1 // SPDX-License-Identifier: 0BSD 2 3 /////////////////////////////////////////////////////////////////////////////// 4 // 5 /// \file lzip_decoder.c 6 /// \brief Decodes .lz (lzip) files 7 // 8 // Author: Michał Górny 9 // Lasse Collin 10 // 11 /////////////////////////////////////////////////////////////////////////////// 12 13 #include "lzip_decoder.h" 14 #include "lzma_decoder.h" 15 #include "check.h" 16 17 18 // .lz format version 0 lacks the 64-bit Member size field in the footer. 19 #define LZIP_V0_FOOTER_SIZE 12 20 #define LZIP_V1_FOOTER_SIZE 20 21 #define LZIP_FOOTER_SIZE_MAX LZIP_V1_FOOTER_SIZE 22 23 // lc/lp/pb are hardcoded in the .lz format. 24 #define LZIP_LC 3 25 #define LZIP_LP 0 26 #define LZIP_PB 2 27 28 29 typedef struct { 30 enum { 31 SEQ_ID_STRING, 32 SEQ_VERSION, 33 SEQ_DICT_SIZE, 34 SEQ_CODER_INIT, 35 SEQ_LZMA_STREAM, 36 SEQ_MEMBER_FOOTER, 37 } sequence; 38 39 /// .lz member format version 40 uint32_t version; 41 42 /// CRC32 of the uncompressed data in the .lz member 43 uint32_t crc32; 44 45 /// Uncompressed size of the .lz member 46 uint64_t uncompressed_size; 47 48 /// Compressed size of the .lz member 49 uint64_t member_size; 50 51 /// Memory usage limit 52 uint64_t memlimit; 53 54 /// Amount of memory actually needed 55 uint64_t memusage; 56 57 /// If true, LZMA_GET_CHECK is returned after decoding the header 58 /// fields. As all files use CRC32 this is redundant but it's 59 /// implemented anyway since the initialization functions supports 60 /// all other flags in addition to LZMA_TELL_ANY_CHECK. 61 bool tell_any_check; 62 63 /// If true, we won't calculate or verify the CRC32 of 64 /// the uncompressed data. 65 bool ignore_check; 66 67 /// If true, we will decode concatenated .lz members and stop if 68 /// non-.lz data is seen after at least one member has been 69 /// successfully decoded. 70 bool concatenated; 71 72 /// When decoding concatenated .lz members, this is true as long as 73 /// we are decoding the first .lz member. This is needed to avoid 74 /// incorrect LZMA_FORMAT_ERROR in case there is non-.lz data at 75 /// the end of the file. 76 bool first_member; 77 78 /// Reading position in the header and footer fields 79 size_t pos; 80 81 /// Buffer to hold the .lz footer fields 82 uint8_t buffer[LZIP_FOOTER_SIZE_MAX]; 83 84 /// Options decoded from the .lz header that needed to initialize 85 /// the LZMA1 decoder. 86 lzma_options_lzma options; 87 88 /// LZMA1 decoder 89 lzma_next_coder lzma_decoder; 90 91 } lzma_lzip_coder; 92 93 94 static lzma_ret 95 lzip_decode(void *coder_ptr, const lzma_allocator *allocator, 96 const uint8_t *restrict in, size_t *restrict in_pos, 97 size_t in_size, uint8_t *restrict out, 98 size_t *restrict out_pos, size_t out_size, lzma_action action) 99 { 100 lzma_lzip_coder *coder = coder_ptr; 101 102 while (true) 103 switch (coder->sequence) { 104 case SEQ_ID_STRING: { 105 // The "ID string" or magic bytes are "LZIP" in US-ASCII. 106 const uint8_t lzip_id_string[4] = { 0x4C, 0x5A, 0x49, 0x50 }; 107 108 while (coder->pos < sizeof(lzip_id_string)) { 109 if (*in_pos >= in_size) { 110 // If we are on the 2nd+ concatenated member 111 // and the input ends before we can read 112 // the magic bytes, we discard the bytes that 113 // were already read (up to 3) and finish. 114 // See the reasoning below. 115 return !coder->first_member 116 && action == LZMA_FINISH 117 ? LZMA_STREAM_END : LZMA_OK; 118 } 119 120 if (in[*in_pos] != lzip_id_string[coder->pos]) { 121 // The .lz format allows putting non-.lz data 122 // at the end of the file. If we have seen 123 // at least one valid .lz member already, 124 // then we won't consume the byte at *in_pos 125 // and will return LZMA_STREAM_END. This way 126 // apps can easily locate and read the non-.lz 127 // data after the .lz member(s). 128 // 129 // NOTE: If the first 1-3 bytes of the non-.lz 130 // data match the .lz ID string then the first 131 // 1-3 bytes of the junk will get ignored by 132 // us. If apps want to properly locate the 133 // trailing data they must ensure that the 134 // first byte of their custom data isn't the 135 // same as the first byte of .lz ID string. 136 // With the liblzma API we cannot rewind the 137 // input position across calls to lzma_code(). 138 return !coder->first_member 139 ? LZMA_STREAM_END : LZMA_FORMAT_ERROR; 140 } 141 142 ++*in_pos; 143 ++coder->pos; 144 } 145 146 coder->pos = 0; 147 148 coder->crc32 = 0; 149 coder->uncompressed_size = 0; 150 coder->member_size = sizeof(lzip_id_string); 151 152 coder->sequence = SEQ_VERSION; 153 FALLTHROUGH; 154 } 155 156 case SEQ_VERSION: 157 if (*in_pos >= in_size) 158 return LZMA_OK; 159 160 coder->version = in[(*in_pos)++]; 161 162 // We support version 0 and unextended version 1. 163 if (coder->version > 1) 164 return LZMA_OPTIONS_ERROR; 165 166 ++coder->member_size; 167 coder->sequence = SEQ_DICT_SIZE; 168 169 // .lz versions 0 and 1 use CRC32 as the integrity check 170 // so if the application wanted to know that 171 // (LZMA_TELL_ANY_CHECK) we can tell it now. 172 if (coder->tell_any_check) 173 return LZMA_GET_CHECK; 174 175 FALLTHROUGH; 176 177 case SEQ_DICT_SIZE: { 178 if (*in_pos >= in_size) 179 return LZMA_OK; 180 181 const uint32_t ds = in[(*in_pos)++]; 182 ++coder->member_size; 183 184 // The five lowest bits are for the base-2 logarithm of 185 // the dictionary size and the highest three bits are 186 // the fractional part (0/16 to 7/16) that will be 187 // subtracted to get the final value. 188 // 189 // For example, with 0xB5: 190 // b2log = 21 191 // fracnum = 5 192 // dict_size = 2^21 - 2^21 * 5 / 16 = 1408 KiB 193 const uint32_t b2log = ds & 0x1F; 194 const uint32_t fracnum = ds >> 5; 195 196 // The format versions 0 and 1 allow dictionary size in the 197 // range [4 KiB, 512 MiB]. 198 if (b2log < 12 || b2log > 29 || (b2log == 12 && fracnum > 0)) 199 return LZMA_DATA_ERROR; 200 201 // 2^[b2log] - 2^[b2log] * [fracnum] / 16 202 // = 2^[b2log] - [fracnum] * 2^([b2log] - 4) 203 coder->options.dict_size = (UINT32_C(1) << b2log) 204 - (fracnum << (b2log - 4)); 205 206 assert(coder->options.dict_size >= 4096); 207 assert(coder->options.dict_size <= (UINT32_C(512) << 20)); 208 209 coder->options.preset_dict = NULL; 210 coder->options.lc = LZIP_LC; 211 coder->options.lp = LZIP_LP; 212 coder->options.pb = LZIP_PB; 213 214 // Calculate the memory usage. 215 coder->memusage = lzma_lzma_decoder_memusage(&coder->options) 216 + LZMA_MEMUSAGE_BASE; 217 218 // Initialization is a separate step because if we return 219 // LZMA_MEMLIMIT_ERROR we need to be able to restart after 220 // the memlimit has been increased. 221 coder->sequence = SEQ_CODER_INIT; 222 FALLTHROUGH; 223 } 224 225 case SEQ_CODER_INIT: { 226 if (coder->memusage > coder->memlimit) 227 return LZMA_MEMLIMIT_ERROR; 228 229 const lzma_filter_info filters[2] = { 230 { 231 .id = LZMA_FILTER_LZMA1, 232 .init = &lzma_lzma_decoder_init, 233 .options = &coder->options, 234 }, { 235 .init = NULL, 236 } 237 }; 238 239 return_if_error(lzma_next_filter_init(&coder->lzma_decoder, 240 allocator, filters)); 241 242 coder->crc32 = 0; 243 coder->sequence = SEQ_LZMA_STREAM; 244 FALLTHROUGH; 245 } 246 247 case SEQ_LZMA_STREAM: { 248 const size_t in_start = *in_pos; 249 const size_t out_start = *out_pos; 250 251 const lzma_ret ret = coder->lzma_decoder.code( 252 coder->lzma_decoder.coder, allocator, 253 in, in_pos, in_size, out, out_pos, out_size, 254 action); 255 256 const size_t out_used = *out_pos - out_start; 257 258 coder->member_size += *in_pos - in_start; 259 coder->uncompressed_size += out_used; 260 261 // Don't update the CRC32 if the integrity check will be 262 // ignored or if there was no new output. The latter is 263 // important in case out == NULL to avoid null pointer + 0 264 // which is undefined behavior. 265 if (!coder->ignore_check && out_used > 0) 266 coder->crc32 = lzma_crc32(out + out_start, out_used, 267 coder->crc32); 268 269 if (ret != LZMA_STREAM_END) 270 return ret; 271 272 coder->sequence = SEQ_MEMBER_FOOTER; 273 FALLTHROUGH; 274 } 275 276 case SEQ_MEMBER_FOOTER: { 277 // The footer of .lz version 0 lacks the Member size field. 278 // This is the only difference between version 0 and 279 // unextended version 1 formats. 280 const size_t footer_size = coder->version == 0 281 ? LZIP_V0_FOOTER_SIZE 282 : LZIP_V1_FOOTER_SIZE; 283 284 // Copy the CRC32, Data size, and Member size fields to 285 // the internal buffer. 286 lzma_bufcpy(in, in_pos, in_size, coder->buffer, &coder->pos, 287 footer_size); 288 289 // Return if we didn't get the whole footer yet. 290 if (coder->pos < footer_size) 291 return LZMA_OK; 292 293 coder->pos = 0; 294 coder->member_size += footer_size; 295 296 // Check that the footer fields match the observed data. 297 if (!coder->ignore_check 298 && coder->crc32 != read32le(&coder->buffer[0])) 299 return LZMA_DATA_ERROR; 300 301 if (coder->uncompressed_size != read64le(&coder->buffer[4])) 302 return LZMA_DATA_ERROR; 303 304 if (coder->version > 0) { 305 // .lz version 0 has no Member size field. 306 if (coder->member_size != read64le(&coder->buffer[12])) 307 return LZMA_DATA_ERROR; 308 } 309 310 // Decoding is finished if we weren't requested to decode 311 // more than one .lz member. 312 if (!coder->concatenated) 313 return LZMA_STREAM_END; 314 315 coder->first_member = false; 316 coder->sequence = SEQ_ID_STRING; 317 break; 318 } 319 320 default: 321 assert(0); 322 return LZMA_PROG_ERROR; 323 } 324 325 // Never reached 326 } 327 328 329 static void 330 lzip_decoder_end(void *coder_ptr, const lzma_allocator *allocator) 331 { 332 lzma_lzip_coder *coder = coder_ptr; 333 lzma_next_end(&coder->lzma_decoder, allocator); 334 lzma_free(coder, allocator); 335 return; 336 } 337 338 339 static lzma_check 340 lzip_decoder_get_check(const void *coder_ptr lzma_attribute((__unused__))) 341 { 342 return LZMA_CHECK_CRC32; 343 } 344 345 346 static lzma_ret 347 lzip_decoder_memconfig(void *coder_ptr, uint64_t *memusage, 348 uint64_t *old_memlimit, uint64_t new_memlimit) 349 { 350 lzma_lzip_coder *coder = coder_ptr; 351 352 *memusage = coder->memusage; 353 *old_memlimit = coder->memlimit; 354 355 if (new_memlimit != 0) { 356 if (new_memlimit < coder->memusage) 357 return LZMA_MEMLIMIT_ERROR; 358 359 coder->memlimit = new_memlimit; 360 } 361 362 return LZMA_OK; 363 } 364 365 366 extern lzma_ret 367 lzma_lzip_decoder_init( 368 lzma_next_coder *next, const lzma_allocator *allocator, 369 uint64_t memlimit, uint32_t flags) 370 { 371 lzma_next_coder_init(&lzma_lzip_decoder_init, next, allocator); 372 373 if (flags & ~LZMA_SUPPORTED_FLAGS) 374 return LZMA_OPTIONS_ERROR; 375 376 lzma_lzip_coder *coder = next->coder; 377 if (coder == NULL) { 378 coder = lzma_alloc(sizeof(lzma_lzip_coder), allocator); 379 if (coder == NULL) 380 return LZMA_MEM_ERROR; 381 382 next->coder = coder; 383 next->code = &lzip_decode; 384 next->end = &lzip_decoder_end; 385 next->get_check = &lzip_decoder_get_check; 386 next->memconfig = &lzip_decoder_memconfig; 387 388 coder->lzma_decoder = LZMA_NEXT_CODER_INIT; 389 } 390 391 coder->sequence = SEQ_ID_STRING; 392 coder->memlimit = my_max(1, memlimit); 393 coder->memusage = LZMA_MEMUSAGE_BASE; 394 coder->tell_any_check = (flags & LZMA_TELL_ANY_CHECK) != 0; 395 coder->ignore_check = (flags & LZMA_IGNORE_CHECK) != 0; 396 coder->concatenated = (flags & LZMA_CONCATENATED) != 0; 397 coder->first_member = true; 398 coder->pos = 0; 399 400 return LZMA_OK; 401 } 402 403 404 extern LZMA_API(lzma_ret) 405 lzma_lzip_decoder(lzma_stream *strm, uint64_t memlimit, uint32_t flags) 406 { 407 lzma_next_strm_init(lzma_lzip_decoder_init, strm, memlimit, flags); 408 409 strm->internal->supported_actions[LZMA_RUN] = true; 410 strm->internal->supported_actions[LZMA_FINISH] = true; 411 412 return LZMA_OK; 413 } 414