1 /*-
2 * Copyright (c) 2010-2012 Michihiro NAKAJIMA
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26 #include "archive_platform.h"
27
28 #ifdef HAVE_ERRNO_H
29 #include <errno.h>
30 #endif
31 #ifdef HAVE_LIMITS_H
32 #include <limits.h>
33 #endif
34 #ifdef HAVE_STDLIB_H
35 #include <stdlib.h>
36 #endif
37 #ifdef HAVE_STRING_H
38 #include <string.h>
39 #endif
40 #ifdef HAVE_ZLIB_H
41 #include <zlib.h>
42 #endif
43
44 #include "archive.h"
45 #include "archive_entry.h"
46 #include "archive_entry_locale.h"
47 #include "archive_private.h"
48 #include "archive_read_private.h"
49 #include "archive_endian.h"
50
51
52 struct lzx_dec {
53 /* Decoding status. */
54 int state;
55
56 /*
57 * Window to see last decoded data, from 32KBi to 2MBi.
58 */
59 int w_size;
60 int w_mask;
61 /* Window buffer, which is a loop buffer. */
62 unsigned char *w_buff;
63 /* The insert position to the window. */
64 int w_pos;
65 /* The position where we can copy decoded code from the window. */
66 int copy_pos;
67 /* The length how many bytes we can copy decoded code from
68 * the window. */
69 int copy_len;
70 /* Translation reversal for x86 processor CALL byte sequence(E8).
71 * This is used for LZX only. */
72 uint32_t translation_size;
73 char translation;
74 char block_type;
75 #define VERBATIM_BLOCK 1
76 #define ALIGNED_OFFSET_BLOCK 2
77 #define UNCOMPRESSED_BLOCK 3
78 size_t block_size;
79 size_t block_bytes_avail;
80 /* Repeated offset. */
81 int r0, r1, r2;
82 unsigned char rbytes[4];
83 int rbytes_avail;
84 int length_header;
85 int position_slot;
86 int offset_bits;
87
88 struct lzx_pos_tbl {
89 int base;
90 int footer_bits;
91 } *pos_tbl;
92 /*
93 * Bit stream reader.
94 */
95 struct lzx_br {
96 #define CACHE_TYPE uint64_t
97 #define CACHE_BITS (8 * sizeof(CACHE_TYPE))
98 /* Cache buffer. */
99 CACHE_TYPE cache_buffer;
100 /* Indicates how many bits avail in cache_buffer. */
101 int cache_avail;
102 unsigned char odd;
103 char have_odd;
104 } br;
105
106 /*
107 * Huffman coding.
108 */
109 struct huffman {
110 int len_size;
111 int freq[17];
112 unsigned char *bitlen;
113
114 /*
115 * Use a index table. It's faster than searching a huffman
116 * coding tree, which is a binary tree. But a use of a large
117 * index table causes L1 cache read miss many times.
118 */
119 int max_bits;
120 int tbl_bits;
121 int tree_used;
122 /* Direct access table. */
123 uint16_t *tbl;
124 } at, lt, mt, pt;
125
126 int loop;
127 int error;
128 };
129
130 static const int slots[] = {
131 30, 32, 34, 36, 38, 42, 50, 66, 98, 162, 290
132 };
133 #define SLOT_BASE 15
134 #define SLOT_MAX 21/*->25*/
135
136 struct lzx_stream {
137 const unsigned char *next_in;
138 int64_t avail_in;
139 int64_t total_in;
140 unsigned char *next_out;
141 int64_t avail_out;
142 int64_t total_out;
143 struct lzx_dec *ds;
144 };
145
146 /*
147 * Cabinet file definitions.
148 */
149 /* CFHEADER offset */
150 #define CFHEADER_signature 0
151 #define CFHEADER_cbCabinet 8
152 #define CFHEADER_coffFiles 16
153 #define CFHEADER_versionMinor 24
154 #define CFHEADER_versionMajor 25
155 #define CFHEADER_cFolders 26
156 #define CFHEADER_cFiles 28
157 #define CFHEADER_flags 30
158 #define CFHEADER_setID 32
159 #define CFHEADER_iCabinet 34
160 #define CFHEADER_cbCFHeader 36
161 #define CFHEADER_cbCFFolder 38
162 #define CFHEADER_cbCFData 39
163
164 /* CFFOLDER offset */
165 #define CFFOLDER_coffCabStart 0
166 #define CFFOLDER_cCFData 4
167 #define CFFOLDER_typeCompress 6
168 #define CFFOLDER_abReserve 8
169
170 /* CFFILE offset */
171 #define CFFILE_cbFile 0
172 #define CFFILE_uoffFolderStart 4
173 #define CFFILE_iFolder 8
174 #define CFFILE_date_time 10
175 #define CFFILE_attribs 14
176
177 /* CFDATA offset */
178 #define CFDATA_csum 0
179 #define CFDATA_cbData 4
180 #define CFDATA_cbUncomp 6
181
182 static const char * const compression_name[] = {
183 "NONE",
184 "MSZIP",
185 "Quantum",
186 "LZX",
187 };
188
189 struct cfdata {
190 /* Sum value of this CFDATA. */
191 uint32_t sum;
192 uint16_t compressed_size;
193 uint16_t compressed_bytes_remaining;
194 uint16_t uncompressed_size;
195 uint16_t uncompressed_bytes_remaining;
196 /* To know how many bytes we have decompressed. */
197 uint16_t uncompressed_avail;
198 /* Offset from the beginning of compressed data of this CFDATA */
199 uint16_t read_offset;
200 int64_t unconsumed;
201 /* To keep memory image of this CFDATA to compute the sum. */
202 size_t memimage_size;
203 unsigned char *memimage;
204 /* Result of calculation of sum. */
205 uint32_t sum_calculated;
206 unsigned char sum_extra[4];
207 int sum_extra_avail;
208 const void *sum_ptr;
209 };
210
211 struct cffolder {
212 uint32_t cfdata_offset_in_cab;
213 uint16_t cfdata_count;
214 uint16_t comptype;
215 #define COMPTYPE_NONE 0x0000
216 #define COMPTYPE_MSZIP 0x0001
217 #define COMPTYPE_QUANTUM 0x0002
218 #define COMPTYPE_LZX 0x0003
219 uint16_t compdata;
220 const char *compname;
221 /* At the time reading CFDATA */
222 struct cfdata cfdata;
223 int cfdata_index;
224 /* Flags to mark progress of decompression. */
225 char decompress_init;
226 };
227
228 struct cffile {
229 uint32_t uncompressed_size;
230 uint32_t offset;
231 time_t mtime;
232 uint16_t folder;
233 #define iFoldCONTINUED_FROM_PREV 0xFFFD
234 #define iFoldCONTINUED_TO_NEXT 0xFFFE
235 #define iFoldCONTINUED_PREV_AND_NEXT 0xFFFF
236 unsigned char attr;
237 #define ATTR_RDONLY 0x01
238 #define ATTR_NAME_IS_UTF 0x80
239 struct archive_string pathname;
240 };
241
242 struct cfheader {
243 /* Total bytes of all file size in a Cabinet. */
244 uint32_t total_bytes;
245 uint32_t files_offset;
246 uint16_t folder_count;
247 uint16_t file_count;
248 uint16_t flags;
249 #define PREV_CABINET 0x0001
250 #define NEXT_CABINET 0x0002
251 #define RESERVE_PRESENT 0x0004
252 uint16_t setid;
253 uint16_t cabinet;
254 /* Version number. */
255 unsigned char major;
256 unsigned char minor;
257 unsigned char cffolder;
258 unsigned char cfdata;
259 /* All folders in a cabinet. */
260 struct cffolder *folder_array;
261 /* All files in a cabinet. */
262 struct cffile *file_array;
263 int file_index;
264 };
265
266 struct cab {
267 /* entry_bytes_remaining is the number of bytes we expect. */
268 int64_t entry_offset;
269 int64_t entry_bytes_remaining;
270 int64_t entry_unconsumed;
271 int64_t entry_compressed_bytes_read;
272 int64_t entry_uncompressed_bytes_read;
273 struct cffolder *entry_cffolder;
274 struct cffile *entry_cffile;
275 struct cfdata *entry_cfdata;
276
277 /* Offset from beginning of a cabinet file. */
278 int64_t cab_offset;
279 struct cfheader cfheader;
280 struct archive_wstring ws;
281
282 /* Flag to mark progress that an archive was read their first header.*/
283 char found_header;
284 char end_of_archive;
285 char end_of_entry;
286 char end_of_entry_cleanup;
287 char read_data_invoked;
288 int64_t bytes_skipped;
289
290 unsigned char *uncompressed_buffer;
291 size_t uncompressed_buffer_size;
292
293 int init_default_conversion;
294 struct archive_string_conv *sconv;
295 struct archive_string_conv *sconv_default;
296 struct archive_string_conv *sconv_utf8;
297 char format_name[64];
298
299 #ifdef HAVE_ZLIB_H
300 z_stream stream;
301 char stream_valid;
302 #endif
303 struct lzx_stream xstrm;
304 };
305
306 static int archive_read_format_cab_bid(struct archive_read *, int);
307 static int archive_read_format_cab_options(struct archive_read *,
308 const char *, const char *);
309 static int archive_read_format_cab_read_header(struct archive_read *,
310 struct archive_entry *);
311 static int archive_read_format_cab_read_data(struct archive_read *,
312 const void **, size_t *, int64_t *);
313 static int archive_read_format_cab_read_data_skip(struct archive_read *);
314 static int archive_read_format_cab_cleanup(struct archive_read *);
315
316 static int cab_skip_sfx(struct archive_read *);
317 static time_t cab_dos_time(const unsigned char *);
318 static int cab_read_data(struct archive_read *, const void **,
319 size_t *, int64_t *);
320 static int cab_read_header(struct archive_read *);
321 static uint32_t cab_checksum_cfdata_4(const void *, size_t bytes, uint32_t);
322 static uint32_t cab_checksum_cfdata(const void *, size_t bytes, uint32_t);
323 static void cab_checksum_update(struct archive_read *, size_t);
324 static int cab_checksum_finish(struct archive_read *);
325 static int cab_next_cfdata(struct archive_read *);
326 static const void *cab_read_ahead_cfdata(struct archive_read *, ssize_t *);
327 static const void *cab_read_ahead_cfdata_none(struct archive_read *, ssize_t *);
328 static const void *cab_read_ahead_cfdata_deflate(struct archive_read *,
329 ssize_t *);
330 static const void *cab_read_ahead_cfdata_lzx(struct archive_read *,
331 ssize_t *);
332 static int64_t cab_consume_cfdata(struct archive_read *, int64_t);
333 static int64_t cab_minimum_consume_cfdata(struct archive_read *, int64_t);
334 static int lzx_decode_init(struct lzx_stream *, int);
335 static int lzx_read_blocks(struct lzx_stream *, int);
336 static int lzx_decode_blocks(struct lzx_stream *, int);
337 static void lzx_decode_free(struct lzx_stream *);
338 static void lzx_translation(struct lzx_stream *, void *, size_t, uint32_t);
339 static void lzx_cleanup_bitstream(struct lzx_stream *);
340 static int lzx_decode(struct lzx_stream *, int);
341 static int lzx_read_pre_tree(struct lzx_stream *);
342 static int lzx_read_bitlen(struct lzx_stream *, struct huffman *, int);
343 static int lzx_huffman_init(struct huffman *, size_t, int);
344 static void lzx_huffman_free(struct huffman *);
345 static int lzx_make_huffman_table(struct huffman *);
346 static inline int lzx_decode_huffman(struct huffman *, unsigned);
347
348
349 int
archive_read_support_format_cab(struct archive * _a)350 archive_read_support_format_cab(struct archive *_a)
351 {
352 struct archive_read *a = (struct archive_read *)_a;
353 struct cab *cab;
354 int r;
355
356 archive_check_magic(_a, ARCHIVE_READ_MAGIC,
357 ARCHIVE_STATE_NEW, "archive_read_support_format_cab");
358
359 cab = calloc(1, sizeof(*cab));
360 if (cab == NULL) {
361 archive_set_error(&a->archive, ENOMEM,
362 "Can't allocate CAB data");
363 return (ARCHIVE_FATAL);
364 }
365 archive_string_init(&cab->ws);
366 if (archive_wstring_ensure(&cab->ws, 256) == NULL) {
367 archive_set_error(&a->archive, ENOMEM,
368 "Can't allocate memory");
369 free(cab);
370 return (ARCHIVE_FATAL);
371 }
372
373 r = __archive_read_register_format(a,
374 cab,
375 "cab",
376 archive_read_format_cab_bid,
377 archive_read_format_cab_options,
378 archive_read_format_cab_read_header,
379 archive_read_format_cab_read_data,
380 archive_read_format_cab_read_data_skip,
381 NULL,
382 archive_read_format_cab_cleanup,
383 NULL,
384 NULL);
385
386 if (r != ARCHIVE_OK)
387 free(cab);
388 return (ARCHIVE_OK);
389 }
390
391 static int
find_cab_magic(const char * p)392 find_cab_magic(const char *p)
393 {
394 switch (p[4]) {
395 case 0:
396 /*
397 * Note: Self-Extraction program has 'MSCF' string in their
398 * program. If we were finding 'MSCF' string only, we got
399 * wrong place for Cabinet header, thus, we have to check
400 * following four bytes which are reserved and must be set
401 * to zero.
402 */
403 if (memcmp(p, "MSCF\0\0\0\0", 8) == 0)
404 return 0;
405 return 5;
406 case 'F': return 1;
407 case 'C': return 2;
408 case 'S': return 3;
409 case 'M': return 4;
410 default: return 5;
411 }
412 }
413
414 static int
archive_read_format_cab_bid(struct archive_read * a,int best_bid)415 archive_read_format_cab_bid(struct archive_read *a, int best_bid)
416 {
417 const char *p;
418 ssize_t bytes_avail, offset, window;
419
420 /* If there's already a better bid than we can ever
421 make, don't bother testing. */
422 if (best_bid > 64)
423 return (-1);
424
425 if ((p = __archive_read_ahead(a, 8, NULL)) == NULL)
426 return (-1);
427
428 if (memcmp(p, "MSCF\0\0\0\0", 8) == 0)
429 return (64);
430
431 /*
432 * Attempt to handle self-extracting archives
433 * by noting a PE header and searching forward
434 * up to 128k for a 'MSCF' marker.
435 */
436 if (p[0] == 'M' && p[1] == 'Z') {
437 offset = 0;
438 window = 4096;
439 while (offset < (1024 * 128)) {
440 const char *h = __archive_read_ahead(a, offset + window,
441 &bytes_avail);
442 if (h == NULL) {
443 /* Remaining bytes are less than window. */
444 window >>= 1;
445 if (window < 128)
446 return (0);
447 continue;
448 }
449 p = h + offset;
450 while (p + 8 < h + bytes_avail) {
451 int next;
452 if ((next = find_cab_magic(p)) == 0)
453 return (64);
454 p += next;
455 }
456 offset = p - h;
457 }
458 }
459 return (0);
460 }
461
462 static int
archive_read_format_cab_options(struct archive_read * a,const char * key,const char * val)463 archive_read_format_cab_options(struct archive_read *a,
464 const char *key, const char *val)
465 {
466 struct cab *cab;
467 int ret = ARCHIVE_FAILED;
468
469 cab = (struct cab *)(a->format->data);
470 if (strcmp(key, "hdrcharset") == 0) {
471 if (val == NULL || val[0] == 0)
472 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
473 "cab: hdrcharset option needs a character-set name");
474 else {
475 cab->sconv = archive_string_conversion_from_charset(
476 &a->archive, val, 0);
477 if (cab->sconv != NULL)
478 ret = ARCHIVE_OK;
479 else
480 ret = ARCHIVE_FATAL;
481 }
482 return (ret);
483 }
484
485 /* Note: The "warn" return is just to inform the options
486 * supervisor that we didn't handle it. It will generate
487 * a suitable error if no one used this option. */
488 return (ARCHIVE_WARN);
489 }
490
491 static int
cab_skip_sfx(struct archive_read * a)492 cab_skip_sfx(struct archive_read *a)
493 {
494 const char *p, *q;
495 size_t skip;
496 ssize_t bytes, window;
497
498 window = 4096;
499 for (;;) {
500 const char *h = __archive_read_ahead(a, window, &bytes);
501 if (h == NULL) {
502 /* Remaining size are less than window. */
503 window >>= 1;
504 if (window < 128) {
505 archive_set_error(&a->archive,
506 ARCHIVE_ERRNO_FILE_FORMAT,
507 "Couldn't find out CAB header");
508 return (ARCHIVE_FATAL);
509 }
510 continue;
511 }
512 p = h;
513 q = p + bytes;
514
515 /*
516 * Scan ahead until we find something that looks
517 * like the cab header.
518 */
519 while (p + 8 < q) {
520 int next;
521 if ((next = find_cab_magic(p)) == 0) {
522 skip = p - h;
523 __archive_read_consume(a, skip);
524 return (ARCHIVE_OK);
525 }
526 p += next;
527 }
528 skip = p - h;
529 __archive_read_consume(a, skip);
530 }
531 }
532
533 static int
truncated_error(struct archive_read * a)534 truncated_error(struct archive_read *a)
535 {
536 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
537 "Truncated CAB header");
538 return (ARCHIVE_FATAL);
539 }
540
541 static ssize_t
cab_strnlen(const unsigned char * p,size_t maxlen)542 cab_strnlen(const unsigned char *p, size_t maxlen)
543 {
544 size_t i;
545
546 for (i = 0; i <= maxlen; i++) {
547 if (p[i] == 0)
548 break;
549 }
550 if (i > maxlen)
551 return (-1);/* invalid */
552 return ((ssize_t)i);
553 }
554
555 /* Read bytes as much as remaining. */
556 static const void *
cab_read_ahead_remaining(struct archive_read * a,size_t min,ssize_t * avail)557 cab_read_ahead_remaining(struct archive_read *a, size_t min, ssize_t *avail)
558 {
559 const void *p;
560
561 while (min > 0) {
562 p = __archive_read_ahead(a, min, avail);
563 if (p != NULL)
564 return (p);
565 min--;
566 }
567 return (NULL);
568 }
569
570 /* Convert a path separator '\' -> '/' */
571 static int
cab_convert_path_separator_1(struct archive_string * fn,unsigned char attr)572 cab_convert_path_separator_1(struct archive_string *fn, unsigned char attr)
573 {
574 size_t i;
575 int mb;
576
577 /* Easy check if we have '\' in multi-byte string. */
578 mb = 0;
579 for (i = 0; i < archive_strlen(fn); i++) {
580 if (fn->s[i] == '\\') {
581 if (mb) {
582 /* This may be second byte of multi-byte
583 * character. */
584 break;
585 }
586 fn->s[i] = '/';
587 mb = 0;
588 } else if ((fn->s[i] & 0x80) && !(attr & ATTR_NAME_IS_UTF))
589 mb = 1;
590 else
591 mb = 0;
592 }
593 if (i == archive_strlen(fn))
594 return (0);
595 return (-1);
596 }
597
598 /*
599 * Replace a character '\' with '/' in wide character.
600 */
601 static void
cab_convert_path_separator_2(struct cab * cab,struct archive_entry * entry)602 cab_convert_path_separator_2(struct cab *cab, struct archive_entry *entry)
603 {
604 const wchar_t *wp;
605 size_t i;
606
607 /* If a conversion to wide character failed, force the replacement. */
608 if ((wp = archive_entry_pathname_w(entry)) != NULL) {
609 archive_wstrcpy(&(cab->ws), wp);
610 for (i = 0; i < archive_strlen(&(cab->ws)); i++) {
611 if (cab->ws.s[i] == L'\\')
612 cab->ws.s[i] = L'/';
613 }
614 archive_entry_copy_pathname_w(entry, cab->ws.s);
615 }
616 }
617
618 /*
619 * Read CFHEADER, CFFOLDER and CFFILE.
620 */
621 static int
cab_read_header(struct archive_read * a)622 cab_read_header(struct archive_read *a)
623 {
624 const unsigned char *p;
625 struct cab *cab;
626 struct cfheader *hd;
627 size_t bytes, used;
628 ssize_t len;
629 int64_t skip;
630 int err, i;
631 int cur_folder, prev_folder;
632 uint32_t offset32;
633
634 a->archive.archive_format = ARCHIVE_FORMAT_CAB;
635 if (a->archive.archive_format_name == NULL)
636 a->archive.archive_format_name = "CAB";
637
638 if ((p = __archive_read_ahead(a, 42, NULL)) == NULL)
639 return (truncated_error(a));
640
641 cab = (struct cab *)(a->format->data);
642 if (cab->found_header == 0 &&
643 p[0] == 'M' && p[1] == 'Z') {
644 /* This is an executable? Must be self-extracting... */
645 err = cab_skip_sfx(a);
646 if (err < ARCHIVE_WARN)
647 return (err);
648
649 /* Re-read header after processing the SFX. */
650 if ((p = __archive_read_ahead(a, 42, NULL)) == NULL)
651 return (truncated_error(a));
652 }
653
654 cab->cab_offset = 0;
655 /*
656 * Read CFHEADER.
657 */
658 hd = &cab->cfheader;
659 if (p[CFHEADER_signature+0] != 'M' || p[CFHEADER_signature+1] != 'S' ||
660 p[CFHEADER_signature+2] != 'C' || p[CFHEADER_signature+3] != 'F') {
661 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
662 "Couldn't find out CAB header");
663 return (ARCHIVE_FATAL);
664 }
665 hd->total_bytes = archive_le32dec(p + CFHEADER_cbCabinet);
666 hd->files_offset = archive_le32dec(p + CFHEADER_coffFiles);
667 hd->minor = p[CFHEADER_versionMinor];
668 hd->major = p[CFHEADER_versionMajor];
669 hd->folder_count = archive_le16dec(p + CFHEADER_cFolders);
670 if (hd->folder_count == 0)
671 goto invalid;
672 hd->file_count = archive_le16dec(p + CFHEADER_cFiles);
673 if (hd->file_count == 0)
674 goto invalid;
675 hd->flags = archive_le16dec(p + CFHEADER_flags);
676 hd->setid = archive_le16dec(p + CFHEADER_setID);
677 hd->cabinet = archive_le16dec(p + CFHEADER_iCabinet);
678 used = CFHEADER_iCabinet + 2;
679 if (hd->flags & RESERVE_PRESENT) {
680 uint16_t cfheader;
681 cfheader = archive_le16dec(p + CFHEADER_cbCFHeader);
682 if (cfheader > 60000U)
683 goto invalid;
684 hd->cffolder = p[CFHEADER_cbCFFolder];
685 hd->cfdata = p[CFHEADER_cbCFData];
686 used += 4;/* cbCFHeader, cbCFFolder and cbCFData */
687 used += cfheader;/* abReserve */
688 } else
689 hd->cffolder = 0;/* Avoid compiling warning. */
690 if (hd->flags & PREV_CABINET) {
691 /* How many bytes are used for szCabinetPrev. */
692 if ((p = __archive_read_ahead(a, used+256, NULL)) == NULL)
693 return (truncated_error(a));
694 if ((len = cab_strnlen(p + used, 255)) <= 0)
695 goto invalid;
696 used += len + 1;
697 /* How many bytes are used for szDiskPrev. */
698 if ((p = __archive_read_ahead(a, used+256, NULL)) == NULL)
699 return (truncated_error(a));
700 if ((len = cab_strnlen(p + used, 255)) <= 0)
701 goto invalid;
702 used += len + 1;
703 }
704 if (hd->flags & NEXT_CABINET) {
705 /* How many bytes are used for szCabinetNext. */
706 if ((p = __archive_read_ahead(a, used+256, NULL)) == NULL)
707 return (truncated_error(a));
708 if ((len = cab_strnlen(p + used, 255)) <= 0)
709 goto invalid;
710 used += len + 1;
711 /* How many bytes are used for szDiskNext. */
712 if ((p = __archive_read_ahead(a, used+256, NULL)) == NULL)
713 return (truncated_error(a));
714 if ((len = cab_strnlen(p + used, 255)) <= 0)
715 goto invalid;
716 used += len + 1;
717 }
718 __archive_read_consume(a, used);
719 cab->cab_offset += used;
720 used = 0;
721
722 /*
723 * Read CFFOLDER.
724 */
725 hd->folder_array = calloc(
726 hd->folder_count, sizeof(struct cffolder));
727 if (hd->folder_array == NULL)
728 goto nomem;
729
730 bytes = 8;
731 if (hd->flags & RESERVE_PRESENT)
732 bytes += hd->cffolder;
733 bytes *= hd->folder_count;
734 if ((p = __archive_read_ahead(a, bytes, NULL)) == NULL)
735 return (truncated_error(a));
736 offset32 = 0;
737 for (i = 0; i < hd->folder_count; i++) {
738 struct cffolder *folder = &(hd->folder_array[i]);
739 folder->cfdata_offset_in_cab =
740 archive_le32dec(p + CFFOLDER_coffCabStart);
741 folder->cfdata_count = archive_le16dec(p+CFFOLDER_cCFData);
742 folder->comptype =
743 archive_le16dec(p+CFFOLDER_typeCompress) & 0x0F;
744 folder->compdata =
745 archive_le16dec(p+CFFOLDER_typeCompress) >> 8;
746 /* Get a compression name. */
747 if (folder->comptype <
748 sizeof(compression_name) / sizeof(compression_name[0]))
749 folder->compname = compression_name[folder->comptype];
750 else
751 folder->compname = "UNKNOWN";
752 p += 8;
753 used += 8;
754 if (hd->flags & RESERVE_PRESENT) {
755 p += hd->cffolder;/* abReserve */
756 used += hd->cffolder;
757 }
758 /*
759 * Sanity check if each data is acceptable.
760 */
761 if (offset32 >= folder->cfdata_offset_in_cab)
762 goto invalid;
763 offset32 = folder->cfdata_offset_in_cab;
764
765 /* Set a request to initialize zlib for the CFDATA of
766 * this folder. */
767 folder->decompress_init = 0;
768 }
769 __archive_read_consume(a, used);
770 cab->cab_offset += used;
771
772 /*
773 * Read CFFILE.
774 */
775 /* Seek read pointer to the offset of CFFILE if needed. */
776 skip = (int64_t)hd->files_offset - cab->cab_offset;
777 if (skip < 0) {
778 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
779 "Invalid offset of CFFILE %jd < %jd",
780 (intmax_t)hd->files_offset, (intmax_t)cab->cab_offset);
781 return (ARCHIVE_FATAL);
782 }
783 if (skip) {
784 __archive_read_consume(a, skip);
785 cab->cab_offset += skip;
786 }
787 /* Allocate memory for CFDATA */
788 hd->file_array = calloc(
789 hd->file_count, sizeof(struct cffile));
790 if (hd->file_array == NULL)
791 goto nomem;
792
793 prev_folder = -1;
794 for (i = 0; i < hd->file_count; i++) {
795 struct cffile *file = &(hd->file_array[i]);
796 ssize_t avail;
797
798 if ((p = __archive_read_ahead(a, 16, NULL)) == NULL)
799 return (truncated_error(a));
800 file->uncompressed_size = archive_le32dec(p + CFFILE_cbFile);
801 file->offset = archive_le32dec(p + CFFILE_uoffFolderStart);
802 file->folder = archive_le16dec(p + CFFILE_iFolder);
803 file->mtime = cab_dos_time(p + CFFILE_date_time);
804 file->attr = (uint8_t)archive_le16dec(p + CFFILE_attribs);
805 __archive_read_consume(a, 16);
806
807 cab->cab_offset += 16;
808 if ((p = cab_read_ahead_remaining(a, 256, &avail)) == NULL)
809 return (truncated_error(a));
810 if ((len = cab_strnlen(p, avail-1)) <= 0)
811 goto invalid;
812
813 /* Copy a pathname. */
814 archive_string_init(&(file->pathname));
815 archive_strncpy(&(file->pathname), p, len);
816 __archive_read_consume(a, len + 1);
817 cab->cab_offset += len + 1;
818
819 /*
820 * Sanity check if each data is acceptable.
821 */
822 if (file->uncompressed_size > 0x7FFF8000)
823 goto invalid;/* Too large */
824 if ((int64_t)file->offset + (int64_t)file->uncompressed_size
825 > ARCHIVE_LITERAL_LL(0x7FFF8000))
826 goto invalid;/* Too large */
827 switch (file->folder) {
828 case iFoldCONTINUED_TO_NEXT:
829 /* This must be last file in a folder. */
830 if (i != hd->file_count -1)
831 goto invalid;
832 cur_folder = hd->folder_count -1;
833 break;
834 case iFoldCONTINUED_PREV_AND_NEXT:
835 /* This must be only one file in a folder. */
836 if (hd->file_count != 1)
837 goto invalid;
838 /* FALL THROUGH */
839 case iFoldCONTINUED_FROM_PREV:
840 /* This must be first file in a folder. */
841 if (i != 0)
842 goto invalid;
843 prev_folder = cur_folder = 0;
844 offset32 = file->offset;
845 break;
846 default:
847 if (file->folder >= hd->folder_count)
848 goto invalid;
849 cur_folder = file->folder;
850 break;
851 }
852 /* Dot not back track. */
853 if (cur_folder < prev_folder)
854 goto invalid;
855 if (cur_folder != prev_folder)
856 offset32 = 0;
857 prev_folder = cur_folder;
858
859 /* Make sure there are not any blanks from last file
860 * contents. */
861 if (offset32 != file->offset)
862 goto invalid;
863 offset32 += file->uncompressed_size;
864
865 /* CFDATA is available for file contents. */
866 if (file->uncompressed_size > 0 &&
867 hd->folder_array[cur_folder].cfdata_count == 0)
868 goto invalid;
869 }
870
871 if (hd->cabinet != 0 || hd->flags & (PREV_CABINET | NEXT_CABINET)) {
872 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
873 "Multivolume cabinet file is unsupported");
874 return (ARCHIVE_WARN);
875 }
876 return (ARCHIVE_OK);
877 invalid:
878 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
879 "Invalid CAB header");
880 return (ARCHIVE_FATAL);
881 nomem:
882 archive_set_error(&a->archive, ENOMEM,
883 "Can't allocate memory for CAB data");
884 return (ARCHIVE_FATAL);
885 }
886
887 static int
archive_read_format_cab_read_header(struct archive_read * a,struct archive_entry * entry)888 archive_read_format_cab_read_header(struct archive_read *a,
889 struct archive_entry *entry)
890 {
891 struct cab *cab;
892 struct cfheader *hd;
893 struct cffolder *prev_folder;
894 struct cffile *file;
895 struct archive_string_conv *sconv;
896 int err = ARCHIVE_OK, r;
897
898 cab = (struct cab *)(a->format->data);
899 if (cab->found_header == 0) {
900 err = cab_read_header(a);
901 if (err < ARCHIVE_WARN)
902 return (err);
903 /* We've found the header. */
904 cab->found_header = 1;
905 }
906 hd = &cab->cfheader;
907
908 if (hd->file_index >= hd->file_count) {
909 cab->end_of_archive = 1;
910 return (ARCHIVE_EOF);
911 }
912 file = &hd->file_array[hd->file_index++];
913
914 cab->end_of_entry = 0;
915 cab->end_of_entry_cleanup = 0;
916 cab->entry_compressed_bytes_read = 0;
917 cab->entry_uncompressed_bytes_read = 0;
918 cab->entry_unconsumed = 0;
919 cab->entry_cffile = file;
920
921 /*
922 * Choose a proper folder.
923 */
924 prev_folder = cab->entry_cffolder;
925 switch (file->folder) {
926 case iFoldCONTINUED_FROM_PREV:
927 case iFoldCONTINUED_PREV_AND_NEXT:
928 cab->entry_cffolder = &hd->folder_array[0];
929 break;
930 case iFoldCONTINUED_TO_NEXT:
931 cab->entry_cffolder = &hd->folder_array[hd->folder_count-1];
932 break;
933 default:
934 cab->entry_cffolder = &hd->folder_array[file->folder];
935 break;
936 }
937 /* If a cffolder of this file is changed, reset a cfdata to read
938 * file contents from next cfdata. */
939 if (prev_folder != cab->entry_cffolder)
940 cab->entry_cfdata = NULL;
941
942 /* If a pathname is UTF-8, prepare a string conversion object
943 * for UTF-8 and use it. */
944 if (file->attr & ATTR_NAME_IS_UTF) {
945 if (cab->sconv_utf8 == NULL) {
946 cab->sconv_utf8 =
947 archive_string_conversion_from_charset(
948 &(a->archive), "UTF-8", 1);
949 if (cab->sconv_utf8 == NULL)
950 return (ARCHIVE_FATAL);
951 }
952 sconv = cab->sconv_utf8;
953 } else if (cab->sconv != NULL) {
954 /* Choose the conversion specified by the option. */
955 sconv = cab->sconv;
956 } else {
957 /* Choose the default conversion. */
958 if (!cab->init_default_conversion) {
959 cab->sconv_default =
960 archive_string_default_conversion_for_read(
961 &(a->archive));
962 cab->init_default_conversion = 1;
963 }
964 sconv = cab->sconv_default;
965 }
966
967 /*
968 * Set a default value and common data
969 */
970 r = cab_convert_path_separator_1(&(file->pathname), file->attr);
971 if (archive_entry_copy_pathname_l(entry, file->pathname.s,
972 archive_strlen(&(file->pathname)), sconv) != 0) {
973 if (errno == ENOMEM) {
974 archive_set_error(&a->archive, ENOMEM,
975 "Can't allocate memory for Pathname");
976 return (ARCHIVE_FATAL);
977 }
978 archive_set_error(&a->archive,
979 ARCHIVE_ERRNO_FILE_FORMAT,
980 "Pathname cannot be converted "
981 "from %s to current locale.",
982 archive_string_conversion_charset_name(sconv));
983 err = ARCHIVE_WARN;
984 }
985 if (r < 0) {
986 /* Convert a path separator '\' -> '/' */
987 cab_convert_path_separator_2(cab, entry);
988 }
989
990 archive_entry_set_size(entry, file->uncompressed_size);
991 if (file->attr & ATTR_RDONLY)
992 archive_entry_set_mode(entry, AE_IFREG | 0555);
993 else
994 archive_entry_set_mode(entry, AE_IFREG | 0666);
995 archive_entry_set_mtime(entry, file->mtime, 0);
996
997 cab->entry_bytes_remaining = file->uncompressed_size;
998 cab->entry_offset = 0;
999 /* We don't need compress data. */
1000 if (file->uncompressed_size == 0)
1001 cab->end_of_entry_cleanup = cab->end_of_entry = 1;
1002
1003 /* Set up a more descriptive format name. */
1004 snprintf(cab->format_name, sizeof(cab->format_name), "CAB %d.%d (%s)",
1005 hd->major, hd->minor, cab->entry_cffolder->compname);
1006 a->archive.archive_format_name = cab->format_name;
1007
1008 return (err);
1009 }
1010
1011 static int
archive_read_format_cab_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1012 archive_read_format_cab_read_data(struct archive_read *a,
1013 const void **buff, size_t *size, int64_t *offset)
1014 {
1015 struct cab *cab = (struct cab *)(a->format->data);
1016 int r;
1017
1018 switch (cab->entry_cffile->folder) {
1019 case iFoldCONTINUED_FROM_PREV:
1020 case iFoldCONTINUED_TO_NEXT:
1021 case iFoldCONTINUED_PREV_AND_NEXT:
1022 *buff = NULL;
1023 *size = 0;
1024 *offset = 0;
1025 archive_clear_error(&a->archive);
1026 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1027 "Cannot restore this file split in multivolume.");
1028 return (ARCHIVE_FAILED);
1029 default:
1030 break;
1031 }
1032 if (cab->read_data_invoked == 0) {
1033 if (cab->bytes_skipped) {
1034 if (cab->entry_cfdata == NULL) {
1035 r = cab_next_cfdata(a);
1036 if (r < 0)
1037 return (r);
1038 }
1039 if (cab_consume_cfdata(a, cab->bytes_skipped) < 0)
1040 return (ARCHIVE_FATAL);
1041 cab->bytes_skipped = 0;
1042 }
1043 cab->read_data_invoked = 1;
1044 }
1045 if (cab->entry_unconsumed) {
1046 /* Consume as much as the compressor actually used. */
1047 r = (int)cab_consume_cfdata(a, cab->entry_unconsumed);
1048 cab->entry_unconsumed = 0;
1049 if (r < 0)
1050 return (r);
1051 }
1052 if (cab->end_of_archive || cab->end_of_entry) {
1053 if (!cab->end_of_entry_cleanup) {
1054 /* End-of-entry cleanup done. */
1055 cab->end_of_entry_cleanup = 1;
1056 }
1057 *offset = cab->entry_offset;
1058 *size = 0;
1059 *buff = NULL;
1060 return (ARCHIVE_EOF);
1061 }
1062
1063 return (cab_read_data(a, buff, size, offset));
1064 }
1065
1066 static uint32_t
cab_checksum_cfdata_4(const void * p,size_t bytes,uint32_t seed)1067 cab_checksum_cfdata_4(const void *p, size_t bytes, uint32_t seed)
1068 {
1069 const unsigned char *b;
1070 unsigned u32num;
1071 uint32_t sum;
1072
1073 u32num = (unsigned)bytes / 4;
1074 sum = seed;
1075 b = p;
1076 for (;u32num > 0; --u32num) {
1077 sum ^= archive_le32dec(b);
1078 b += 4;
1079 }
1080 return (sum);
1081 }
1082
1083 static uint32_t
cab_checksum_cfdata(const void * p,size_t bytes,uint32_t seed)1084 cab_checksum_cfdata(const void *p, size_t bytes, uint32_t seed)
1085 {
1086 const unsigned char *b;
1087 uint32_t sum;
1088 uint32_t t;
1089
1090 sum = cab_checksum_cfdata_4(p, bytes, seed);
1091 b = p;
1092 b += bytes & ~3;
1093 t = 0;
1094 switch (bytes & 3) {
1095 case 3:
1096 t |= ((uint32_t)(*b++)) << 16;
1097 /* FALL THROUGH */
1098 case 2:
1099 t |= ((uint32_t)(*b++)) << 8;
1100 /* FALL THROUGH */
1101 case 1:
1102 t |= *b;
1103 /* FALL THROUGH */
1104 default:
1105 break;
1106 }
1107 sum ^= t;
1108
1109 return (sum);
1110 }
1111
1112 static void
cab_checksum_update(struct archive_read * a,size_t bytes)1113 cab_checksum_update(struct archive_read *a, size_t bytes)
1114 {
1115 struct cab *cab = (struct cab *)(a->format->data);
1116 struct cfdata *cfdata = cab->entry_cfdata;
1117 const unsigned char *p;
1118 size_t sumbytes;
1119
1120 if (cfdata->sum == 0 || cfdata->sum_ptr == NULL)
1121 return;
1122 /*
1123 * Calculate the sum of this CFDATA.
1124 * Make sure CFDATA must be calculated in four bytes.
1125 */
1126 p = cfdata->sum_ptr;
1127 sumbytes = bytes;
1128 if (cfdata->sum_extra_avail) {
1129 while (cfdata->sum_extra_avail < 4 && sumbytes > 0) {
1130 cfdata->sum_extra[
1131 cfdata->sum_extra_avail++] = *p++;
1132 sumbytes--;
1133 }
1134 if (cfdata->sum_extra_avail == 4) {
1135 cfdata->sum_calculated = cab_checksum_cfdata_4(
1136 cfdata->sum_extra, 4, cfdata->sum_calculated);
1137 cfdata->sum_extra_avail = 0;
1138 }
1139 }
1140 if (sumbytes) {
1141 int odd = sumbytes & 3;
1142 if ((int)(sumbytes - odd) > 0)
1143 cfdata->sum_calculated = cab_checksum_cfdata_4(
1144 p, sumbytes - odd, cfdata->sum_calculated);
1145 if (odd)
1146 memcpy(cfdata->sum_extra, p + sumbytes - odd, odd);
1147 cfdata->sum_extra_avail = odd;
1148 }
1149 cfdata->sum_ptr = NULL;
1150 }
1151
1152 static int
cab_checksum_finish(struct archive_read * a)1153 cab_checksum_finish(struct archive_read *a)
1154 {
1155 struct cab *cab = (struct cab *)(a->format->data);
1156 struct cfdata *cfdata = cab->entry_cfdata;
1157 int l;
1158
1159 /* Do not need to compute a sum. */
1160 if (cfdata->sum == 0)
1161 return (ARCHIVE_OK);
1162
1163 /*
1164 * Calculate the sum of remaining CFDATA.
1165 */
1166 if (cfdata->sum_extra_avail) {
1167 cfdata->sum_calculated =
1168 cab_checksum_cfdata(cfdata->sum_extra,
1169 cfdata->sum_extra_avail, cfdata->sum_calculated);
1170 cfdata->sum_extra_avail = 0;
1171 }
1172
1173 l = 4;
1174 if (cab->cfheader.flags & RESERVE_PRESENT)
1175 l += cab->cfheader.cfdata;
1176 cfdata->sum_calculated = cab_checksum_cfdata(
1177 cfdata->memimage + CFDATA_cbData, l, cfdata->sum_calculated);
1178 if (cfdata->sum_calculated != cfdata->sum) {
1179 #ifndef DONT_FAIL_ON_CRC_ERROR
1180 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1181 "Checksum error CFDATA[%d] %" PRIx32 ":%" PRIx32 " in %d bytes",
1182 cab->entry_cffolder->cfdata_index -1,
1183 cfdata->sum, cfdata->sum_calculated,
1184 cfdata->compressed_size);
1185 return (ARCHIVE_FAILED);
1186 #endif
1187 }
1188 return (ARCHIVE_OK);
1189 }
1190
1191 /*
1192 * Read CFDATA if needed.
1193 */
1194 static int
cab_next_cfdata(struct archive_read * a)1195 cab_next_cfdata(struct archive_read *a)
1196 {
1197 struct cab *cab = (struct cab *)(a->format->data);
1198 struct cfdata *cfdata = cab->entry_cfdata;
1199
1200 /* There are remaining bytes in current CFDATA, use it first. */
1201 if (cfdata != NULL && cfdata->uncompressed_bytes_remaining > 0)
1202 return (ARCHIVE_OK);
1203
1204 if (cfdata == NULL) {
1205 int64_t skip;
1206
1207 cab->entry_cffolder->cfdata_index = 0;
1208
1209 /* Seek read pointer to the offset of CFDATA if needed. */
1210 skip = cab->entry_cffolder->cfdata_offset_in_cab
1211 - cab->cab_offset;
1212 if (skip < 0) {
1213 int folder_index;
1214 switch (cab->entry_cffile->folder) {
1215 case iFoldCONTINUED_FROM_PREV:
1216 case iFoldCONTINUED_PREV_AND_NEXT:
1217 folder_index = 0;
1218 break;
1219 case iFoldCONTINUED_TO_NEXT:
1220 folder_index = cab->cfheader.folder_count-1;
1221 break;
1222 default:
1223 folder_index = cab->entry_cffile->folder;
1224 break;
1225 }
1226 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1227 "Invalid offset of CFDATA in folder(%d) %jd < %jd",
1228 folder_index,
1229 (intmax_t)cab->entry_cffolder->cfdata_offset_in_cab,
1230 (intmax_t)cab->cab_offset);
1231 return (ARCHIVE_FATAL);
1232 }
1233 if (skip > 0) {
1234 if (__archive_read_consume(a, skip) < 0)
1235 return (ARCHIVE_FATAL);
1236 cab->cab_offset =
1237 cab->entry_cffolder->cfdata_offset_in_cab;
1238 }
1239 }
1240
1241 /*
1242 * Read a CFDATA.
1243 */
1244 if (cab->entry_cffolder->cfdata_index <
1245 cab->entry_cffolder->cfdata_count) {
1246 const unsigned char *p;
1247 int l;
1248
1249 cfdata = &(cab->entry_cffolder->cfdata);
1250 cab->entry_cffolder->cfdata_index++;
1251 cab->entry_cfdata = cfdata;
1252 cfdata->sum_calculated = 0;
1253 cfdata->sum_extra_avail = 0;
1254 cfdata->sum_ptr = NULL;
1255 l = 8;
1256 if (cab->cfheader.flags & RESERVE_PRESENT)
1257 l += cab->cfheader.cfdata;
1258 if ((p = __archive_read_ahead(a, l, NULL)) == NULL)
1259 return (truncated_error(a));
1260 cfdata->sum = archive_le32dec(p + CFDATA_csum);
1261 cfdata->compressed_size = archive_le16dec(p + CFDATA_cbData);
1262 cfdata->compressed_bytes_remaining = cfdata->compressed_size;
1263 cfdata->uncompressed_size =
1264 archive_le16dec(p + CFDATA_cbUncomp);
1265 cfdata->uncompressed_bytes_remaining =
1266 cfdata->uncompressed_size;
1267 cfdata->uncompressed_avail = 0;
1268 cfdata->read_offset = 0;
1269 cfdata->unconsumed = 0;
1270
1271 /*
1272 * Sanity check if data size is acceptable.
1273 */
1274 if (cfdata->compressed_size == 0 ||
1275 cfdata->compressed_size > (0x8000+6144))
1276 goto invalid;
1277 if (cfdata->uncompressed_size > 0x8000)
1278 goto invalid;
1279 if (cfdata->uncompressed_size == 0) {
1280 switch (cab->entry_cffile->folder) {
1281 case iFoldCONTINUED_PREV_AND_NEXT:
1282 case iFoldCONTINUED_TO_NEXT:
1283 break;
1284 case iFoldCONTINUED_FROM_PREV:
1285 default:
1286 goto invalid;
1287 }
1288 }
1289 /* If CFDATA is not last in a folder, an uncompressed
1290 * size must be 0x8000(32KBi) */
1291 if ((cab->entry_cffolder->cfdata_index <
1292 cab->entry_cffolder->cfdata_count) &&
1293 cfdata->uncompressed_size != 0x8000)
1294 goto invalid;
1295
1296 /* A compressed data size and an uncompressed data size must
1297 * be the same in no compression mode. */
1298 if (cab->entry_cffolder->comptype == COMPTYPE_NONE &&
1299 cfdata->compressed_size != cfdata->uncompressed_size)
1300 goto invalid;
1301
1302 /*
1303 * Save CFDATA image for sum check.
1304 */
1305 if (cfdata->memimage_size < (size_t)l) {
1306 free(cfdata->memimage);
1307 cfdata->memimage = malloc(l);
1308 if (cfdata->memimage == NULL) {
1309 archive_set_error(&a->archive, ENOMEM,
1310 "Can't allocate memory for CAB data");
1311 return (ARCHIVE_FATAL);
1312 }
1313 cfdata->memimage_size = l;
1314 }
1315 memcpy(cfdata->memimage, p, l);
1316
1317 /* Consume bytes as much as we used. */
1318 __archive_read_consume(a, l);
1319 cab->cab_offset += l;
1320 } else if (cab->entry_cffolder->cfdata_count > 0) {
1321 /* Run out of all CFDATA in a folder. */
1322 cfdata->compressed_size = 0;
1323 cfdata->uncompressed_size = 0;
1324 cfdata->compressed_bytes_remaining = 0;
1325 cfdata->uncompressed_bytes_remaining = 0;
1326 } else {
1327 /* Current folder does not have any CFDATA. */
1328 cfdata = &(cab->entry_cffolder->cfdata);
1329 cab->entry_cfdata = cfdata;
1330 memset(cfdata, 0, sizeof(*cfdata));
1331 }
1332 return (ARCHIVE_OK);
1333 invalid:
1334 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1335 "Invalid CFDATA");
1336 return (ARCHIVE_FATAL);
1337 }
1338
1339 /*
1340 * Read ahead CFDATA.
1341 */
1342 static const void *
cab_read_ahead_cfdata(struct archive_read * a,ssize_t * avail)1343 cab_read_ahead_cfdata(struct archive_read *a, ssize_t *avail)
1344 {
1345 struct cab *cab = (struct cab *)(a->format->data);
1346 int err;
1347
1348 err = cab_next_cfdata(a);
1349 if (err < ARCHIVE_OK) {
1350 *avail = err;
1351 return (NULL);
1352 }
1353
1354 switch (cab->entry_cffolder->comptype) {
1355 case COMPTYPE_NONE:
1356 return (cab_read_ahead_cfdata_none(a, avail));
1357 case COMPTYPE_MSZIP:
1358 return (cab_read_ahead_cfdata_deflate(a, avail));
1359 case COMPTYPE_LZX:
1360 return (cab_read_ahead_cfdata_lzx(a, avail));
1361 default: /* Unsupported compression. */
1362 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1363 "Unsupported CAB compression : %s",
1364 cab->entry_cffolder->compname);
1365 *avail = ARCHIVE_FAILED;
1366 return (NULL);
1367 }
1368 }
1369
1370 /*
1371 * Read ahead CFDATA as uncompressed data.
1372 */
1373 static const void *
cab_read_ahead_cfdata_none(struct archive_read * a,ssize_t * avail)1374 cab_read_ahead_cfdata_none(struct archive_read *a, ssize_t *avail)
1375 {
1376 struct cab *cab = (struct cab *)(a->format->data);
1377 struct cfdata *cfdata;
1378 const void *d;
1379
1380 cfdata = cab->entry_cfdata;
1381
1382 /*
1383 * Note: '1' here is a performance optimization.
1384 * Recall that the decompression layer returns a count of
1385 * available bytes; asking for more than that forces the
1386 * decompressor to combine reads by copying data.
1387 */
1388 d = __archive_read_ahead(a, 1, avail);
1389 if (*avail <= 0) {
1390 *avail = truncated_error(a);
1391 return (NULL);
1392 }
1393 if (*avail > cfdata->uncompressed_bytes_remaining)
1394 *avail = cfdata->uncompressed_bytes_remaining;
1395 cfdata->uncompressed_avail = cfdata->uncompressed_size;
1396 cfdata->unconsumed = *avail;
1397 cfdata->sum_ptr = d;
1398 return (d);
1399 }
1400
1401 /*
1402 * Read ahead CFDATA as deflate data.
1403 */
1404 #ifdef HAVE_ZLIB_H
1405 static const void *
cab_read_ahead_cfdata_deflate(struct archive_read * a,ssize_t * avail)1406 cab_read_ahead_cfdata_deflate(struct archive_read *a, ssize_t *avail)
1407 {
1408 struct cab *cab = (struct cab *)(a->format->data);
1409 struct cfdata *cfdata;
1410 const void *d;
1411 int r, mszip;
1412 uint16_t uavail;
1413 char eod = 0;
1414
1415 cfdata = cab->entry_cfdata;
1416 /* If the buffer hasn't been allocated, allocate it now. */
1417 if (cab->uncompressed_buffer == NULL) {
1418 cab->uncompressed_buffer_size = 0x8000;
1419 cab->uncompressed_buffer
1420 = malloc(cab->uncompressed_buffer_size);
1421 if (cab->uncompressed_buffer == NULL) {
1422 archive_set_error(&a->archive, ENOMEM,
1423 "No memory for CAB reader");
1424 *avail = ARCHIVE_FATAL;
1425 return (NULL);
1426 }
1427 }
1428
1429 uavail = cfdata->uncompressed_avail;
1430 if (uavail == cfdata->uncompressed_size) {
1431 d = cab->uncompressed_buffer + cfdata->read_offset;
1432 *avail = uavail - cfdata->read_offset;
1433 return (d);
1434 }
1435
1436 if (!cab->entry_cffolder->decompress_init) {
1437 cab->stream.next_in = NULL;
1438 cab->stream.avail_in = 0;
1439 cab->stream.total_in = 0;
1440 cab->stream.next_out = NULL;
1441 cab->stream.avail_out = 0;
1442 cab->stream.total_out = 0;
1443 if (cab->stream_valid)
1444 r = inflateReset(&cab->stream);
1445 else
1446 r = inflateInit2(&cab->stream,
1447 -15 /* Don't check for zlib header */);
1448 if (r != Z_OK) {
1449 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1450 "Can't initialize deflate decompression.");
1451 *avail = ARCHIVE_FATAL;
1452 return (NULL);
1453 }
1454 /* Stream structure has been set up. */
1455 cab->stream_valid = 1;
1456 /* We've initialized decompression for this stream. */
1457 cab->entry_cffolder->decompress_init = 1;
1458 }
1459
1460 if (cfdata->compressed_bytes_remaining == cfdata->compressed_size)
1461 mszip = 2;
1462 else
1463 mszip = 0;
1464 eod = 0;
1465 cab->stream.total_out = uavail;
1466 /*
1467 * We always uncompress all data in current CFDATA.
1468 */
1469 while (!eod && cab->stream.total_out < cfdata->uncompressed_size) {
1470 ssize_t bytes_avail;
1471
1472 cab->stream.next_out =
1473 cab->uncompressed_buffer + cab->stream.total_out;
1474 cab->stream.avail_out =
1475 cfdata->uncompressed_size - cab->stream.total_out;
1476
1477 d = __archive_read_ahead(a, 1, &bytes_avail);
1478 if (bytes_avail <= 0) {
1479 *avail = truncated_error(a);
1480 return (NULL);
1481 }
1482 if (bytes_avail > cfdata->compressed_bytes_remaining)
1483 bytes_avail = cfdata->compressed_bytes_remaining;
1484 /*
1485 * A bug in zlib.h: stream.next_in should be marked 'const'
1486 * but isn't (the library never alters data through the
1487 * next_in pointer, only reads it). The result: this ugly
1488 * cast to remove 'const'.
1489 */
1490 cab->stream.next_in = (Bytef *)(uintptr_t)d;
1491 cab->stream.avail_in = (uInt)bytes_avail;
1492 cab->stream.total_in = 0;
1493
1494 /* Cut out a tow-byte MSZIP signature(0x43, 0x4b). */
1495 if (mszip > 0) {
1496 if (bytes_avail <= 0)
1497 goto nomszip;
1498 if (bytes_avail <= mszip) {
1499 if (mszip == 2) {
1500 if (cab->stream.next_in[0] != 0x43)
1501 goto nomszip;
1502 if (bytes_avail > 1 &&
1503 cab->stream.next_in[1] != 0x4b)
1504 goto nomszip;
1505 } else if (cab->stream.next_in[0] != 0x4b)
1506 goto nomszip;
1507 cfdata->unconsumed = bytes_avail;
1508 cfdata->sum_ptr = d;
1509 if (cab_minimum_consume_cfdata(
1510 a, cfdata->unconsumed) < 0) {
1511 *avail = ARCHIVE_FATAL;
1512 return (NULL);
1513 }
1514 mszip -= (int)bytes_avail;
1515 continue;
1516 }
1517 if (mszip == 1 && cab->stream.next_in[0] != 0x4b)
1518 goto nomszip;
1519 else if (mszip == 2 && (cab->stream.next_in[0] != 0x43 ||
1520 cab->stream.next_in[1] != 0x4b))
1521 goto nomszip;
1522 cab->stream.next_in += mszip;
1523 cab->stream.avail_in -= mszip;
1524 cab->stream.total_in += mszip;
1525 mszip = 0;
1526 }
1527
1528 r = inflate(&cab->stream, 0);
1529 switch (r) {
1530 case Z_OK:
1531 break;
1532 case Z_STREAM_END:
1533 eod = 1;
1534 break;
1535 default:
1536 goto zlibfailed;
1537 }
1538 cfdata->unconsumed = cab->stream.total_in;
1539 cfdata->sum_ptr = d;
1540 if (cab_minimum_consume_cfdata(a, cfdata->unconsumed) < 0) {
1541 *avail = ARCHIVE_FATAL;
1542 return (NULL);
1543 }
1544 }
1545 uavail = (uint16_t)cab->stream.total_out;
1546
1547 if (uavail < cfdata->uncompressed_size) {
1548 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1549 "Invalid uncompressed size (%d < %d)",
1550 uavail, cfdata->uncompressed_size);
1551 *avail = ARCHIVE_FATAL;
1552 return (NULL);
1553 }
1554
1555 /*
1556 * Note: I suspect there is a bug in makecab.exe because, in rare
1557 * case, compressed bytes are still remaining regardless we have
1558 * gotten all uncompressed bytes, which size is recorded in CFDATA,
1559 * as much as we need, and we have to use the garbage so as to
1560 * correctly compute the sum of CFDATA accordingly.
1561 */
1562 if (cfdata->compressed_bytes_remaining > 0) {
1563 ssize_t bytes_avail;
1564
1565 d = __archive_read_ahead(a, cfdata->compressed_bytes_remaining,
1566 &bytes_avail);
1567 if (bytes_avail <= 0) {
1568 *avail = truncated_error(a);
1569 return (NULL);
1570 }
1571 cfdata->unconsumed = cfdata->compressed_bytes_remaining;
1572 cfdata->sum_ptr = d;
1573 if (cab_minimum_consume_cfdata(a, cfdata->unconsumed) < 0) {
1574 *avail = ARCHIVE_FATAL;
1575 return (NULL);
1576 }
1577 }
1578
1579 /*
1580 * Set dictionary data for decompressing of next CFDATA, which
1581 * in the same folder. This is why we always do decompress CFDATA
1582 * even if beginning CFDATA or some of CFDATA are not used in
1583 * skipping file data.
1584 */
1585 if (cab->entry_cffolder->cfdata_index <
1586 cab->entry_cffolder->cfdata_count) {
1587 r = inflateReset(&cab->stream);
1588 if (r != Z_OK)
1589 goto zlibfailed;
1590 r = inflateSetDictionary(&cab->stream,
1591 cab->uncompressed_buffer, cfdata->uncompressed_size);
1592 if (r != Z_OK)
1593 goto zlibfailed;
1594 }
1595
1596 d = cab->uncompressed_buffer + cfdata->read_offset;
1597 *avail = uavail - cfdata->read_offset;
1598 cfdata->uncompressed_avail = uavail;
1599
1600 return (d);
1601
1602 zlibfailed:
1603 switch (r) {
1604 case Z_MEM_ERROR:
1605 archive_set_error(&a->archive, ENOMEM,
1606 "Out of memory for deflate decompression");
1607 break;
1608 default:
1609 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1610 "Deflate decompression failed (%d)", r);
1611 break;
1612 }
1613 *avail = ARCHIVE_FATAL;
1614 return (NULL);
1615 nomszip:
1616 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1617 "CFDATA incorrect(no MSZIP signature)");
1618 *avail = ARCHIVE_FATAL;
1619 return (NULL);
1620 }
1621
1622 #else /* HAVE_ZLIB_H */
1623
1624 static const void *
cab_read_ahead_cfdata_deflate(struct archive_read * a,ssize_t * avail)1625 cab_read_ahead_cfdata_deflate(struct archive_read *a, ssize_t *avail)
1626 {
1627 *avail = ARCHIVE_FATAL;
1628 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1629 "libarchive compiled without deflate support (no libz)");
1630 return (NULL);
1631 }
1632
1633 #endif /* HAVE_ZLIB_H */
1634
1635 static const void *
cab_read_ahead_cfdata_lzx(struct archive_read * a,ssize_t * avail)1636 cab_read_ahead_cfdata_lzx(struct archive_read *a, ssize_t *avail)
1637 {
1638 struct cab *cab = (struct cab *)(a->format->data);
1639 struct cfdata *cfdata;
1640 const void *d;
1641 int r;
1642 uint16_t uavail;
1643
1644 cfdata = cab->entry_cfdata;
1645 /* If the buffer hasn't been allocated, allocate it now. */
1646 if (cab->uncompressed_buffer == NULL) {
1647 cab->uncompressed_buffer_size = 0x8000;
1648 cab->uncompressed_buffer
1649 = malloc(cab->uncompressed_buffer_size);
1650 if (cab->uncompressed_buffer == NULL) {
1651 archive_set_error(&a->archive, ENOMEM,
1652 "No memory for CAB reader");
1653 *avail = ARCHIVE_FATAL;
1654 return (NULL);
1655 }
1656 }
1657
1658 uavail = cfdata->uncompressed_avail;
1659 if (uavail == cfdata->uncompressed_size) {
1660 d = cab->uncompressed_buffer + cfdata->read_offset;
1661 *avail = uavail - cfdata->read_offset;
1662 return (d);
1663 }
1664
1665 if (!cab->entry_cffolder->decompress_init) {
1666 r = lzx_decode_init(&cab->xstrm,
1667 cab->entry_cffolder->compdata);
1668 if (r != ARCHIVE_OK) {
1669 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1670 "Can't initialize LZX decompression.");
1671 *avail = ARCHIVE_FATAL;
1672 return (NULL);
1673 }
1674 /* We've initialized decompression for this stream. */
1675 cab->entry_cffolder->decompress_init = 1;
1676 }
1677
1678 /* Clean up remaining bits of previous CFDATA. */
1679 lzx_cleanup_bitstream(&cab->xstrm);
1680 cab->xstrm.total_out = uavail;
1681 while (cab->xstrm.total_out < cfdata->uncompressed_size) {
1682 ssize_t bytes_avail;
1683
1684 cab->xstrm.next_out =
1685 cab->uncompressed_buffer + cab->xstrm.total_out;
1686 cab->xstrm.avail_out =
1687 cfdata->uncompressed_size - cab->xstrm.total_out;
1688
1689 d = __archive_read_ahead(a, 1, &bytes_avail);
1690 if (d == NULL) {
1691 archive_set_error(&a->archive,
1692 ARCHIVE_ERRNO_FILE_FORMAT,
1693 "Truncated CAB file data");
1694 *avail = ARCHIVE_FATAL;
1695 return (NULL);
1696 }
1697 if (bytes_avail > cfdata->compressed_bytes_remaining)
1698 bytes_avail = cfdata->compressed_bytes_remaining;
1699
1700 cab->xstrm.next_in = d;
1701 cab->xstrm.avail_in = bytes_avail;
1702 cab->xstrm.total_in = 0;
1703 r = lzx_decode(&cab->xstrm,
1704 cfdata->compressed_bytes_remaining == bytes_avail);
1705 switch (r) {
1706 case ARCHIVE_OK:
1707 case ARCHIVE_EOF:
1708 break;
1709 default:
1710 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1711 "LZX decompression failed (%d)", r);
1712 *avail = ARCHIVE_FATAL;
1713 return (NULL);
1714 }
1715 cfdata->unconsumed = cab->xstrm.total_in;
1716 cfdata->sum_ptr = d;
1717 if (cab_minimum_consume_cfdata(a, cfdata->unconsumed) < 0) {
1718 *avail = ARCHIVE_FATAL;
1719 return (NULL);
1720 }
1721 }
1722
1723 uavail = (uint16_t)cab->xstrm.total_out;
1724 /*
1725 * Make sure a read pointer advances to next CFDATA.
1726 */
1727 if (cfdata->compressed_bytes_remaining > 0) {
1728 ssize_t bytes_avail;
1729
1730 d = __archive_read_ahead(a, cfdata->compressed_bytes_remaining,
1731 &bytes_avail);
1732 if (bytes_avail <= 0) {
1733 *avail = truncated_error(a);
1734 return (NULL);
1735 }
1736 cfdata->unconsumed = cfdata->compressed_bytes_remaining;
1737 cfdata->sum_ptr = d;
1738 if (cab_minimum_consume_cfdata(a, cfdata->unconsumed) < 0) {
1739 *avail = ARCHIVE_FATAL;
1740 return (NULL);
1741 }
1742 }
1743
1744 /*
1745 * Translation reversal of x86 processor CALL byte sequence(E8).
1746 */
1747 lzx_translation(&cab->xstrm, cab->uncompressed_buffer,
1748 cfdata->uncompressed_size,
1749 (cab->entry_cffolder->cfdata_index-1) * 0x8000);
1750
1751 d = cab->uncompressed_buffer + cfdata->read_offset;
1752 *avail = uavail - cfdata->read_offset;
1753 cfdata->uncompressed_avail = uavail;
1754
1755 return (d);
1756 }
1757
1758 /*
1759 * Consume CFDATA.
1760 * We always decompress CFDATA to consume CFDATA as much as we need
1761 * in uncompressed bytes because all CFDATA in a folder are related
1762 * so we do not skip any CFDATA without decompressing.
1763 * Note: If the folder of a CFFILE is iFoldCONTINUED_PREV_AND_NEXT or
1764 * iFoldCONTINUED_FROM_PREV, we won't decompress because a CFDATA for
1765 * the CFFILE is remaining bytes of previous Multivolume CAB file.
1766 */
1767 static int64_t
cab_consume_cfdata(struct archive_read * a,int64_t consumed_bytes)1768 cab_consume_cfdata(struct archive_read *a, int64_t consumed_bytes)
1769 {
1770 struct cab *cab = (struct cab *)(a->format->data);
1771 struct cfdata *cfdata;
1772 int64_t cbytes, rbytes;
1773 int err;
1774
1775 rbytes = cab_minimum_consume_cfdata(a, consumed_bytes);
1776 if (rbytes < 0)
1777 return (ARCHIVE_FATAL);
1778
1779 cfdata = cab->entry_cfdata;
1780 while (rbytes > 0) {
1781 ssize_t avail;
1782
1783 if (cfdata->compressed_size == 0) {
1784 archive_set_error(&a->archive,
1785 ARCHIVE_ERRNO_FILE_FORMAT,
1786 "Invalid CFDATA");
1787 return (ARCHIVE_FATAL);
1788 }
1789 cbytes = cfdata->uncompressed_bytes_remaining;
1790 if (cbytes > rbytes)
1791 cbytes = rbytes;
1792 rbytes -= cbytes;
1793
1794 if (cfdata->uncompressed_avail == 0 &&
1795 (cab->entry_cffile->folder == iFoldCONTINUED_PREV_AND_NEXT ||
1796 cab->entry_cffile->folder == iFoldCONTINUED_FROM_PREV)) {
1797 /* We have not read any data yet. */
1798 if (cbytes == cfdata->uncompressed_bytes_remaining) {
1799 /* Skip whole current CFDATA. */
1800 __archive_read_consume(a,
1801 cfdata->compressed_size);
1802 cab->cab_offset += cfdata->compressed_size;
1803 cfdata->compressed_bytes_remaining = 0;
1804 cfdata->uncompressed_bytes_remaining = 0;
1805 err = cab_next_cfdata(a);
1806 if (err < 0)
1807 return (err);
1808 cfdata = cab->entry_cfdata;
1809 if (cfdata->uncompressed_size == 0) {
1810 switch (cab->entry_cffile->folder) {
1811 case iFoldCONTINUED_PREV_AND_NEXT:
1812 case iFoldCONTINUED_TO_NEXT:
1813 case iFoldCONTINUED_FROM_PREV:
1814 rbytes = 0;
1815 break;
1816 default:
1817 break;
1818 }
1819 }
1820 continue;
1821 }
1822 cfdata->read_offset += (uint16_t)cbytes;
1823 cfdata->uncompressed_bytes_remaining -= (uint16_t)cbytes;
1824 break;
1825 } else if (cbytes == 0) {
1826 err = cab_next_cfdata(a);
1827 if (err < 0)
1828 return (err);
1829 cfdata = cab->entry_cfdata;
1830 if (cfdata->uncompressed_size == 0) {
1831 switch (cab->entry_cffile->folder) {
1832 case iFoldCONTINUED_PREV_AND_NEXT:
1833 case iFoldCONTINUED_TO_NEXT:
1834 case iFoldCONTINUED_FROM_PREV:
1835 return (ARCHIVE_FATAL);
1836 default:
1837 break;
1838 }
1839 }
1840 continue;
1841 }
1842 while (cbytes > 0) {
1843 (void)cab_read_ahead_cfdata(a, &avail);
1844 if (avail <= 0)
1845 return (ARCHIVE_FATAL);
1846 if (avail > cbytes)
1847 avail = (ssize_t)cbytes;
1848 if (cab_minimum_consume_cfdata(a, avail) < 0)
1849 return (ARCHIVE_FATAL);
1850 cbytes -= avail;
1851 }
1852 }
1853 return (consumed_bytes);
1854 }
1855
1856 /*
1857 * Consume CFDATA as much as we have already gotten and
1858 * compute the sum of CFDATA.
1859 */
1860 static int64_t
cab_minimum_consume_cfdata(struct archive_read * a,int64_t consumed_bytes)1861 cab_minimum_consume_cfdata(struct archive_read *a, int64_t consumed_bytes)
1862 {
1863 struct cab *cab = (struct cab *)(a->format->data);
1864 struct cfdata *cfdata;
1865 int64_t cbytes, rbytes;
1866 int err;
1867
1868 cfdata = cab->entry_cfdata;
1869 rbytes = consumed_bytes;
1870 if (cab->entry_cffolder->comptype == COMPTYPE_NONE) {
1871 if (consumed_bytes < cfdata->unconsumed)
1872 cbytes = consumed_bytes;
1873 else
1874 cbytes = cfdata->unconsumed;
1875 rbytes -= cbytes;
1876 cfdata->read_offset += (uint16_t)cbytes;
1877 cfdata->uncompressed_bytes_remaining -= (uint16_t)cbytes;
1878 cfdata->unconsumed -= cbytes;
1879 } else {
1880 cbytes = cfdata->uncompressed_avail - cfdata->read_offset;
1881 if (cbytes > 0) {
1882 if (consumed_bytes < cbytes)
1883 cbytes = consumed_bytes;
1884 rbytes -= cbytes;
1885 cfdata->read_offset += (uint16_t)cbytes;
1886 cfdata->uncompressed_bytes_remaining -= (uint16_t)cbytes;
1887 }
1888
1889 if (cfdata->unconsumed) {
1890 cbytes = cfdata->unconsumed;
1891 cfdata->unconsumed = 0;
1892 } else
1893 cbytes = 0;
1894 }
1895 if (cbytes) {
1896 /* Compute the sum. */
1897 cab_checksum_update(a, (size_t)cbytes);
1898
1899 /* Consume as much as the compressor actually used. */
1900 __archive_read_consume(a, cbytes);
1901 cab->cab_offset += cbytes;
1902 cfdata->compressed_bytes_remaining -= (uint16_t)cbytes;
1903 if (cfdata->compressed_bytes_remaining == 0) {
1904 err = cab_checksum_finish(a);
1905 if (err < 0)
1906 return (err);
1907 }
1908 }
1909 return (rbytes);
1910 }
1911
1912 /*
1913 * Returns ARCHIVE_OK if successful, ARCHIVE_FATAL otherwise, sets
1914 * cab->end_of_entry if it consumes all of the data.
1915 */
1916 static int
cab_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1917 cab_read_data(struct archive_read *a, const void **buff,
1918 size_t *size, int64_t *offset)
1919 {
1920 struct cab *cab = (struct cab *)(a->format->data);
1921 ssize_t bytes_avail;
1922
1923 if (cab->entry_bytes_remaining == 0) {
1924 *buff = NULL;
1925 *size = 0;
1926 *offset = cab->entry_offset;
1927 cab->end_of_entry = 1;
1928 return (ARCHIVE_OK);
1929 }
1930
1931 *buff = cab_read_ahead_cfdata(a, &bytes_avail);
1932 if (bytes_avail <= 0) {
1933 *buff = NULL;
1934 *size = 0;
1935 *offset = 0;
1936 if (bytes_avail == 0 &&
1937 cab->entry_cfdata->uncompressed_size == 0) {
1938 /* All of CFDATA in a folder has been handled. */
1939 archive_set_error(&a->archive,
1940 ARCHIVE_ERRNO_FILE_FORMAT, "Invalid CFDATA");
1941 return (ARCHIVE_FATAL);
1942 } else
1943 return ((int)bytes_avail);
1944 }
1945 if (bytes_avail > cab->entry_bytes_remaining)
1946 bytes_avail = (ssize_t)cab->entry_bytes_remaining;
1947
1948 *size = bytes_avail;
1949 *offset = cab->entry_offset;
1950 cab->entry_offset += bytes_avail;
1951 cab->entry_bytes_remaining -= bytes_avail;
1952 if (cab->entry_bytes_remaining == 0)
1953 cab->end_of_entry = 1;
1954 cab->entry_unconsumed = bytes_avail;
1955 if (cab->entry_cffolder->comptype == COMPTYPE_NONE) {
1956 /* Don't consume more than current entry used. */
1957 if (cab->entry_cfdata->unconsumed > cab->entry_unconsumed)
1958 cab->entry_cfdata->unconsumed = cab->entry_unconsumed;
1959 }
1960 return (ARCHIVE_OK);
1961 }
1962
1963 static int
archive_read_format_cab_read_data_skip(struct archive_read * a)1964 archive_read_format_cab_read_data_skip(struct archive_read *a)
1965 {
1966 struct cab *cab;
1967 int64_t bytes_skipped;
1968 int r;
1969
1970 cab = (struct cab *)(a->format->data);
1971
1972 if (cab->end_of_archive)
1973 return (ARCHIVE_EOF);
1974
1975 if (!cab->read_data_invoked) {
1976 cab->bytes_skipped += cab->entry_bytes_remaining;
1977 cab->entry_bytes_remaining = 0;
1978 /* This entry is finished and done. */
1979 cab->end_of_entry_cleanup = cab->end_of_entry = 1;
1980 return (ARCHIVE_OK);
1981 }
1982
1983 if (cab->entry_unconsumed) {
1984 /* Consume as much as the compressor actually used. */
1985 r = (int)cab_consume_cfdata(a, cab->entry_unconsumed);
1986 cab->entry_unconsumed = 0;
1987 if (r < 0)
1988 return (r);
1989 } else if (cab->entry_cfdata == NULL) {
1990 r = cab_next_cfdata(a);
1991 if (r < 0)
1992 return (r);
1993 }
1994
1995 /* if we've already read to end of data, we're done. */
1996 if (cab->end_of_entry_cleanup)
1997 return (ARCHIVE_OK);
1998
1999 /*
2000 * If the length is at the beginning, we can skip the
2001 * compressed data much more quickly.
2002 */
2003 bytes_skipped = cab_consume_cfdata(a, cab->entry_bytes_remaining);
2004 if (bytes_skipped < 0)
2005 return (ARCHIVE_FATAL);
2006
2007 /* If the compression type is none(uncompressed), we've already
2008 * consumed data as much as the current entry size. */
2009 if (cab->entry_cffolder->comptype == COMPTYPE_NONE &&
2010 cab->entry_cfdata != NULL)
2011 cab->entry_cfdata->unconsumed = 0;
2012
2013 /* This entry is finished and done. */
2014 cab->end_of_entry_cleanup = cab->end_of_entry = 1;
2015 return (ARCHIVE_OK);
2016 }
2017
2018 static int
archive_read_format_cab_cleanup(struct archive_read * a)2019 archive_read_format_cab_cleanup(struct archive_read *a)
2020 {
2021 struct cab *cab = (struct cab *)(a->format->data);
2022 struct cfheader *hd = &cab->cfheader;
2023 int i;
2024
2025 if (hd->folder_array != NULL) {
2026 for (i = 0; i < hd->folder_count; i++)
2027 free(hd->folder_array[i].cfdata.memimage);
2028 free(hd->folder_array);
2029 }
2030 if (hd->file_array != NULL) {
2031 for (i = 0; i < cab->cfheader.file_count; i++)
2032 archive_string_free(&(hd->file_array[i].pathname));
2033 free(hd->file_array);
2034 }
2035 #ifdef HAVE_ZLIB_H
2036 if (cab->stream_valid)
2037 inflateEnd(&cab->stream);
2038 #endif
2039 lzx_decode_free(&cab->xstrm);
2040 archive_wstring_free(&cab->ws);
2041 free(cab->uncompressed_buffer);
2042 free(cab);
2043 (a->format->data) = NULL;
2044 return (ARCHIVE_OK);
2045 }
2046
2047 /* Convert an MSDOS-style date/time into Unix-style time. */
2048 static time_t
cab_dos_time(const unsigned char * p)2049 cab_dos_time(const unsigned char *p)
2050 {
2051 int msTime, msDate;
2052 struct tm ts;
2053
2054 msDate = archive_le16dec(p);
2055 msTime = archive_le16dec(p+2);
2056
2057 memset(&ts, 0, sizeof(ts));
2058 ts.tm_year = ((msDate >> 9) & 0x7f) + 80; /* Years since 1900. */
2059 ts.tm_mon = ((msDate >> 5) & 0x0f) - 1; /* Month number. */
2060 ts.tm_mday = msDate & 0x1f; /* Day of month. */
2061 ts.tm_hour = (msTime >> 11) & 0x1f;
2062 ts.tm_min = (msTime >> 5) & 0x3f;
2063 ts.tm_sec = (msTime << 1) & 0x3e;
2064 ts.tm_isdst = -1;
2065 return (mktime(&ts));
2066 }
2067
2068 /*****************************************************************
2069 *
2070 * LZX decompression code.
2071 *
2072 *****************************************************************/
2073
2074 /*
2075 * Initialize LZX decoder.
2076 *
2077 * Returns ARCHIVE_OK if initialization was successful.
2078 * Returns ARCHIVE_FAILED if w_bits has unsupported value.
2079 * Returns ARCHIVE_FATAL if initialization failed; memory allocation
2080 * error occurred.
2081 */
2082 static int
lzx_decode_init(struct lzx_stream * strm,int w_bits)2083 lzx_decode_init(struct lzx_stream *strm, int w_bits)
2084 {
2085 struct lzx_dec *ds;
2086 int slot, w_size, w_slot;
2087 int base, footer;
2088 int base_inc[18];
2089
2090 if (strm->ds == NULL) {
2091 strm->ds = calloc(1, sizeof(*strm->ds));
2092 if (strm->ds == NULL)
2093 return (ARCHIVE_FATAL);
2094 }
2095 ds = strm->ds;
2096 ds->error = ARCHIVE_FAILED;
2097
2098 /* Allow bits from 15(32KBi) up to 21(2MBi) */
2099 if (w_bits < SLOT_BASE || w_bits > SLOT_MAX)
2100 return (ARCHIVE_FAILED);
2101
2102 ds->error = ARCHIVE_FATAL;
2103
2104 /*
2105 * Alloc window
2106 */
2107 w_size = ds->w_size;
2108 w_slot = slots[w_bits - SLOT_BASE];
2109 ds->w_size = 1U << w_bits;
2110 ds->w_mask = ds->w_size -1;
2111 if (ds->w_buff == NULL || w_size != ds->w_size) {
2112 free(ds->w_buff);
2113 ds->w_buff = malloc(ds->w_size);
2114 if (ds->w_buff == NULL)
2115 return (ARCHIVE_FATAL);
2116 free(ds->pos_tbl);
2117 ds->pos_tbl = malloc(sizeof(ds->pos_tbl[0]) * w_slot);
2118 if (ds->pos_tbl == NULL)
2119 return (ARCHIVE_FATAL);
2120 }
2121
2122 for (footer = 0; footer < 18; footer++)
2123 base_inc[footer] = 1 << footer;
2124 base = footer = 0;
2125 for (slot = 0; slot < w_slot; slot++) {
2126 int n;
2127 if (footer == 0)
2128 base = slot;
2129 else
2130 base += base_inc[footer];
2131 if (footer < 17) {
2132 footer = -2;
2133 for (n = base; n; n >>= 1)
2134 footer++;
2135 if (footer <= 0)
2136 footer = 0;
2137 }
2138 ds->pos_tbl[slot].base = base;
2139 ds->pos_tbl[slot].footer_bits = footer;
2140 }
2141
2142 ds->w_pos = 0;
2143 ds->state = 0;
2144 ds->br.cache_buffer = 0;
2145 ds->br.cache_avail = 0;
2146 ds->r0 = ds->r1 = ds->r2 = 1;
2147
2148 /* Initialize aligned offset tree. */
2149 if (lzx_huffman_init(&(ds->at), 8, 8) != ARCHIVE_OK)
2150 return (ARCHIVE_FATAL);
2151
2152 /* Initialize pre-tree. */
2153 if (lzx_huffman_init(&(ds->pt), 20, 10) != ARCHIVE_OK)
2154 return (ARCHIVE_FATAL);
2155
2156 /* Initialize Main tree. */
2157 if (lzx_huffman_init(&(ds->mt), 256+(w_slot<<3), 16)
2158 != ARCHIVE_OK)
2159 return (ARCHIVE_FATAL);
2160
2161 /* Initialize Length tree. */
2162 if (lzx_huffman_init(&(ds->lt), 249, 16) != ARCHIVE_OK)
2163 return (ARCHIVE_FATAL);
2164
2165 ds->error = 0;
2166
2167 return (ARCHIVE_OK);
2168 }
2169
2170 /*
2171 * Release LZX decoder.
2172 */
2173 static void
lzx_decode_free(struct lzx_stream * strm)2174 lzx_decode_free(struct lzx_stream *strm)
2175 {
2176
2177 if (strm->ds == NULL)
2178 return;
2179 free(strm->ds->w_buff);
2180 free(strm->ds->pos_tbl);
2181 lzx_huffman_free(&(strm->ds->at));
2182 lzx_huffman_free(&(strm->ds->pt));
2183 lzx_huffman_free(&(strm->ds->mt));
2184 lzx_huffman_free(&(strm->ds->lt));
2185 free(strm->ds);
2186 strm->ds = NULL;
2187 }
2188
2189 /*
2190 * E8 Call Translation reversal.
2191 */
2192 static void
lzx_translation(struct lzx_stream * strm,void * p,size_t size,uint32_t offset)2193 lzx_translation(struct lzx_stream *strm, void *p, size_t size, uint32_t offset)
2194 {
2195 struct lzx_dec *ds = strm->ds;
2196 unsigned char *b, *end;
2197
2198 if (!ds->translation || size <= 10)
2199 return;
2200 b = p;
2201 end = b + size - 10;
2202 while (b < end && (b = memchr(b, 0xE8, end - b)) != NULL) {
2203 size_t i = b - (unsigned char *)p;
2204 int32_t cp, displacement, value;
2205
2206 cp = (int32_t)(offset + (uint32_t)i);
2207 value = archive_le32dec(&b[1]);
2208 if (value >= -cp && value < (int32_t)ds->translation_size) {
2209 if (value >= 0)
2210 displacement = value - cp;
2211 else
2212 displacement = value + ds->translation_size;
2213 archive_le32enc(&b[1], (uint32_t)displacement);
2214 }
2215 b += 5;
2216 }
2217 }
2218
2219 /*
2220 * Bit stream reader.
2221 */
2222 /* Check that the cache buffer has enough bits. */
2223 #define lzx_br_has(br, n) ((br)->cache_avail >= n)
2224 /* Get compressed data by bit. */
2225 #define lzx_br_bits(br, n) \
2226 (((uint32_t)((br)->cache_buffer >> \
2227 ((br)->cache_avail - (n)))) & cache_masks[n])
2228 #define lzx_br_bits_forced(br, n) \
2229 (((uint32_t)((br)->cache_buffer << \
2230 ((n) - (br)->cache_avail))) & cache_masks[n])
2231 /* Read ahead to make sure the cache buffer has enough compressed data we
2232 * will use.
2233 * True : completed, there is enough data in the cache buffer.
2234 * False : we met that strm->next_in is empty, we have to get following
2235 * bytes. */
2236 #define lzx_br_read_ahead_0(strm, br, n) \
2237 (lzx_br_has((br), (n)) || lzx_br_fillup(strm, br))
2238 /* True : the cache buffer has some bits as much as we need.
2239 * False : there are no enough bits in the cache buffer to be used,
2240 * we have to get following bytes if we could. */
2241 #define lzx_br_read_ahead(strm, br, n) \
2242 (lzx_br_read_ahead_0((strm), (br), (n)) || lzx_br_has((br), (n)))
2243
2244 /* Notify how many bits we consumed. */
2245 #define lzx_br_consume(br, n) ((br)->cache_avail -= (n))
2246 #define lzx_br_consume_unaligned_bits(br) ((br)->cache_avail &= ~0x0f)
2247
2248 #define lzx_br_is_unaligned(br) ((br)->cache_avail & 0x0f)
2249
2250 static const uint32_t cache_masks[] = {
2251 0x00000000, 0x00000001, 0x00000003, 0x00000007,
2252 0x0000000F, 0x0000001F, 0x0000003F, 0x0000007F,
2253 0x000000FF, 0x000001FF, 0x000003FF, 0x000007FF,
2254 0x00000FFF, 0x00001FFF, 0x00003FFF, 0x00007FFF,
2255 0x0000FFFF, 0x0001FFFF, 0x0003FFFF, 0x0007FFFF,
2256 0x000FFFFF, 0x001FFFFF, 0x003FFFFF, 0x007FFFFF,
2257 0x00FFFFFF, 0x01FFFFFF, 0x03FFFFFF, 0x07FFFFFF,
2258 0x0FFFFFFF, 0x1FFFFFFF, 0x3FFFFFFF, 0x7FFFFFFF,
2259 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
2260 };
2261
2262 /*
2263 * Shift away used bits in the cache data and fill it up with following bits.
2264 * Call this when cache buffer does not have enough bits you need.
2265 *
2266 * Returns 1 if the cache buffer is full.
2267 * Returns 0 if the cache buffer is not full; input buffer is empty.
2268 */
2269 static int
lzx_br_fillup(struct lzx_stream * strm,struct lzx_br * br)2270 lzx_br_fillup(struct lzx_stream *strm, struct lzx_br *br)
2271 {
2272 /*
2273 * x86 processor family can read misaligned data without an access error.
2274 */
2275 int n = CACHE_BITS - br->cache_avail;
2276
2277 for (;;) {
2278 switch (n >> 4) {
2279 case 4:
2280 if (strm->avail_in >= 8) {
2281 br->cache_buffer =
2282 ((uint64_t)strm->next_in[1]) << 56 |
2283 ((uint64_t)strm->next_in[0]) << 48 |
2284 ((uint64_t)strm->next_in[3]) << 40 |
2285 ((uint64_t)strm->next_in[2]) << 32 |
2286 ((uint32_t)strm->next_in[5]) << 24 |
2287 ((uint32_t)strm->next_in[4]) << 16 |
2288 ((uint32_t)strm->next_in[7]) << 8 |
2289 (uint32_t)strm->next_in[6];
2290 strm->next_in += 8;
2291 strm->avail_in -= 8;
2292 br->cache_avail += 8 * 8;
2293 return (1);
2294 }
2295 break;
2296 case 3:
2297 if (strm->avail_in >= 6) {
2298 br->cache_buffer =
2299 (br->cache_buffer << 48) |
2300 ((uint64_t)strm->next_in[1]) << 40 |
2301 ((uint64_t)strm->next_in[0]) << 32 |
2302 ((uint64_t)strm->next_in[3]) << 24 |
2303 ((uint64_t)strm->next_in[2]) << 16 |
2304 ((uint64_t)strm->next_in[5]) << 8 |
2305 (uint64_t)strm->next_in[4];
2306 strm->next_in += 6;
2307 strm->avail_in -= 6;
2308 br->cache_avail += 6 * 8;
2309 return (1);
2310 }
2311 break;
2312 case 0:
2313 /* We have enough compressed data in
2314 * the cache buffer.*/
2315 return (1);
2316 default:
2317 break;
2318 }
2319 if (strm->avail_in < 2) {
2320 /* There is not enough compressed data to
2321 * fill up the cache buffer. */
2322 if (strm->avail_in == 1) {
2323 br->odd = *strm->next_in++;
2324 strm->avail_in--;
2325 br->have_odd = 1;
2326 }
2327 return (0);
2328 }
2329 br->cache_buffer =
2330 (br->cache_buffer << 16) |
2331 archive_le16dec(strm->next_in);
2332 strm->next_in += 2;
2333 strm->avail_in -= 2;
2334 br->cache_avail += 16;
2335 n -= 16;
2336 }
2337 }
2338
2339 static void
lzx_br_fixup(struct lzx_stream * strm,struct lzx_br * br)2340 lzx_br_fixup(struct lzx_stream *strm, struct lzx_br *br)
2341 {
2342 int n = CACHE_BITS - br->cache_avail;
2343
2344 if (br->have_odd && n >= 16 && strm->avail_in > 0) {
2345 br->cache_buffer =
2346 (br->cache_buffer << 16) |
2347 ((uint16_t)(*strm->next_in)) << 8 | br->odd;
2348 strm->next_in++;
2349 strm->avail_in--;
2350 br->cache_avail += 16;
2351 br->have_odd = 0;
2352 }
2353 }
2354
2355 static void
lzx_cleanup_bitstream(struct lzx_stream * strm)2356 lzx_cleanup_bitstream(struct lzx_stream *strm)
2357 {
2358 strm->ds->br.cache_avail = 0;
2359 strm->ds->br.have_odd = 0;
2360 }
2361
2362 /*
2363 * Decode LZX.
2364 *
2365 * 1. Returns ARCHIVE_OK if output buffer or input buffer are empty.
2366 * Please set available buffer and call this function again.
2367 * 2. Returns ARCHIVE_EOF if decompression has been completed.
2368 * 3. Returns ARCHIVE_FAILED if an error occurred; compressed data
2369 * is broken or you do not set 'last' flag properly.
2370 */
2371 #define ST_RD_TRANSLATION 0
2372 #define ST_RD_TRANSLATION_SIZE 1
2373 #define ST_RD_BLOCK_TYPE 2
2374 #define ST_RD_BLOCK_SIZE 3
2375 #define ST_RD_ALIGNMENT 4
2376 #define ST_RD_R0 5
2377 #define ST_RD_R1 6
2378 #define ST_RD_R2 7
2379 #define ST_COPY_UNCOMP1 8
2380 #define ST_COPY_UNCOMP2 9
2381 #define ST_RD_ALIGNED_OFFSET 10
2382 #define ST_RD_VERBATIM 11
2383 #define ST_RD_PRE_MAIN_TREE_256 12
2384 #define ST_MAIN_TREE_256 13
2385 #define ST_RD_PRE_MAIN_TREE_REM 14
2386 #define ST_MAIN_TREE_REM 15
2387 #define ST_RD_PRE_LENGTH_TREE 16
2388 #define ST_LENGTH_TREE 17
2389 #define ST_MAIN 18
2390 #define ST_LENGTH 19
2391 #define ST_OFFSET 20
2392 #define ST_REAL_POS 21
2393 #define ST_COPY 22
2394
2395 static int
lzx_decode(struct lzx_stream * strm,int last)2396 lzx_decode(struct lzx_stream *strm, int last)
2397 {
2398 struct lzx_dec *ds = strm->ds;
2399 int64_t avail_in;
2400 int r;
2401
2402 if (ds->error)
2403 return (ds->error);
2404
2405 avail_in = strm->avail_in;
2406 lzx_br_fixup(strm, &(ds->br));
2407 do {
2408 if (ds->state < ST_MAIN)
2409 r = lzx_read_blocks(strm, last);
2410 else {
2411 int64_t bytes_written = strm->avail_out;
2412 r = lzx_decode_blocks(strm, last);
2413 bytes_written -= strm->avail_out;
2414 strm->next_out += bytes_written;
2415 strm->total_out += bytes_written;
2416 }
2417 } while (r == 100);
2418 strm->total_in += avail_in - strm->avail_in;
2419 return (r);
2420 }
2421
2422 static int
lzx_read_blocks(struct lzx_stream * strm,int last)2423 lzx_read_blocks(struct lzx_stream *strm, int last)
2424 {
2425 struct lzx_dec *ds = strm->ds;
2426 struct lzx_br *br = &(ds->br);
2427 int i, r;
2428
2429 for (;;) {
2430 switch (ds->state) {
2431 case ST_RD_TRANSLATION:
2432 if (!lzx_br_read_ahead(strm, br, 1)) {
2433 ds->state = ST_RD_TRANSLATION;
2434 if (last)
2435 goto failed;
2436 return (ARCHIVE_OK);
2437 }
2438 ds->translation = lzx_br_bits(br, 1);
2439 lzx_br_consume(br, 1);
2440 /* FALL THROUGH */
2441 case ST_RD_TRANSLATION_SIZE:
2442 if (ds->translation) {
2443 if (!lzx_br_read_ahead(strm, br, 32)) {
2444 ds->state = ST_RD_TRANSLATION_SIZE;
2445 if (last)
2446 goto failed;
2447 return (ARCHIVE_OK);
2448 }
2449 ds->translation_size = lzx_br_bits(br, 16);
2450 lzx_br_consume(br, 16);
2451 ds->translation_size <<= 16;
2452 ds->translation_size |= lzx_br_bits(br, 16);
2453 lzx_br_consume(br, 16);
2454 }
2455 /* FALL THROUGH */
2456 case ST_RD_BLOCK_TYPE:
2457 if (!lzx_br_read_ahead(strm, br, 3)) {
2458 ds->state = ST_RD_BLOCK_TYPE;
2459 if (last)
2460 goto failed;
2461 return (ARCHIVE_OK);
2462 }
2463 ds->block_type = lzx_br_bits(br, 3);
2464 lzx_br_consume(br, 3);
2465 /* Check a block type. */
2466 switch (ds->block_type) {
2467 case VERBATIM_BLOCK:
2468 case ALIGNED_OFFSET_BLOCK:
2469 case UNCOMPRESSED_BLOCK:
2470 break;
2471 default:
2472 goto failed;/* Invalid */
2473 }
2474 /* FALL THROUGH */
2475 case ST_RD_BLOCK_SIZE:
2476 if (!lzx_br_read_ahead(strm, br, 24)) {
2477 ds->state = ST_RD_BLOCK_SIZE;
2478 if (last)
2479 goto failed;
2480 return (ARCHIVE_OK);
2481 }
2482 ds->block_size = lzx_br_bits(br, 8);
2483 lzx_br_consume(br, 8);
2484 ds->block_size <<= 16;
2485 ds->block_size |= lzx_br_bits(br, 16);
2486 lzx_br_consume(br, 16);
2487 if (ds->block_size == 0)
2488 goto failed;
2489 ds->block_bytes_avail = ds->block_size;
2490 if (ds->block_type != UNCOMPRESSED_BLOCK) {
2491 if (ds->block_type == VERBATIM_BLOCK)
2492 ds->state = ST_RD_VERBATIM;
2493 else
2494 ds->state = ST_RD_ALIGNED_OFFSET;
2495 break;
2496 }
2497 /* FALL THROUGH */
2498 case ST_RD_ALIGNMENT:
2499 /*
2500 * Handle an Uncompressed Block.
2501 */
2502 /* Skip padding to align following field on
2503 * 16-bit boundary. */
2504 if (lzx_br_is_unaligned(br))
2505 lzx_br_consume_unaligned_bits(br);
2506 else {
2507 if (lzx_br_read_ahead(strm, br, 16))
2508 lzx_br_consume(br, 16);
2509 else {
2510 ds->state = ST_RD_ALIGNMENT;
2511 if (last)
2512 goto failed;
2513 return (ARCHIVE_OK);
2514 }
2515 }
2516 /* Preparation to read repeated offsets R0,R1 and R2. */
2517 ds->rbytes_avail = 0;
2518 ds->state = ST_RD_R0;
2519 /* FALL THROUGH */
2520 case ST_RD_R0:
2521 case ST_RD_R1:
2522 case ST_RD_R2:
2523 do {
2524 uint16_t u16;
2525 /* Drain bits in the cache buffer of
2526 * bit-stream. */
2527 if (lzx_br_has(br, 32)) {
2528 u16 = lzx_br_bits(br, 16);
2529 lzx_br_consume(br, 16);
2530 archive_le16enc(ds->rbytes, u16);
2531 u16 = lzx_br_bits(br, 16);
2532 lzx_br_consume(br, 16);
2533 archive_le16enc(ds->rbytes+2, u16);
2534 ds->rbytes_avail = 4;
2535 } else if (lzx_br_has(br, 16)) {
2536 u16 = lzx_br_bits(br, 16);
2537 lzx_br_consume(br, 16);
2538 archive_le16enc(ds->rbytes, u16);
2539 ds->rbytes_avail = 2;
2540 }
2541 if (ds->rbytes_avail < 4 && ds->br.have_odd) {
2542 ds->rbytes[ds->rbytes_avail++] =
2543 ds->br.odd;
2544 ds->br.have_odd = 0;
2545 }
2546 while (ds->rbytes_avail < 4) {
2547 if (strm->avail_in <= 0) {
2548 if (last)
2549 goto failed;
2550 return (ARCHIVE_OK);
2551 }
2552 ds->rbytes[ds->rbytes_avail++] =
2553 *strm->next_in++;
2554 strm->avail_in--;
2555 }
2556 ds->rbytes_avail = 0;
2557 if (ds->state == ST_RD_R0) {
2558 ds->r0 = archive_le32dec(ds->rbytes);
2559 if (ds->r0 < 0)
2560 goto failed;
2561 ds->state = ST_RD_R1;
2562 } else if (ds->state == ST_RD_R1) {
2563 ds->r1 = archive_le32dec(ds->rbytes);
2564 if (ds->r1 < 0)
2565 goto failed;
2566 ds->state = ST_RD_R2;
2567 } else if (ds->state == ST_RD_R2) {
2568 ds->r2 = archive_le32dec(ds->rbytes);
2569 if (ds->r2 < 0)
2570 goto failed;
2571 /* We've gotten all repeated offsets. */
2572 ds->state = ST_COPY_UNCOMP1;
2573 }
2574 } while (ds->state != ST_COPY_UNCOMP1);
2575 /* FALL THROUGH */
2576 case ST_COPY_UNCOMP1:
2577 /*
2578 * Copy bytes form next_in to next_out directly.
2579 */
2580 while (ds->block_bytes_avail) {
2581 int l;
2582
2583 if (strm->avail_out <= 0)
2584 /* Output buffer is empty. */
2585 return (ARCHIVE_OK);
2586 if (strm->avail_in <= 0) {
2587 /* Input buffer is empty. */
2588 if (last)
2589 goto failed;
2590 return (ARCHIVE_OK);
2591 }
2592 l = (int)ds->block_bytes_avail;
2593 if (l > ds->w_size - ds->w_pos)
2594 l = ds->w_size - ds->w_pos;
2595 if (l > strm->avail_out)
2596 l = (int)strm->avail_out;
2597 if (l > strm->avail_in)
2598 l = (int)strm->avail_in;
2599 memcpy(strm->next_out, strm->next_in, l);
2600 memcpy(&(ds->w_buff[ds->w_pos]),
2601 strm->next_in, l);
2602 strm->next_in += l;
2603 strm->avail_in -= l;
2604 strm->next_out += l;
2605 strm->avail_out -= l;
2606 strm->total_out += l;
2607 ds->w_pos = (ds->w_pos + l) & ds->w_mask;
2608 ds->block_bytes_avail -= l;
2609 }
2610 /* FALL THROUGH */
2611 case ST_COPY_UNCOMP2:
2612 /* Re-align; skip padding byte. */
2613 if (ds->block_size & 1) {
2614 if (strm->avail_in <= 0) {
2615 /* Input buffer is empty. */
2616 ds->state = ST_COPY_UNCOMP2;
2617 if (last)
2618 goto failed;
2619 return (ARCHIVE_OK);
2620 }
2621 strm->next_in++;
2622 strm->avail_in --;
2623 }
2624 /* This block ended. */
2625 ds->state = ST_RD_BLOCK_TYPE;
2626 return (ARCHIVE_EOF);
2627 /********************/
2628 case ST_RD_ALIGNED_OFFSET:
2629 /*
2630 * Read Aligned offset tree.
2631 */
2632 if (!lzx_br_read_ahead(strm, br, 3 * ds->at.len_size)) {
2633 ds->state = ST_RD_ALIGNED_OFFSET;
2634 if (last)
2635 goto failed;
2636 return (ARCHIVE_OK);
2637 }
2638 memset(ds->at.freq, 0, sizeof(ds->at.freq));
2639 for (i = 0; i < ds->at.len_size; i++) {
2640 ds->at.bitlen[i] = lzx_br_bits(br, 3);
2641 ds->at.freq[ds->at.bitlen[i]]++;
2642 lzx_br_consume(br, 3);
2643 }
2644 if (!lzx_make_huffman_table(&ds->at))
2645 goto failed;
2646 /* FALL THROUGH */
2647 case ST_RD_VERBATIM:
2648 ds->loop = 0;
2649 /* FALL THROUGH */
2650 case ST_RD_PRE_MAIN_TREE_256:
2651 /*
2652 * Read Pre-tree for first 256 elements of main tree.
2653 */
2654 if (!lzx_read_pre_tree(strm)) {
2655 ds->state = ST_RD_PRE_MAIN_TREE_256;
2656 if (last)
2657 goto failed;
2658 return (ARCHIVE_OK);
2659 }
2660 if (!lzx_make_huffman_table(&ds->pt))
2661 goto failed;
2662 ds->loop = 0;
2663 /* FALL THROUGH */
2664 case ST_MAIN_TREE_256:
2665 /*
2666 * Get path lengths of first 256 elements of main tree.
2667 */
2668 r = lzx_read_bitlen(strm, &ds->mt, 256);
2669 if (r < 0)
2670 goto failed;
2671 else if (!r) {
2672 ds->state = ST_MAIN_TREE_256;
2673 if (last)
2674 goto failed;
2675 return (ARCHIVE_OK);
2676 }
2677 ds->loop = 0;
2678 /* FALL THROUGH */
2679 case ST_RD_PRE_MAIN_TREE_REM:
2680 /*
2681 * Read Pre-tree for remaining elements of main tree.
2682 */
2683 if (!lzx_read_pre_tree(strm)) {
2684 ds->state = ST_RD_PRE_MAIN_TREE_REM;
2685 if (last)
2686 goto failed;
2687 return (ARCHIVE_OK);
2688 }
2689 if (!lzx_make_huffman_table(&ds->pt))
2690 goto failed;
2691 ds->loop = 256;
2692 /* FALL THROUGH */
2693 case ST_MAIN_TREE_REM:
2694 /*
2695 * Get path lengths of remaining elements of main tree.
2696 */
2697 r = lzx_read_bitlen(strm, &ds->mt, -1);
2698 if (r < 0)
2699 goto failed;
2700 else if (!r) {
2701 ds->state = ST_MAIN_TREE_REM;
2702 if (last)
2703 goto failed;
2704 return (ARCHIVE_OK);
2705 }
2706 if (!lzx_make_huffman_table(&ds->mt))
2707 goto failed;
2708 ds->loop = 0;
2709 /* FALL THROUGH */
2710 case ST_RD_PRE_LENGTH_TREE:
2711 /*
2712 * Read Pre-tree for remaining elements of main tree.
2713 */
2714 if (!lzx_read_pre_tree(strm)) {
2715 ds->state = ST_RD_PRE_LENGTH_TREE;
2716 if (last)
2717 goto failed;
2718 return (ARCHIVE_OK);
2719 }
2720 if (!lzx_make_huffman_table(&ds->pt))
2721 goto failed;
2722 ds->loop = 0;
2723 /* FALL THROUGH */
2724 case ST_LENGTH_TREE:
2725 /*
2726 * Get path lengths of remaining elements of main tree.
2727 */
2728 r = lzx_read_bitlen(strm, &ds->lt, -1);
2729 if (r < 0)
2730 goto failed;
2731 else if (!r) {
2732 ds->state = ST_LENGTH_TREE;
2733 if (last)
2734 goto failed;
2735 return (ARCHIVE_OK);
2736 }
2737 if (!lzx_make_huffman_table(&ds->lt))
2738 goto failed;
2739 ds->state = ST_MAIN;
2740 return (100);
2741 }
2742 }
2743 failed:
2744 return (ds->error = ARCHIVE_FAILED);
2745 }
2746
2747 static int
lzx_decode_blocks(struct lzx_stream * strm,int last)2748 lzx_decode_blocks(struct lzx_stream *strm, int last)
2749 {
2750 struct lzx_dec *ds = strm->ds;
2751 struct lzx_br bre = ds->br;
2752 struct huffman *at = &(ds->at), *lt = &(ds->lt), *mt = &(ds->mt);
2753 const struct lzx_pos_tbl *pos_tbl = ds->pos_tbl;
2754 unsigned char *noutp = strm->next_out;
2755 unsigned char *endp = noutp + strm->avail_out;
2756 unsigned char *w_buff = ds->w_buff;
2757 unsigned char *at_bitlen = at->bitlen;
2758 unsigned char *lt_bitlen = lt->bitlen;
2759 unsigned char *mt_bitlen = mt->bitlen;
2760 size_t block_bytes_avail = ds->block_bytes_avail;
2761 int at_max_bits = at->max_bits;
2762 int lt_max_bits = lt->max_bits;
2763 int mt_max_bits = mt->max_bits;
2764 int c, copy_len = ds->copy_len, copy_pos = ds->copy_pos;
2765 int w_pos = ds->w_pos, w_mask = ds->w_mask, w_size = ds->w_size;
2766 int length_header = ds->length_header;
2767 int offset_bits = ds->offset_bits;
2768 int position_slot = ds->position_slot;
2769 int r0 = ds->r0, r1 = ds->r1, r2 = ds->r2;
2770 int state = ds->state;
2771 char block_type = ds->block_type;
2772
2773 for (;;) {
2774 switch (state) {
2775 case ST_MAIN:
2776 for (;;) {
2777 if (block_bytes_avail == 0) {
2778 /* This block ended. */
2779 ds->state = ST_RD_BLOCK_TYPE;
2780 ds->br = bre;
2781 ds->block_bytes_avail =
2782 block_bytes_avail;
2783 ds->copy_len = copy_len;
2784 ds->copy_pos = copy_pos;
2785 ds->length_header = length_header;
2786 ds->position_slot = position_slot;
2787 ds->r0 = r0; ds->r1 = r1; ds->r2 = r2;
2788 ds->w_pos = w_pos;
2789 strm->avail_out = endp - noutp;
2790 return (ARCHIVE_EOF);
2791 }
2792 if (noutp >= endp)
2793 /* Output buffer is empty. */
2794 goto next_data;
2795
2796 if (!lzx_br_read_ahead(strm, &bre,
2797 mt_max_bits)) {
2798 if (!last)
2799 goto next_data;
2800 /* Remaining bits are less than
2801 * maximum bits(mt.max_bits) but maybe
2802 * it still remains as much as we need,
2803 * so we should try to use it with
2804 * dummy bits. */
2805 c = lzx_decode_huffman(mt,
2806 lzx_br_bits_forced(
2807 &bre, mt_max_bits));
2808 lzx_br_consume(&bre, mt_bitlen[c]);
2809 if (!lzx_br_has(&bre, 0))
2810 goto failed;/* Over read. */
2811 } else {
2812 c = lzx_decode_huffman(mt,
2813 lzx_br_bits(&bre, mt_max_bits));
2814 lzx_br_consume(&bre, mt_bitlen[c]);
2815 }
2816 if (c > UCHAR_MAX)
2817 break;
2818 /*
2819 * 'c' is exactly literal code.
2820 */
2821 /* Save a decoded code to reference it
2822 * afterward. */
2823 w_buff[w_pos] = c;
2824 w_pos = (w_pos + 1) & w_mask;
2825 /* Store the decoded code to output buffer. */
2826 *noutp++ = c;
2827 block_bytes_avail--;
2828 }
2829 /*
2830 * Get a match code, its length and offset.
2831 */
2832 c -= UCHAR_MAX + 1;
2833 length_header = c & 7;
2834 position_slot = c >> 3;
2835 /* FALL THROUGH */
2836 case ST_LENGTH:
2837 /*
2838 * Get a length.
2839 */
2840 if (length_header == 7) {
2841 if (!lzx_br_read_ahead(strm, &bre,
2842 lt_max_bits)) {
2843 if (!last) {
2844 state = ST_LENGTH;
2845 goto next_data;
2846 }
2847 c = lzx_decode_huffman(lt,
2848 lzx_br_bits_forced(
2849 &bre, lt_max_bits));
2850 lzx_br_consume(&bre, lt_bitlen[c]);
2851 if (!lzx_br_has(&bre, 0))
2852 goto failed;/* Over read. */
2853 } else {
2854 c = lzx_decode_huffman(lt,
2855 lzx_br_bits(&bre, lt_max_bits));
2856 lzx_br_consume(&bre, lt_bitlen[c]);
2857 }
2858 copy_len = c + 7 + 2;
2859 } else
2860 copy_len = length_header + 2;
2861 if ((size_t)copy_len > block_bytes_avail)
2862 goto failed;
2863 /*
2864 * Get an offset.
2865 */
2866 switch (position_slot) {
2867 case 0: /* Use repeated offset 0. */
2868 copy_pos = r0;
2869 state = ST_REAL_POS;
2870 continue;
2871 case 1: /* Use repeated offset 1. */
2872 copy_pos = r1;
2873 /* Swap repeated offset. */
2874 r1 = r0;
2875 r0 = copy_pos;
2876 state = ST_REAL_POS;
2877 continue;
2878 case 2: /* Use repeated offset 2. */
2879 copy_pos = r2;
2880 /* Swap repeated offset. */
2881 r2 = r0;
2882 r0 = copy_pos;
2883 state = ST_REAL_POS;
2884 continue;
2885 default:
2886 offset_bits =
2887 pos_tbl[position_slot].footer_bits;
2888 break;
2889 }
2890 /* FALL THROUGH */
2891 case ST_OFFSET:
2892 /*
2893 * Get the offset, which is a distance from
2894 * current window position.
2895 */
2896 if (block_type == ALIGNED_OFFSET_BLOCK &&
2897 offset_bits >= 3) {
2898 int offbits = offset_bits - 3;
2899
2900 if (!lzx_br_read_ahead(strm, &bre, offbits)) {
2901 state = ST_OFFSET;
2902 if (last)
2903 goto failed;
2904 goto next_data;
2905 }
2906 copy_pos = lzx_br_bits(&bre, offbits) << 3;
2907
2908 /* Get an aligned number. */
2909 if (!lzx_br_read_ahead(strm, &bre,
2910 offbits + at_max_bits)) {
2911 if (!last) {
2912 state = ST_OFFSET;
2913 goto next_data;
2914 }
2915 lzx_br_consume(&bre, offbits);
2916 c = lzx_decode_huffman(at,
2917 lzx_br_bits_forced(&bre,
2918 at_max_bits));
2919 lzx_br_consume(&bre, at_bitlen[c]);
2920 if (!lzx_br_has(&bre, 0))
2921 goto failed;/* Over read. */
2922 } else {
2923 lzx_br_consume(&bre, offbits);
2924 c = lzx_decode_huffman(at,
2925 lzx_br_bits(&bre, at_max_bits));
2926 lzx_br_consume(&bre, at_bitlen[c]);
2927 }
2928 /* Add an aligned number. */
2929 copy_pos += c;
2930 } else {
2931 if (!lzx_br_read_ahead(strm, &bre,
2932 offset_bits)) {
2933 state = ST_OFFSET;
2934 if (last)
2935 goto failed;
2936 goto next_data;
2937 }
2938 copy_pos = lzx_br_bits(&bre, offset_bits);
2939 lzx_br_consume(&bre, offset_bits);
2940 }
2941 copy_pos += pos_tbl[position_slot].base -2;
2942
2943 /* Update repeated offset LRU queue. */
2944 r2 = r1;
2945 r1 = r0;
2946 r0 = copy_pos;
2947 /* FALL THROUGH */
2948 case ST_REAL_POS:
2949 /*
2950 * Compute a real position in window.
2951 */
2952 copy_pos = (w_pos - copy_pos) & w_mask;
2953 /* FALL THROUGH */
2954 case ST_COPY:
2955 /*
2956 * Copy several bytes as extracted data from the window
2957 * into the output buffer.
2958 */
2959 for (;;) {
2960 const unsigned char *s;
2961 int l;
2962
2963 l = copy_len;
2964 if (copy_pos > w_pos) {
2965 if (l > w_size - copy_pos)
2966 l = w_size - copy_pos;
2967 } else {
2968 if (l > w_size - w_pos)
2969 l = w_size - w_pos;
2970 }
2971 if (noutp + l >= endp)
2972 l = (int)(endp - noutp);
2973 s = w_buff + copy_pos;
2974 if (l >= 8 && ((copy_pos + l < w_pos)
2975 || (w_pos + l < copy_pos))) {
2976 memcpy(w_buff + w_pos, s, l);
2977 memcpy(noutp, s, l);
2978 } else {
2979 unsigned char *d;
2980 int li;
2981
2982 d = w_buff + w_pos;
2983 for (li = 0; li < l; li++)
2984 noutp[li] = d[li] = s[li];
2985 }
2986 noutp += l;
2987 copy_pos = (copy_pos + l) & w_mask;
2988 w_pos = (w_pos + l) & w_mask;
2989 block_bytes_avail -= l;
2990 if (copy_len <= l)
2991 /* A copy of current pattern ended. */
2992 break;
2993 copy_len -= l;
2994 if (noutp >= endp) {
2995 /* Output buffer is empty. */
2996 state = ST_COPY;
2997 goto next_data;
2998 }
2999 }
3000 state = ST_MAIN;
3001 break;
3002 }
3003 }
3004 failed:
3005 return (ds->error = ARCHIVE_FAILED);
3006 next_data:
3007 ds->br = bre;
3008 ds->block_bytes_avail = block_bytes_avail;
3009 ds->copy_len = copy_len;
3010 ds->copy_pos = copy_pos;
3011 ds->length_header = length_header;
3012 ds->offset_bits = offset_bits;
3013 ds->position_slot = position_slot;
3014 ds->r0 = r0; ds->r1 = r1; ds->r2 = r2;
3015 ds->state = state;
3016 ds->w_pos = w_pos;
3017 strm->avail_out = endp - noutp;
3018 return (ARCHIVE_OK);
3019 }
3020
3021 static int
lzx_read_pre_tree(struct lzx_stream * strm)3022 lzx_read_pre_tree(struct lzx_stream *strm)
3023 {
3024 struct lzx_dec *ds = strm->ds;
3025 struct lzx_br *br = &(ds->br);
3026 int i;
3027
3028 if (ds->loop == 0)
3029 memset(ds->pt.freq, 0, sizeof(ds->pt.freq));
3030 for (i = ds->loop; i < ds->pt.len_size; i++) {
3031 if (!lzx_br_read_ahead(strm, br, 4)) {
3032 ds->loop = i;
3033 return (0);
3034 }
3035 ds->pt.bitlen[i] = lzx_br_bits(br, 4);
3036 ds->pt.freq[ds->pt.bitlen[i]]++;
3037 lzx_br_consume(br, 4);
3038 }
3039 ds->loop = i;
3040 return (1);
3041 }
3042
3043 /*
3044 * Read a bunch of bit-lengths from pre-tree.
3045 */
3046 static int
lzx_read_bitlen(struct lzx_stream * strm,struct huffman * d,int end)3047 lzx_read_bitlen(struct lzx_stream *strm, struct huffman *d, int end)
3048 {
3049 struct lzx_dec *ds = strm->ds;
3050 struct lzx_br *br = &(ds->br);
3051 int c, i, j, ret, same;
3052 unsigned rbits;
3053
3054 i = ds->loop;
3055 if (i == 0)
3056 memset(d->freq, 0, sizeof(d->freq));
3057 ret = 0;
3058 if (end < 0)
3059 end = d->len_size;
3060 while (i < end) {
3061 ds->loop = i;
3062 if (!lzx_br_read_ahead(strm, br, ds->pt.max_bits))
3063 goto getdata;
3064 rbits = lzx_br_bits(br, ds->pt.max_bits);
3065 c = lzx_decode_huffman(&(ds->pt), rbits);
3066 switch (c) {
3067 case 17:/* several zero lengths, from 4 to 19. */
3068 if (!lzx_br_read_ahead(strm, br, ds->pt.bitlen[c]+4))
3069 goto getdata;
3070 lzx_br_consume(br, ds->pt.bitlen[c]);
3071 same = lzx_br_bits(br, 4) + 4;
3072 if (i + same > end)
3073 return (-1);/* Invalid */
3074 lzx_br_consume(br, 4);
3075 for (j = 0; j < same; j++)
3076 d->bitlen[i++] = 0;
3077 break;
3078 case 18:/* many zero lengths, from 20 to 51. */
3079 if (!lzx_br_read_ahead(strm, br, ds->pt.bitlen[c]+5))
3080 goto getdata;
3081 lzx_br_consume(br, ds->pt.bitlen[c]);
3082 same = lzx_br_bits(br, 5) + 20;
3083 if (i + same > end)
3084 return (-1);/* Invalid */
3085 lzx_br_consume(br, 5);
3086 memset(d->bitlen + i, 0, same);
3087 i += same;
3088 break;
3089 case 19:/* a few same lengths. */
3090 if (!lzx_br_read_ahead(strm, br,
3091 ds->pt.bitlen[c]+1+ds->pt.max_bits))
3092 goto getdata;
3093 lzx_br_consume(br, ds->pt.bitlen[c]);
3094 same = lzx_br_bits(br, 1) + 4;
3095 if (i + same > end)
3096 return (-1);
3097 lzx_br_consume(br, 1);
3098 rbits = lzx_br_bits(br, ds->pt.max_bits);
3099 c = lzx_decode_huffman(&(ds->pt), rbits);
3100 lzx_br_consume(br, ds->pt.bitlen[c]);
3101 c = (d->bitlen[i] - c + 17) % 17;
3102 if (c < 0)
3103 return (-1);/* Invalid */
3104 for (j = 0; j < same; j++)
3105 d->bitlen[i++] = c;
3106 d->freq[c] += same;
3107 break;
3108 default:
3109 lzx_br_consume(br, ds->pt.bitlen[c]);
3110 c = (d->bitlen[i] - c + 17) % 17;
3111 if (c < 0)
3112 return (-1);/* Invalid */
3113 d->freq[c]++;
3114 d->bitlen[i++] = c;
3115 break;
3116 }
3117 }
3118 ret = 1;
3119 getdata:
3120 ds->loop = i;
3121 return (ret);
3122 }
3123
3124 static int
lzx_huffman_init(struct huffman * hf,size_t len_size,int tbl_bits)3125 lzx_huffman_init(struct huffman *hf, size_t len_size, int tbl_bits)
3126 {
3127
3128 if (hf->bitlen == NULL || hf->len_size != (int)len_size) {
3129 free(hf->bitlen);
3130 hf->bitlen = calloc(len_size, sizeof(hf->bitlen[0]));
3131 if (hf->bitlen == NULL)
3132 return (ARCHIVE_FATAL);
3133 hf->len_size = (int)len_size;
3134 } else
3135 memset(hf->bitlen, 0, len_size * sizeof(hf->bitlen[0]));
3136 if (hf->tbl == NULL) {
3137 hf->tbl = malloc(((size_t)1 << tbl_bits) * sizeof(hf->tbl[0]));
3138 if (hf->tbl == NULL)
3139 return (ARCHIVE_FATAL);
3140 hf->tbl_bits = tbl_bits;
3141 }
3142 return (ARCHIVE_OK);
3143 }
3144
3145 static void
lzx_huffman_free(struct huffman * hf)3146 lzx_huffman_free(struct huffman *hf)
3147 {
3148 free(hf->bitlen);
3149 free(hf->tbl);
3150 }
3151
3152 /*
3153 * Make a huffman coding table.
3154 */
3155 static int
lzx_make_huffman_table(struct huffman * hf)3156 lzx_make_huffman_table(struct huffman *hf)
3157 {
3158 uint16_t *tbl;
3159 const unsigned char *bitlen;
3160 int bitptn[17], weight[17];
3161 int i, maxbits = 0, ptn, tbl_size, w;
3162 int len_avail;
3163
3164 /*
3165 * Initialize bit patterns.
3166 */
3167 ptn = 0;
3168 for (i = 1, w = 1 << 15; i <= 16; i++, w >>= 1) {
3169 bitptn[i] = ptn;
3170 weight[i] = w;
3171 if (hf->freq[i]) {
3172 ptn += hf->freq[i] * w;
3173 maxbits = i;
3174 }
3175 }
3176 if ((ptn & 0xffff) != 0 || maxbits > hf->tbl_bits)
3177 return (0);/* Invalid */
3178
3179 hf->max_bits = maxbits;
3180
3181 /*
3182 * Cut out extra bits which we won't house in the table.
3183 * This preparation reduces the same calculation in the for-loop
3184 * making the table.
3185 */
3186 if (maxbits < 16) {
3187 int ebits = 16 - maxbits;
3188 for (i = 1; i <= maxbits; i++) {
3189 bitptn[i] >>= ebits;
3190 weight[i] >>= ebits;
3191 }
3192 }
3193
3194 /*
3195 * Make the table.
3196 */
3197 tbl_size = 1 << hf->tbl_bits;
3198 tbl = hf->tbl;
3199 bitlen = hf->bitlen;
3200 len_avail = hf->len_size;
3201 hf->tree_used = 0;
3202 for (i = 0; i < len_avail; i++) {
3203 uint16_t *p;
3204 int len, cnt;
3205
3206 if (bitlen[i] == 0)
3207 continue;
3208 /* Get a bit pattern */
3209 len = bitlen[i];
3210 if (len > tbl_size)
3211 return (0);
3212 ptn = bitptn[len];
3213 cnt = weight[len];
3214 /* Calculate next bit pattern */
3215 if ((bitptn[len] = ptn + cnt) > tbl_size)
3216 return (0);/* Invalid */
3217 /* Update the table */
3218 p = &(tbl[ptn]);
3219 while (--cnt >= 0)
3220 p[cnt] = (uint16_t)i;
3221 }
3222 return (1);
3223 }
3224
3225 static inline int
lzx_decode_huffman(struct huffman * hf,unsigned rbits)3226 lzx_decode_huffman(struct huffman *hf, unsigned rbits)
3227 {
3228 int c;
3229 c = hf->tbl[rbits];
3230 if (c < hf->len_size)
3231 return (c);
3232 return (0);
3233 }
3234