003FFF, 0x00007FFF,
2267 0x0000FFFF, 0x0001FFFF, 0x0003FFFF, 0x0007FFFF,
2268 0x000FFFFF, 0x001FFFFF, 0x003FFFFF, 0x007FFFFF,
2269 0x00FFFFFF, 0x01FFFFFF, 0x03FFFFFF, 0x07FFFFFF,
2270 0x0FFFFFFF, 0x1FFFFFFF, 0x3FFFFFFF, 0x7FFFFFFF,
2271 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
2272 };
2273
2274 /*
2275 * Shift away used bits in the cache data and fill it up with following bits.
2276 * Call this when cache buffer does not have enough bits you need.
2277 *
2278 * Returns 1 if the cache buffer is full.
2279 * Returns 0 if the cache buffer is not full; input buffer is empty.
2280 */
2281 static int
lzx_br_fillup(struct lzx_stream * strm,struct lzx_br * br)2282 lzx_br_fillup(struct lzx_stream *strm, struct lzx_br *br)
2283 {
2284 /*
2285 * x86 processor family can read misaligned data without an access error.
2286 */
2287 int n = CACHE_BITS - br->cache_avail;
2288
2289 for (;;) {
2290 switch (n >> 4) {
2291 case 4:
2292 if (strm->avail_in >= 8) {
2293 br->cache_buffer =
2294 ((uint64_t)strm->next_in[1]) << 56 |
2295 ((uint64_t)strm->next_in[0]) << 48 |
2296 ((uint64_t)strm->next_in[3]) << 40 |
2297 ((uint64_t)strm->next_in[2]) << 32 |
2298 ((uint32_t)strm->next_in[5]) << 24 |
2299 ((uint32_t)strm->next_in[4]) << 16 |
2300 ((uint32_t)strm->next_in[7]) << 8 |
2301 (uint32_t)strm->next_in[6];
2302 strm->next_in += 8;
2303 strm->avail_in -= 8;
2304 br->cache_avail += 8 * 8;
2305 return (1);
2306 }
2307 break;
2308 case 3:
2309 if (strm->avail_in >= 6) {
2310 br->cache_buffer =
2311 (br->cache_buffer << 48) |
2312 ((uint64_t)strm->next_in[1]) << 40 |
2313 ((uint64_t)strm->next_in[0]) << 32 |
2314 ((uint64_t)strm->next_in[3]) << 24 |
2315 ((uint64_t)strm->next_in[2]) << 16 |
2316 ((uint64_t)strm->next_in[5]) << 8 |
2317 (uint64_t)strm->next_in[4];
2318 strm->next_in += 6;
2319 strm->avail_in -= 6;
2320 br->cache_avail += 6 * 8;
2321 return (1);
2322 }
2323 break;
2324 case 0:
2325 /* We have enough compressed data in
2326 * the cache buffer.*/
2327 return (1);
2328 default:
2329 break;
2330 }
2331 if (strm->avail_in < 2) {
2332 /* There is not enough compressed data to
2333 * fill up the cache buffer. */
2334 if (strm->avail_in == 1) {
2335 br->odd = *strm->next_in++;
2336 strm->avail_in--;
2337 br->have_odd = 1;
2338 }
2339 return (0);
2340 }
2341 br->cache_buffer =
2342 (br->cache_buffer << 16) |
2343 archive_le16dec(strm->next_in);
2344 strm->next_in += 2;
2345 strm->avail_in -= 2;
2346 br->cache_avail += 16;
2347 n -= 16;
2348 }
2349 }
2350
2351 static void
lzx_br_fixup(struct lzx_stream * strm,struct lzx_br * br)2352 lzx_br_fixup(struct lzx_stream *strm, struct lzx_br *br)
2353 {
2354 int n = CACHE_BITS - br->cache_avail;
2355
2356 if (br->have_odd && n >= 16 && strm->avail_in > 0) {
2357 br->cache_buffer =
2358 (br->cache_buffer << 16) |
2359 ((uint16_t)(*strm->next_in)) << 8 | br->odd;
2360 strm->next_in++;
2361 strm->avail_in--;
2362 br->cache_avail += 16;
2363 br->have_odd = 0;
2364 }
2365 }
2366
2367 static void
lzx_cleanup_bitstream(struct lzx_stream * strm)2368 lzx_cleanup_bitstream(struct lzx_stream *strm)
2369 {
2370 strm->ds->br.cache_avail = 0;
2371 strm->ds->br.have_odd = 0;
2372 }
2373
2374 /*
2375 * Decode LZX.
2376 *
2377 * 1. Returns ARCHIVE_OK if output buffer or input buffer are empty.
2378 * Please set available buffer and call this function again.
2379 * 2. Returns ARCHIVE_EOF if decompression has been completed.
2380 * 3. Returns ARCHIVE_FAILED if an error occurred; compressed data
2381 * is broken or you do not set 'last' flag properly.
2382 */
2383 #define ST_RD_TRANSLATION 0
2384 #define ST_RD_TRANSLATION_SIZE 1
2385 #define ST_RD_BLOCK_TYPE 2
2386 #define ST_RD_BLOCK_SIZE 3
2387 #define ST_RD_ALIGNMENT 4
2388 #define ST_RD_R0 5
2389 #define ST_RD_R1 6
2390 #define ST_RD_R2 7
2391 #define ST_COPY_UNCOMP1 8
2392 #define ST_COPY_UNCOMP2 9
2393 #define ST_RD_ALIGNED_OFFSET 10
2394 #define ST_RD_VERBATIM 11
2395 #define ST_RD_PRE_MAIN_TREE_256 12
2396 #define ST_MAIN_TREE_256 13
2397 #define ST_RD_PRE_MAIN_TREE_REM 14
2398 #define ST_MAIN_TREE_REM 15
2399 #define ST_RD_PRE_LENGTH_TREE 16
2400 #define ST_LENGTH_TREE 17
2401 #define ST_MAIN 18
2402 #define ST_LENGTH 19
2403 #define ST_OFFSET 20
2404 #define ST_REAL_POS 21
2405 #define ST_COPY 22
2406
2407 static int
lzx_decode(struct lzx_stream * strm,int last)2408 lzx_decode(struct lzx_stream *strm, int last)
2409 {
2410 struct lzx_dec *ds = strm->ds;
2411 int64_t avail_in;
2412 int r;
2413
2414 if (ds->error)
2415 return (ds->error);
2416
2417 avail_in = strm->avail_in;
2418 lzx_br_fixup(strm, &(ds->br));
2419 do {
2420 if (ds->state < ST_MAIN)
2421 r = lzx_read_blocks(strm, last);
2422 else {
2423 int64_t bytes_written = strm->avail_out;
2424 r = lzx_decode_blocks(strm, last);
2425 bytes_written -= strm->avail_out;
2426 strm->next_out += bytes_written;
2427 strm->total_out += bytes_written;
2428 }
2429 } while (r == 100);
2430 strm->total_in += avail_in - strm->avail_in;
2431 return (r);
2432 }
2433
2434 static int
lzx_read_blocks(struct lzx_stream * strm,int last)2435 lzx_read_blocks(struct lzx_stream *strm, int last)
2436 {
2437 struct lzx_dec *ds = strm->ds;
2438 struct lzx_br *br = &(ds->br);
2439 int i, r;
2440
2441 for (;;) {
2442 switch (ds->state) {
2443 case ST_RD_TRANSLATION:
2444 if (!lzx_br_read_ahead(strm, br, 1)) {
2445 ds->state = ST_RD_TRANSLATION;
2446 if (last)
2447 goto failed;
2448 return (ARCHIVE_OK);
2449 }
2450 ds->translation = lzx_br_bits(br, 1);
2451 lzx_br_consume(br, 1);
2452 /* FALL THROUGH */
2453 case ST_RD_TRANSLATION_SIZE:
2454 if (ds->translation) {
2455 if (!lzx_br_read_ahead(strm, br, 32)) {
2456 ds->state = ST_RD_TRANSLATION_SIZE;
2457 if (last)
2458 goto failed;
2459 return (ARCHIVE_OK);
2460 }
2461 ds->translation_size = lzx_br_bits(br, 16);
2462 lzx_br_consume(br, 16);
2463 ds->translation_size <<= 16;
2464 ds->translation_size |= lzx_br_bits(br, 16);
2465 lzx_br_consume(br, 16);
2466 }
2467 /* FALL THROUGH */
2468 case ST_RD_BLOCK_TYPE:
2469 if (!lzx_br_read_ahead(strm, br, 3)) {
2470 ds->state = ST_RD_BLOCK_TYPE;
2471 if (last)
2472 goto failed;
2473 return (ARCHIVE_OK);
2474 }
2475 ds->block_type = lzx_br_bits(br, 3);
2476 lzx_br_consume(br, 3);
2477 /* Check a block type. */
2478 switch (ds->block_type) {
2479 case VERBATIM_BLOCK:
2480 case ALIGNED_OFFSET_BLOCK:
2481 case UNCOMPRESSED_BLOCK:
2482 break;
2483 default:
2484 goto failed;/* Invalid */
2485 }
2486 /* FALL THROUGH */
2487 case ST_RD_BLOCK_SIZE:
2488 if (!lzx_br_read_ahead(strm, br, 24)) {
2489 ds->state = ST_RD_BLOCK_SIZE;
2490 if (last)
2491 goto failed;
2492 return (ARCHIVE_OK);
2493 }
2494 ds->block_size = lzx_br_bits(br, 8);
2495 lzx_br_consume(br, 8);
2496 ds->block_size <<= 16;
2497 ds->block_size |= lzx_br_bits(br, 16);
2498 lzx_br_consume(br, 16);
2499 if (ds->block_size == 0)
2500 goto failed;
2501 ds->block_bytes_avail = ds->block_size;
2502 if (ds->block_type != UNCOMPRESSED_BLOCK) {
2503 if (ds->block_type == VERBATIM_BLOCK)
2504 ds->state = ST_RD_VERBATIM;
2505 else
2506 ds->state = ST_RD_ALIGNED_OFFSET;
2507 break;
2508 }
2509 /* FALL THROUGH */
2510 case ST_RD_ALIGNMENT:
2511 /*
2512 * Handle an Uncompressed Block.
2513 */
2514 /* Skip padding to align following field on
2515 * 16-bit boundary. */
2516 if (lzx_br_is_unaligned(br))
2517 lzx_br_consume_unaligned_bits(br);
2518 else {
2519 if (lzx_br_read_ahead(strm, br, 16))
2520 lzx_br_consume(br, 16);
2521 else {
2522 ds->state = ST_RD_ALIGNMENT;
2523 if (last)
2524 goto failed;
2525 return (ARCHIVE_OK);
2526 }
2527 }
2528 /* Preparation to read repeated offsets R0,R1 and R2. */
2529 ds->rbytes_avail = 0;
2530 ds->state = ST_RD_R0;
2531 /* FALL THROUGH */
2532 case ST_RD_R0:
2533 case ST_RD_R1:
2534 case ST_RD_R2:
2535 do {
2536 uint16_t u16;
2537 /* Drain bits in the cache buffer of
2538 * bit-stream. */
2539 if (lzx_br_has(br, 32)) {
2540 u16 = lzx_br_bits(br, 16);
2541 lzx_br_consume(br, 16);
2542 archive_le16enc(ds->rbytes, u16);
2543 u16 = lzx_br_bits(br, 16);
2544 lzx_br_consume(br, 16);
2545 archive_le16enc(ds->rbytes+2, u16);
2546 ds->rbytes_avail = 4;
2547 } else if (lzx_br_has(br, 16)) {
2548 u16 = lzx_br_bits(br, 16);
2549 lzx_br_consume(br, 16);
2550 archive_le16enc(ds->rbytes, u16);
2551 ds->rbytes_avail = 2;
2552 }
2553 if (ds->rbytes_avail < 4 && ds->br.have_odd) {
2554 ds->rbytes[ds->rbytes_avail++] =
2555 ds->br.odd;
2556 ds->br.have_odd = 0;
2557 }
2558 while (ds->rbytes_avail < 4) {
2559 if (strm->avail_in <= 0) {
2560 if (last)
2561 goto failed;
2562 return (ARCHIVE_OK);
2563 }
2564 ds->rbytes[ds->rbytes_avail++] =
2565 *strm->next_in++;
2566 strm->avail_in--;
2567 }
2568 ds->rbytes_avail = 0;
2569 if (ds->state == ST_RD_R0) {
2570 ds->r0 = archive_le32dec(ds->rbytes);
2571 if (ds->r0 < 0)
2572 goto failed;
2573 ds->state = ST_RD_R1;
2574 } else if (ds->state == ST_RD_R1) {
2575 ds->r1 = archive_le32dec(ds->rbytes);
2576 if (ds->r1 < 0)
2577 goto failed;
2578 ds->state = ST_RD_R2;
2579 } else if (ds->state == ST_RD_R2) {
2580 ds->r2 = archive_le32dec(ds->rbytes);
2581 if (ds->r2 < 0)
2582 goto failed;
2583 /* We've gotten all repeated offsets. */
2584 ds->state = ST_COPY_UNCOMP1;
2585 }
2586 } while (ds->state != ST_COPY_UNCOMP1);
2587 /* FALL THROUGH */
2588 case ST_COPY_UNCOMP1:
2589 /*
2590 * Copy bytes form next_in to next_out directly.
2591 */
2592 while (ds->block_bytes_avail) {
2593 int l;
2594
2595 if (strm->avail_out <= 0)
2596 /* Output buffer is empty. */
2597 return (ARCHIVE_OK);
2598 if (strm->avail_in <= 0) {
2599 /* Input buffer is empty. */
2600 if (last)
2601 goto failed;
2602 return (ARCHIVE_OK);
2603 }
2604 l = (int)ds->block_bytes_avail;
2605 if (l > ds->w_size - ds->w_pos)
2606 l = ds->w_size - ds->w_pos;
2607 if (l > strm->avail_out)
2608 l = (int)strm->avail_out;
2609 if (l > strm->avail_in)
2610 l = (int)strm->avail_in;
2611 memcpy(strm->next_out, strm->next_in, l);
2612 memcpy(&(ds->w_buff[ds->w_pos]),
2613 strm->next_in, l);
2614 strm->next_in += l;
2615 strm->avail_in -= l;
2616 strm->next_out += l;
2617 strm->avail_out -= l;
2618 strm->total_out += l;
2619 ds->w_pos = (ds->w_pos + l) & ds->w_mask;
2620 ds->block_bytes_avail -= l;
2621 }
2622 /* FALL THROUGH */
2623 case ST_COPY_UNCOMP2:
2624 /* Re-align; skip padding byte. */
2625 if (ds->block_size & 1) {
2626 if (strm->avail_in <= 0) {
2627 /* Input buffer is empty. */
2628 ds->state = ST_COPY_UNCOMP2;
2629 if (last)
2630 goto failed;
2631 return (ARCHIVE_OK);
2632 }
2633 strm->next_in++;
2634 strm->avail_in --;
2635 }
2636 /* This block ended. */
2637 ds->state = ST_RD_BLOCK_TYPE;
2638 return (ARCHIVE_EOF);
2639 /********************/
2640 case ST_RD_ALIGNED_OFFSET:
2641 /*
2642 * Read Aligned offset tree.
2643 */
2644 if (!lzx_br_read_ahead(strm, br, 3 * ds->at.len_size)) {
2645 ds->state = ST_RD_ALIGNED_OFFSET;
2646 if (last)
2647 goto failed;
2648 return (ARCHIVE_OK);
2649 }
2650 memset(ds->at.freq, 0, sizeof(ds->at.freq));
2651 for (i = 0; i < ds->at.len_size; i++) {
2652 ds->at.bitlen[i] = lzx_br_bits(br, 3);
2653 ds->at.freq[ds->at.bitlen[i]]++;
2654 lzx_br_consume(br, 3);
2655 }
2656 if (!lzx_make_huffman_table(&ds->at))
2657 goto failed;
2658 /* FALL THROUGH */
2659 case ST_RD_VERBATIM:
2660 ds->loop = 0;
2661 /* FALL THROUGH */
2662 case ST_RD_PRE_MAIN_TREE_256:
2663 /*
2664 * Read Pre-tree for first 256 elements of main tree.
2665 */
2666 if (!lzx_read_pre_tree(strm)) {
2667 ds->state = ST_RD_PRE_MAIN_TREE_256;
2668 if (last)
2669 goto failed;
2670 return (ARCHIVE_OK);
2671 }
2672 if (!lzx_make_huffman_table(&ds->pt))
2673 goto failed;
2674 ds->loop = 0;
2675 /* FALL THROUGH */
2676 case ST_MAIN_TREE_256:
2677 /*
2678 * Get path lengths of first 256 elements of main tree.
2679 */
2680 r = lzx_read_bitlen(strm, &ds->mt, 256);
2681 if (r < 0)
2682 goto failed;
2683 else if (!r) {
2684 ds->state = ST_MAIN_TREE_256;
2685 if (last)
2686 goto failed;
2687 return (ARCHIVE_OK);
2688 }
2689 ds->loop = 0;
2690 /* FALL THROUGH */
2691 case ST_RD_PRE_MAIN_TREE_REM:
2692 /*
2693 * Read Pre-tree for remaining elements of main tree.
2694 */
2695 if (!lzx_read_pre_tree(strm)) {
2696 ds->state = ST_RD_PRE_MAIN_TREE_REM;
2697 if (last)
2698 goto failed;
2699 return (ARCHIVE_OK);
2700 }
2701 if (!lzx_make_huffman_table(&ds->pt))
2702 goto failed;
2703 ds->loop = 256;
2704 /* FALL THROUGH */
2705 case ST_MAIN_TREE_REM:
2706 /*
2707 * Get path lengths of remaining elements of main tree.
2708 */
2709 r = lzx_read_bitlen(strm, &ds->mt, -1);
2710 if (r < 0)
2711 goto failed;
2712 else if (!r) {
2713 ds->state = ST_MAIN_TREE_REM;
2714 if (last)
2715 goto failed;
2716 return (ARCHIVE_OK);
2717 }
2718 if (!lzx_make_huffman_table(&ds->mt))
2719 goto failed;
2720 ds->loop = 0;
2721 /* FALL THROUGH */
2722 case ST_RD_PRE_LENGTH_TREE:
2723 /*
2724 * Read Pre-tree for remaining elements of main tree.
2725 */
2726 if (!lzx_read_pre_tree(strm)) {
2727 ds->state = ST_RD_PRE_LENGTH_TREE;
2728 if (last)
2729 goto failed;
2730 return (ARCHIVE_OK);
2731 }
2732 if (!lzx_make_huffman_table(&ds->pt))
2733 goto failed;
2734 ds->loop = 0;
2735 /* FALL THROUGH */
2736 case ST_LENGTH_TREE:
2737 /*
2738 * Get path lengths of remaining elements of main tree.
2739 */
2740 r = lzx_read_bitlen(strm, &ds->lt, -1);
2741 if (r < 0)
2742 goto failed;
2743 else if (!r) {
2744 ds->state = ST_LENGTH_TREE;
2745 if (last)
2746 goto failed;
2747 return (ARCHIVE_OK);
2748 }
2749 if (!lzx_make_huffman_table(&ds->lt))
2750 goto failed;
2751 ds->state = ST_MAIN;
2752 return (100);
2753 }
2754 }
2755 failed:
2756 return (ds->error = ARCHIVE_FAILED);
2757 }
2758
2759 static int
lzx_decode_blocks(struct lzx_stream * strm,int last)2760 lzx_decode_blocks(struct lzx_stream *strm, int last)
2761 {
2762 struct lzx_dec *ds = strm->ds;
2763 struct lzx_br bre = ds->br;
2764 struct huffman *at = &(ds->at), *lt = &(ds->lt), *mt = &(ds->mt);
2765 const struct lzx_pos_tbl *pos_tbl = ds->pos_tbl;
2766 unsigned char *noutp = strm->next_out;
2767 unsigned char *endp = noutp + strm->avail_out;
2768 unsigned char *w_buff = ds->w_buff;
2769 unsigned char *at_bitlen = at->bitlen;
2770 unsigned char *lt_bitlen = lt->bitlen;
2771 unsigned char *mt_bitlen = mt->bitlen;
2772 size_t block_bytes_avail = ds->block_bytes_avail;
2773 int at_max_bits = at->max_bits;
2774 int lt_max_bits = lt->max_bits;
2775 int mt_max_bits = mt->max_bits;
2776 int c, copy_len = ds->copy_len, copy_pos = ds->copy_pos;
2777 int w_pos = ds->w_pos, w_mask = ds->w_mask, w_size = ds->w_size;
2778 int length_header = ds->length_header;
2779 int offset_bits = ds->offset_bits;
2780 int position_slot = ds->position_slot;
2781 int r0 = ds->r0, r1 = ds->r1, r2 = ds->r2;
2782 int state = ds->state;
2783 char block_type = ds->block_type;
2784
2785 for (;;) {
2786 switch (state) {
2787 case ST_MAIN:
2788 for (;;) {
2789 if (block_bytes_avail == 0) {
2790 /* This block ended. */
2791 ds->state = ST_RD_BLOCK_TYPE;
2792 ds->br = bre;
2793 ds->block_bytes_avail =
2794 block_bytes_avail;
2795 ds->copy_len = copy_len;
2796 ds->copy_pos = copy_pos;
2797 ds->length_header = length_header;
2798 ds->position_slot = position_slot;
2799 ds->r0 = r0; ds->r1 = r1; ds->r2 = r2;
2800 ds->w_pos = w_pos;
2801 strm->avail_out = endp - noutp;
2802 return (ARCHIVE_EOF);
2803 }
2804 if (noutp >= endp)
2805 /* Output buffer is empty. */
2806 goto next_data;
2807
2808 if (!lzx_br_read_ahead(strm, &bre,
2809 mt_max_bits)) {
2810 if (!last)
2811 goto next_data;
2812 /* Remaining bits are less than
2813 * maximum bits(mt.max_bits) but maybe
2814 * it still remains as much as we need,
2815 * so we should try to use it with
2816 * dummy bits. */
2817 c = lzx_decode_huffman(mt,
2818 lzx_br_bits_forced(
2819 &bre, mt_max_bits));
2820 lzx_br_consume(&bre, mt_bitlen[c]);
2821 if (!lzx_br_has(&bre, 0))
2822 goto failed;/* Over read. */
2823 } else {
2824 c = lzx_decode_huffman(mt,
2825 lzx_br_bits(&bre, mt_max_bits));
2826 lzx_br_consume(&bre, mt_bitlen[c]);
2827 }
2828 if ((unsigned int)c > UCHAR_MAX)
2829 break;
2830 /*
2831 * 'c' is exactly literal code.
2832 */
2833 /* Save a decoded code to reference it
2834 * afterward. */
2835 w_buff[w_pos] = c;
2836 w_pos = (w_pos + 1) & w_mask;
2837 /* Store the decoded code to output buffer. */
2838 *noutp++ = c;
2839 block_bytes_avail--;
2840 }
2841 /*
2842 * Get a match code, its length and offset.
2843 */
2844 c -= UCHAR_MAX + 1;
2845 length_header = c & 7;
2846 position_slot = c >> 3;
2847 /* FALL THROUGH */
2848 case ST_LENGTH:
2849 /*
2850 * Get a length.
2851 */
2852 if (length_header == 7) {
2853 if (!lzx_br_read_ahead(strm, &bre,
2854 lt_max_bits)) {
2855 if (!last) {
2856 state = ST_LENGTH;
2857 goto next_data;
2858 }
2859 c = lzx_decode_huffman(lt,
2860 lzx_br_bits_forced(
2861 &bre, lt_max_bits));
2862 lzx_br_consume(&bre, lt_bitlen[c]);
2863 if (!lzx_br_has(&bre, 0))
2864 goto failed;/* Over read. */
2865 } else {
2866 c = lzx_decode_huffman(lt,
2867 lzx_br_bits(&bre, lt_max_bits));
2868 lzx_br_consume(&bre, lt_bitlen[c]);
2869 }
2870 copy_len = c + 7 + 2;
2871 } else
2872 copy_len = length_header + 2;
2873 if ((size_t)copy_len > block_bytes_avail)
2874 goto failed;
2875 /*
2876 * Get an offset.
2877 */
2878 switch (position_slot) {
2879 case 0: /* Use repeated offset 0. */
2880 copy_pos = r0;
2881 state = ST_REAL_POS;
2882 continue;
2883 case 1: /* Use repeated offset 1. */
2884 copy_pos = r1;
2885 /* Swap repeated offset. */
2886 r1 = r0;
2887 r0 = copy_pos;
2888 state = ST_REAL_POS;
2889 continue;
2890 case 2: /* Use repeated offset 2. */
2891 copy_pos = r2;
2892 /* Swap repeated offset. */
2893 r2 = r0;
2894 r0 = copy_pos;
2895 state = ST_REAL_POS;
2896 continue;
2897 default:
2898 offset_bits =
2899 pos_tbl[position_slot].footer_bits;
2900 break;
2901 }
2902 /* FALL THROUGH */
2903 case ST_OFFSET:
2904 /*
2905 * Get the offset, which is a distance from
2906 * current window position.
2907 */
2908 if (block_type == ALIGNED_OFFSET_BLOCK &&
2909 offset_bits >= 3) {
2910 int offbits = offset_bits - 3;
2911
2912 if (!lzx_br_read_ahead(strm, &bre, offbits)) {
2913 state = ST_OFFSET;
2914 if (last)
2915 goto failed;
2916 goto next_data;
2917 }
2918 copy_pos = lzx_br_bits(&bre, offbits) << 3;
2919
2920 /* Get an aligned number. */
2921 if (!lzx_br_read_ahead(strm, &bre,
2922 offbits + at_max_bits)) {
2923 if (!last) {
2924 state = ST_OFFSET;
2925 goto next_data;
2926 }
2927 lzx_br_consume(&bre, offbits);
2928 c = lzx_decode_huffman(at,
2929 lzx_br_bits_forced(&bre,
2930 at_max_bits));
2931 lzx_br_consume(&bre, at_bitlen[c]);
2932 if (!lzx_br_has(&bre, 0))
2933 goto failed;/* Over read. */
2934 } else {
2935 lzx_br_consume(&bre, offbits);
2936 c = lzx_decode_huffman(at,
2937 lzx_br_bits(&bre, at_max_bits));
2938 lzx_br_consume(&bre, at_bitlen[c]);
2939 }
2940 /* Add an aligned number. */
2941 copy_pos += c;
2942 } else {
2943 if (!lzx_br_read_ahead(strm, &bre,
2944 offset_bits)) {
2945 state = ST_OFFSET;
2946 if (last)
2947 goto failed;
2948 goto next_data;
2949 }
2950 copy_pos = lzx_br_bits(&bre, offset_bits);
2951 lzx_br_consume(&bre, offset_bits);
2952 }
2953 copy_pos += pos_tbl[position_slot].base -2;
2954
2955 /* Update repeated offset LRU queue. */
2956 r2 = r1;
2957 r1 = r0;
2958 r0 = copy_pos;
2959 /* FALL THROUGH */
2960 case ST_REAL_POS:
2961 /*
2962 * Compute a real position in window.
2963 */
2964 copy_pos = (w_pos - copy_pos) & w_mask;
2965 /* FALL THROUGH */
2966 case ST_COPY:
2967 /*
2968 * Copy several bytes as extracted data from the window
2969 * into the output buffer.
2970 */
2971 for (;;) {
2972 const unsigned char *s;
2973 int l;
2974
2975 l = copy_len;
2976 if (copy_pos > w_pos) {
2977 if (l > w_size - copy_pos)
2978 l = w_size - copy_pos;
2979 } else {
2980 if (l > w_size - w_pos)
2981 l = w_size - w_pos;
2982 }
2983 if (noutp + l >= endp)
2984 l = (int)(endp - noutp);
2985 s = w_buff + copy_pos;
2986 if (l >= 8 && ((copy_pos + l < w_pos)
2987 || (w_pos + l < copy_pos))) {
2988 memcpy(w_buff + w_pos, s, l);
2989 memcpy(noutp, s, l);
2990 } else {
2991 unsigned char *d;
2992 int li;
2993
2994 d = w_buff + w_pos;
2995 for (li = 0; li < l; li++)
2996 noutp[li] = d[li] = s[li];
2997 }
2998 noutp += l;
2999 copy_pos = (copy_pos + l) & w_mask;
3000 w_pos = (w_pos + l) & w_mask;
3001 block_bytes_avail -= l;
3002 if (copy_len <= l)
3003 /* A copy of current pattern ended. */
3004 break;
3005 copy_len -= l;
3006 if (noutp >= endp) {
3007 /* Output buffer is empty. */
3008 state = ST_COPY;
3009 goto next_data;
3010 }
3011 }
3012 state = ST_MAIN;
3013 break;
3014 }
3015 }
3016 failed:
3017 return (ds->error = ARCHIVE_FAILED);
3018 next_data:
3019 ds->br = bre;
3020 ds->block_bytes_avail = block_bytes_avail;
3021 ds->copy_len = copy_len;
3022 ds->copy_pos = copy_pos;
3023 ds->length_header = length_header;
3024 ds->offset_bits = offset_bits;
3025 ds->position_slot = position_slot;
3026 ds->r0 = r0; ds->r1 = r1; ds->r2 = r2;
3027 ds->state = state;
3028 ds->w_pos = w_pos;
3029 strm->avail_out = endp - noutp;
3030 return (ARCHIVE_OK);
3031 }
3032
3033 static int
lzx_read_pre_tree(struct lzx_stream * strm)3034 lzx_read_pre_tree(struct lzx_stream *strm)
3035 {
3036 struct lzx_dec *ds = strm->ds;
3037 struct lzx_br *br = &(ds->br);
3038 int i;
3039
3040 if (ds->loop == 0)
3041 memset(ds->pt.freq, 0, sizeof(ds->pt.freq));
3042 for (i = ds->loop; i < ds->pt.len_size; i++) {
3043 if (!lzx_br_read_ahead(strm, br, 4)) {
3044 ds->loop = i;
3045 return (0);
3046 }
3047 ds->pt.bitlen[i] = lzx_br_bits(br, 4);
3048 ds->pt.freq[ds->pt.bitlen[i]]++;
3049 lzx_br_consume(br, 4);
3050 }
3051 ds->loop = i;
3052 return (1);
3053 }
3054
3055 /*
3056 * Read a bunch of bit-lengths from pre-tree.
3057 */
3058 static int
lzx_read_bitlen(struct lzx_stream * strm,struct huffman * d,int end)3059 lzx_read_bitlen(struct lzx_stream *strm, struct huffman *d, int end)
3060 {
3061 struct lzx_dec *ds = strm->ds;
3062 struct lzx_br *br = &(ds->br);
3063 int c, i, j, ret, same;
3064 unsigned rbits;
3065
3066 i = ds->loop;
3067 if (i == 0)
3068 memset(d->freq, 0, sizeof(d->freq));
3069 ret = 0;
3070 if (end < 0)
3071 end = d->len_size;
3072 while (i < end) {
3073 ds->loop = i;
3074 if (!lzx_br_read_ahead(strm, br, ds->pt.max_bits))
3075 goto getdata;
3076 rbits = lzx_br_bits(br, ds->pt.max_bits);
3077 c = lzx_decode_huffman(&(ds->pt), rbits);
3078 switch (c) {
3079 case 17:/* several zero lengths, from 4 to 19. */
3080 if (!lzx_br_read_ahead(strm, br, ds->pt.bitlen[c]+4))
3081 goto getdata;
3082 lzx_br_consume(br, ds->pt.bitlen[c]);
3083 same = lzx_br_bits(br, 4) + 4;
3084 if (i + same > end)
3085 return (-1);/* Invalid */
3086 lzx_br_consume(br, 4);
3087 for (j = 0; j < same; j++)
3088 d->bitlen[i++] = 0;
3089 break;
3090 case 18:/* many zero lengths, from 20 to 51. */
3091 if (!lzx_br_read_ahead(strm, br, ds->pt.bitlen[c]+5))
3092 goto getdata;
3093 lzx_br_consume(br, ds->pt.bitlen[c]);
3094 same = lzx_br_bits(br, 5) + 20;
3095 if (i + same > end)
3096 return (-1);/* Invalid */
3097 lzx_br_consume(br, 5);
3098 memset(d->bitlen + i, 0, same);
3099 i += same;
3100 break;
3101 case 19:/* a few same lengths. */
3102 if (!lzx_br_read_ahead(strm, br,
3103 ds->pt.bitlen[c]+1+ds->pt.max_bits))
3104 goto getdata;
3105 lzx_br_consume(br, ds->pt.bitlen[c]);
3106 same = lzx_br_bits(br, 1) + 4;
3107 if (i + same > end)
3108 return (-1);
3109 lzx_br_consume(br, 1);
3110 rbits = lzx_br_bits(br, ds->pt.max_bits);
3111 c = lzx_decode_huffman(&(ds->pt), rbits);
3112 lzx_br_consume(br, ds->pt.bitlen[c]);
3113 c = (d->bitlen[i] - c + 17) % 17;
3114 if (c < 0)
3115 return (-1);/* Invalid */
3116 for (j = 0; j < same; j++)
3117 d->bitlen[i++] = c;
3118 d->freq[c] += same;
3119 break;
3120 default:
3121 lzx_br_consume(br, ds->pt.bitlen[c]);
3122 c = (d->bitlen[i] - c + 17) % 17;
3123 if (c < 0)
3124 return (-1);/* Invalid */
3125 d->freq[c]++;
3126 d->bitlen[i++] = c;
3127 break;
3128 }
3129 }
3130 ret = 1;
3131 getdata:
3132 ds->loop = i;
3133 return (ret);
3134 }
3135
3136 static int
lzx_huffman_init(struct huffman * hf,size_t len_size,int tbl_bits)3137 lzx_huffman_init(struct huffman *hf, size_t len_size, int tbl_bits)
3138 {
3139
3140 if (hf->bitlen == NULL || hf->len_size != (int)len_size) {
3141 free(hf->bitlen);
3142 hf->bitlen = calloc(len_size, sizeof(hf->bitlen[0]));
3143 if (hf->bitlen == NULL)
3144 return (ARCHIVE_FATAL);
3145 hf->len_size = (int)len_size;
3146 } else
3147 memset(hf->bitlen, 0, len_size * sizeof(hf->bitlen[0]));
3148 if (hf->tbl == NULL) {
3149 hf->tbl = malloc(((size_t)1 << tbl_bits) * sizeof(hf->tbl[0]));
3150 if (hf->tbl == NULL)
3151 return (ARCHIVE_FATAL);
3152 hf->tbl_bits = tbl_bits;
3153 }
3154 return (ARCHIVE_OK);
3155 }
3156
3157 static void
lzx_huffman_free(struct huffman * hf)3158 lzx_huffman_free(struct huffman *hf)
3159 {
3160 free(hf->bitlen);
3161 free(hf->tbl);
3162 }
3163
3164 /*
3165 * Make a huffman coding table.
3166 */
3167 static int
lzx_make_huffman_table(struct huffman * hf)3168 lzx_make_huffman_table(struct huffman *hf)
3169 {
3170 uint16_t *tbl;
3171 const unsigned char *bitlen;
3172 int bitptn[17], weight[17];
3173 int i, maxbits = 0, ptn, tbl_size, w;
3174 int len_avail;
3175
3176 /*
3177 * Initialize bit patterns.
3178 */
3179 ptn = 0;
3180 for (i = 1, w = 1 << 15; i <= 16; i++, w >>= 1) {
3181 bitptn[i] = ptn;
3182 weight[i] = w;
3183 if (hf->freq[i]) {
3184 ptn += hf->freq[i] * w;
3185 maxbits = i;
3186 }
3187 }
3188 if ((ptn & 0xffff) != 0 || maxbits > hf->tbl_bits)
3189 return (0);/* Invalid */
3190
3191 hf->max_bits = maxbits;
3192
3193 /*
3194 * Cut out extra bits which we won't house in the table.
3195 * This preparation reduces the same calculation in the for-loop
3196 * making the table.
3197 */
3198 if (maxbits < 16) {
3199 int ebits = 16 - maxbits;
3200 for (i = 1; i <= maxbits; i++) {
3201 bitptn[i] >>= ebits;
3202 weight[i] >>= ebits;
3203 }
3204 }
3205
3206 /*
3207 * Make the table.
3208 */
3209 tbl_size = 1 << hf->tbl_bits;
3210 tbl = hf->tbl;
3211 bitlen = hf->bitlen;
3212 len_avail = hf->len_size;
3213 hf->tree_used = 0;
3214 for (i = 0; i < len_avail; i++) {
3215 uint16_t *p;
3216 int len, cnt;
3217
3218 if (bitlen[i] == 0)
3219 continue;
3220 /* Get a bit pattern */
3221 len = bitlen[i];
3222 if (len > tbl_size)
3223 return (0);
3224 ptn = bitptn[len];
3225 cnt = weight[len];
3226 /* Calculate next bit pattern */
3227 if ((bitptn[len] = ptn + cnt) > tbl_size)
3228 return (0);/* Invalid */
3229 /* Update the table */
3230 p = &(tbl[ptn]);
3231 while (--cnt >= 0)
3232 p[cnt] = (uint16_t)i;
3233 }
3234 return (1);
3235 }
3236
3237 static inline int
lzx_decode_huffman(struct huffman * hf,unsigned rbits)3238 lzx_decode_huffman(struct huffman *hf, unsigned rbits)
3239 {
3240 int c;
3241 c = hf->tbl[rbits];
3242 if (c < hf->len_size)
3243 return (c);
3244 return (0);
3245 }
3246