xref: /freebsd/contrib/xz/src/liblzma/common/block_header_decoder.c (revision d7847a8d351436a4654bd2c746bc9c04401160ee)
1 // SPDX-License-Identifier: 0BSD
2 
3 ///////////////////////////////////////////////////////////////////////////////
4 //
5 /// \file       block_header_decoder.c
6 /// \brief      Decodes Block Header from .xz files
7 //
8 //  Author:     Lasse Collin
9 //
10 ///////////////////////////////////////////////////////////////////////////////
11 
12 #include "common.h"
13 #include "check.h"
14 
15 
16 extern LZMA_API(lzma_ret)
17 lzma_block_header_decode(lzma_block *block,
18 		const lzma_allocator *allocator, const uint8_t *in)
19 {
20 	// NOTE: We consider the header to be corrupt not only when the
21 	// CRC32 doesn't match, but also when variable-length integers
22 	// are invalid or over 63 bits, or if the header is too small
23 	// to contain the claimed information.
24 
25 	// Catch unexpected NULL pointers.
26 	if (block == NULL || block->filters == NULL || in == NULL)
27 		return LZMA_PROG_ERROR;
28 
29 	// Initialize the filter options array. This way the caller can
30 	// safely free() the options even if an error occurs in this function.
31 	for (size_t i = 0; i <= LZMA_FILTERS_MAX; ++i) {
32 		block->filters[i].id = LZMA_VLI_UNKNOWN;
33 		block->filters[i].options = NULL;
34 	}
35 
36 	// Versions 0 and 1 are supported. If a newer version was specified,
37 	// we need to downgrade it.
38 	if (block->version > 1)
39 		block->version = 1;
40 
41 	// This isn't a Block Header option, but since the decompressor will
42 	// read it if version >= 1, it's better to initialize it here than
43 	// to expect the caller to do it since in almost all cases this
44 	// should be false.
45 	block->ignore_check = false;
46 
47 	// Validate Block Header Size and Check type. The caller must have
48 	// already set these, so it is a programming error if this test fails.
49 	if (lzma_block_header_size_decode(in[0]) != block->header_size
50 			|| (unsigned int)(block->check) > LZMA_CHECK_ID_MAX)
51 		return LZMA_PROG_ERROR;
52 
53 	// Exclude the CRC32 field.
54 	const size_t in_size = block->header_size - 4;
55 
56 	// Verify CRC32
57 	if (lzma_crc32(in, in_size, 0) != read32le(in + in_size)) {
58 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
59 		return LZMA_DATA_ERROR;
60 #endif
61 	}
62 
63 	// Check for unsupported flags.
64 	if (in[1] & 0x3C)
65 		return LZMA_OPTIONS_ERROR;
66 
67 	// Start after the Block Header Size and Block Flags fields.
68 	size_t in_pos = 2;
69 
70 	// Compressed Size
71 	if (in[1] & 0x40) {
72 		return_if_error(lzma_vli_decode(&block->compressed_size,
73 				NULL, in, &in_pos, in_size));
74 
75 		// Validate Compressed Size. This checks that it isn't zero
76 		// and that the total size of the Block is a valid VLI.
77 		if (lzma_block_unpadded_size(block) == 0)
78 			return LZMA_DATA_ERROR;
79 	} else {
80 		block->compressed_size = LZMA_VLI_UNKNOWN;
81 	}
82 
83 	// Uncompressed Size
84 	if (in[1] & 0x80)
85 		return_if_error(lzma_vli_decode(&block->uncompressed_size,
86 				NULL, in, &in_pos, in_size));
87 	else
88 		block->uncompressed_size = LZMA_VLI_UNKNOWN;
89 
90 	// Filter Flags
91 	const size_t filter_count = (in[1] & 3U) + 1;
92 	for (size_t i = 0; i < filter_count; ++i) {
93 		const lzma_ret ret = lzma_filter_flags_decode(
94 				&block->filters[i], allocator,
95 				in, &in_pos, in_size);
96 		if (ret != LZMA_OK) {
97 			lzma_filters_free(block->filters, allocator);
98 			return ret;
99 		}
100 	}
101 
102 	// Padding
103 	while (in_pos < in_size) {
104 		if (in[in_pos++] != 0x00) {
105 			lzma_filters_free(block->filters, allocator);
106 
107 			// Possibly some new field present so use
108 			// LZMA_OPTIONS_ERROR instead of LZMA_DATA_ERROR.
109 			return LZMA_OPTIONS_ERROR;
110 		}
111 	}
112 
113 	return LZMA_OK;
114 }
115