1*3b35e7eeSXin LI // SPDX-License-Identifier: 0BSD 2*3b35e7eeSXin LI 381ad8388SMartin Matuska /////////////////////////////////////////////////////////////////////////////// 481ad8388SMartin Matuska // 581ad8388SMartin Matuska /// \file block_header_decoder.c 681ad8388SMartin Matuska /// \brief Decodes Block Header from .xz files 781ad8388SMartin Matuska // 881ad8388SMartin Matuska // Author: Lasse Collin 981ad8388SMartin Matuska // 1081ad8388SMartin Matuska /////////////////////////////////////////////////////////////////////////////// 1181ad8388SMartin Matuska 1281ad8388SMartin Matuska #include "common.h" 1381ad8388SMartin Matuska #include "check.h" 1481ad8388SMartin Matuska 1581ad8388SMartin Matuska 1681ad8388SMartin Matuska extern LZMA_API(lzma_ret) 1781ad8388SMartin Matuska lzma_block_header_decode(lzma_block *block, 1853200025SRui Paulo const lzma_allocator *allocator, const uint8_t *in) 1981ad8388SMartin Matuska { 2081ad8388SMartin Matuska // NOTE: We consider the header to be corrupt not only when the 2181ad8388SMartin Matuska // CRC32 doesn't match, but also when variable-length integers 2281ad8388SMartin Matuska // are invalid or over 63 bits, or if the header is too small 2381ad8388SMartin Matuska // to contain the claimed information. 2481ad8388SMartin Matuska 2573ed8e77SXin LI // Catch unexpected NULL pointers. 2673ed8e77SXin LI if (block == NULL || block->filters == NULL || in == NULL) 2773ed8e77SXin LI return LZMA_PROG_ERROR; 2873ed8e77SXin LI 2981ad8388SMartin Matuska // Initialize the filter options array. This way the caller can 3081ad8388SMartin Matuska // safely free() the options even if an error occurs in this function. 3181ad8388SMartin Matuska for (size_t i = 0; i <= LZMA_FILTERS_MAX; ++i) { 3281ad8388SMartin Matuska block->filters[i].id = LZMA_VLI_UNKNOWN; 3381ad8388SMartin Matuska block->filters[i].options = NULL; 3481ad8388SMartin Matuska } 3581ad8388SMartin Matuska 3653200025SRui Paulo // Versions 0 and 1 are supported. If a newer version was specified, 3753200025SRui Paulo // we need to downgrade it. 3853200025SRui Paulo if (block->version > 1) 3953200025SRui Paulo block->version = 1; 4053200025SRui Paulo 4153200025SRui Paulo // This isn't a Block Header option, but since the decompressor will 4253200025SRui Paulo // read it if version >= 1, it's better to initialize it here than 4353200025SRui Paulo // to expect the caller to do it since in almost all cases this 4453200025SRui Paulo // should be false. 4553200025SRui Paulo block->ignore_check = false; 4681ad8388SMartin Matuska 4781ad8388SMartin Matuska // Validate Block Header Size and Check type. The caller must have 4881ad8388SMartin Matuska // already set these, so it is a programming error if this test fails. 4981ad8388SMartin Matuska if (lzma_block_header_size_decode(in[0]) != block->header_size 5081ad8388SMartin Matuska || (unsigned int)(block->check) > LZMA_CHECK_ID_MAX) 5181ad8388SMartin Matuska return LZMA_PROG_ERROR; 5281ad8388SMartin Matuska 5381ad8388SMartin Matuska // Exclude the CRC32 field. 5481ad8388SMartin Matuska const size_t in_size = block->header_size - 4; 5581ad8388SMartin Matuska 5681ad8388SMartin Matuska // Verify CRC32 5773ed8e77SXin LI if (lzma_crc32(in, in_size, 0) != read32le(in + in_size)) { 5873ed8e77SXin LI #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 5981ad8388SMartin Matuska return LZMA_DATA_ERROR; 6073ed8e77SXin LI #endif 6173ed8e77SXin LI } 6281ad8388SMartin Matuska 6381ad8388SMartin Matuska // Check for unsupported flags. 6481ad8388SMartin Matuska if (in[1] & 0x3C) 6581ad8388SMartin Matuska return LZMA_OPTIONS_ERROR; 6681ad8388SMartin Matuska 6781ad8388SMartin Matuska // Start after the Block Header Size and Block Flags fields. 6881ad8388SMartin Matuska size_t in_pos = 2; 6981ad8388SMartin Matuska 7081ad8388SMartin Matuska // Compressed Size 7181ad8388SMartin Matuska if (in[1] & 0x40) { 7281ad8388SMartin Matuska return_if_error(lzma_vli_decode(&block->compressed_size, 7381ad8388SMartin Matuska NULL, in, &in_pos, in_size)); 7481ad8388SMartin Matuska 7581ad8388SMartin Matuska // Validate Compressed Size. This checks that it isn't zero 7681ad8388SMartin Matuska // and that the total size of the Block is a valid VLI. 7781ad8388SMartin Matuska if (lzma_block_unpadded_size(block) == 0) 7881ad8388SMartin Matuska return LZMA_DATA_ERROR; 7981ad8388SMartin Matuska } else { 8081ad8388SMartin Matuska block->compressed_size = LZMA_VLI_UNKNOWN; 8181ad8388SMartin Matuska } 8281ad8388SMartin Matuska 8381ad8388SMartin Matuska // Uncompressed Size 8481ad8388SMartin Matuska if (in[1] & 0x80) 8581ad8388SMartin Matuska return_if_error(lzma_vli_decode(&block->uncompressed_size, 8681ad8388SMartin Matuska NULL, in, &in_pos, in_size)); 8781ad8388SMartin Matuska else 8881ad8388SMartin Matuska block->uncompressed_size = LZMA_VLI_UNKNOWN; 8981ad8388SMartin Matuska 9081ad8388SMartin Matuska // Filter Flags 91a8675d92SXin LI const size_t filter_count = (in[1] & 3U) + 1; 9281ad8388SMartin Matuska for (size_t i = 0; i < filter_count; ++i) { 9381ad8388SMartin Matuska const lzma_ret ret = lzma_filter_flags_decode( 9481ad8388SMartin Matuska &block->filters[i], allocator, 9581ad8388SMartin Matuska in, &in_pos, in_size); 9681ad8388SMartin Matuska if (ret != LZMA_OK) { 9773ed8e77SXin LI lzma_filters_free(block->filters, allocator); 9881ad8388SMartin Matuska return ret; 9981ad8388SMartin Matuska } 10081ad8388SMartin Matuska } 10181ad8388SMartin Matuska 10281ad8388SMartin Matuska // Padding 10381ad8388SMartin Matuska while (in_pos < in_size) { 10481ad8388SMartin Matuska if (in[in_pos++] != 0x00) { 10573ed8e77SXin LI lzma_filters_free(block->filters, allocator); 10681ad8388SMartin Matuska 10781ad8388SMartin Matuska // Possibly some new field present so use 10881ad8388SMartin Matuska // LZMA_OPTIONS_ERROR instead of LZMA_DATA_ERROR. 10981ad8388SMartin Matuska return LZMA_OPTIONS_ERROR; 11081ad8388SMartin Matuska } 11181ad8388SMartin Matuska } 11281ad8388SMartin Matuska 11381ad8388SMartin Matuska return LZMA_OK; 11481ad8388SMartin Matuska } 115