xref: /freebsd/contrib/xz/src/liblzma/common/lzip_decoder.c (revision aa1a8ff2d6dbc51ef058f46f3db5a8bb77967145)
1 ///////////////////////////////////////////////////////////////////////////////
2 //
3 /// \file       lzip_decoder.c
4 /// \brief      Decodes .lz (lzip) files
5 //
6 //  Author:     Michał Górny
7 //              Lasse Collin
8 //
9 //  This file has been put into the public domain.
10 //  You can do whatever you want with this file.
11 //
12 ///////////////////////////////////////////////////////////////////////////////
13 
14 #include "lzip_decoder.h"
15 #include "lzma_decoder.h"
16 #include "check.h"
17 
18 
19 // .lz format version 0 lacks the 64-bit Member size field in the footer.
20 #define LZIP_V0_FOOTER_SIZE 12
21 #define LZIP_V1_FOOTER_SIZE 20
22 #define LZIP_FOOTER_SIZE_MAX LZIP_V1_FOOTER_SIZE
23 
24 // lc/lp/pb are hardcoded in the .lz format.
25 #define LZIP_LC 3
26 #define LZIP_LP 0
27 #define LZIP_PB 2
28 
29 
30 typedef struct {
31 	enum {
32 		SEQ_ID_STRING,
33 		SEQ_VERSION,
34 		SEQ_DICT_SIZE,
35 		SEQ_CODER_INIT,
36 		SEQ_LZMA_STREAM,
37 		SEQ_MEMBER_FOOTER,
38 	} sequence;
39 
40 	/// .lz member format version
41 	uint32_t version;
42 
43 	/// CRC32 of the uncompressed data in the .lz member
44 	uint32_t crc32;
45 
46 	/// Uncompressed size of the .lz member
47 	uint64_t uncompressed_size;
48 
49 	/// Compressed size of the .lz member
50 	uint64_t member_size;
51 
52 	/// Memory usage limit
53 	uint64_t memlimit;
54 
55 	/// Amount of memory actually needed
56 	uint64_t memusage;
57 
58 	/// If true, LZMA_GET_CHECK is returned after decoding the header
59 	/// fields. As all files use CRC32 this is redundant but it's
60 	/// implemented anyway since the initialization functions supports
61 	/// all other flags in addition to LZMA_TELL_ANY_CHECK.
62 	bool tell_any_check;
63 
64 	/// If true, we won't calculate or verify the CRC32 of
65 	/// the uncompressed data.
66 	bool ignore_check;
67 
68 	/// If true, we will decode concatenated .lz members and stop if
69 	/// non-.lz data is seen after at least one member has been
70 	/// successfully decoded.
71 	bool concatenated;
72 
73 	/// When decoding concatenated .lz members, this is true as long as
74 	/// we are decoding the first .lz member. This is needed to avoid
75 	/// incorrect LZMA_FORMAT_ERROR in case there is non-.lz data at
76 	/// the end of the file.
77 	bool first_member;
78 
79 	/// Reading position in the header and footer fields
80 	size_t pos;
81 
82 	/// Buffer to hold the .lz footer fields
83 	uint8_t buffer[LZIP_FOOTER_SIZE_MAX];
84 
85 	/// Options decoded from the .lz header that needed to initialize
86 	/// the LZMA1 decoder.
87 	lzma_options_lzma options;
88 
89 	/// LZMA1 decoder
90 	lzma_next_coder lzma_decoder;
91 
92 } lzma_lzip_coder;
93 
94 
95 static lzma_ret
96 lzip_decode(void *coder_ptr, const lzma_allocator *allocator,
97 		const uint8_t *restrict in, size_t *restrict in_pos,
98 		size_t in_size, uint8_t *restrict out,
99 		size_t *restrict out_pos, size_t out_size, lzma_action action)
100 {
101 	lzma_lzip_coder *coder = coder_ptr;
102 
103 	while (true)
104 	switch (coder->sequence) {
105 	case SEQ_ID_STRING: {
106 		// The "ID string" or magic bytes are "LZIP" in US-ASCII.
107 		const uint8_t lzip_id_string[4] = { 0x4C, 0x5A, 0x49, 0x50 };
108 
109 		while (coder->pos < sizeof(lzip_id_string)) {
110 			if (*in_pos >= in_size) {
111 				// If we are on the 2nd+ concatenated member
112 				// and the input ends before we can read
113 				// the magic bytes, we discard the bytes that
114 				// were already read (up to 3) and finish.
115 				// See the reasoning below.
116 				return !coder->first_member
117 						&& action == LZMA_FINISH
118 					? LZMA_STREAM_END : LZMA_OK;
119 			}
120 
121 			if (in[*in_pos] != lzip_id_string[coder->pos]) {
122 				// The .lz format allows putting non-.lz data
123 				// at the end of the file. If we have seen
124 				// at least one valid .lz member already,
125 				// then we won't consume the byte at *in_pos
126 				// and will return LZMA_STREAM_END. This way
127 				// apps can easily locate and read the non-.lz
128 				// data after the .lz member(s).
129 				//
130 				// NOTE: If the first 1-3 bytes of the non-.lz
131 				// data match the .lz ID string then the first
132 				// 1-3 bytes of the junk will get ignored by
133 				// us. If apps want to properly locate the
134 				// trailing data they must ensure that the
135 				// first byte of their custom data isn't the
136 				// same as the first byte of .lz ID string.
137 				// With the liblzma API we cannot rewind the
138 				// input position across calls to lzma_code().
139 				return !coder->first_member
140 					? LZMA_STREAM_END : LZMA_FORMAT_ERROR;
141 			}
142 
143 			++*in_pos;
144 			++coder->pos;
145 		}
146 
147 		coder->pos = 0;
148 
149 		coder->crc32 = 0;
150 		coder->uncompressed_size = 0;
151 		coder->member_size = sizeof(lzip_id_string);
152 
153 		coder->sequence = SEQ_VERSION;
154 	}
155 
156 	// Fall through
157 
158 	case SEQ_VERSION:
159 		if (*in_pos >= in_size)
160 			return LZMA_OK;
161 
162 		coder->version = in[(*in_pos)++];
163 
164 		// We support version 0 and unextended version 1.
165 		if (coder->version > 1)
166 			return LZMA_OPTIONS_ERROR;
167 
168 		++coder->member_size;
169 		coder->sequence = SEQ_DICT_SIZE;
170 
171 		// .lz versions 0 and 1 use CRC32 as the integrity check
172 		// so if the application wanted to know that
173 		// (LZMA_TELL_ANY_CHECK) we can tell it now.
174 		if (coder->tell_any_check)
175 			return LZMA_GET_CHECK;
176 
177 	// Fall through
178 
179 	case SEQ_DICT_SIZE: {
180 		if (*in_pos >= in_size)
181 			return LZMA_OK;
182 
183 		const uint32_t ds = in[(*in_pos)++];
184 		++coder->member_size;
185 
186 		// The five lowest bits are for the base-2 logarithm of
187 		// the dictionary size and the highest three bits are
188 		// the fractional part (0/16 to 7/16) that will be
189 		// subtracted to get the final value.
190 		//
191 		// For example, with 0xB5:
192 		//     b2log = 21
193 		//     fracnum = 5
194 		//     dict_size = 2^21 - 2^21 * 5 / 16 = 1408 KiB
195 		const uint32_t b2log = ds & 0x1F;
196 		const uint32_t fracnum = ds >> 5;
197 
198 		// The format versions 0 and 1 allow dictionary size in the
199 		// range [4 KiB, 512 MiB].
200 		if (b2log < 12 || b2log > 29 || (b2log == 12 && fracnum > 0))
201 			return LZMA_DATA_ERROR;
202 
203 		//   2^[b2log] - 2^[b2log] * [fracnum] / 16
204 		// = 2^[b2log] - [fracnum] * 2^([b2log] - 4)
205 		coder->options.dict_size = (UINT32_C(1) << b2log)
206 				- (fracnum << (b2log - 4));
207 
208 		assert(coder->options.dict_size >= 4096);
209 		assert(coder->options.dict_size <= (UINT32_C(512) << 20));
210 
211 		coder->options.preset_dict = NULL;
212 		coder->options.lc = LZIP_LC;
213 		coder->options.lp = LZIP_LP;
214 		coder->options.pb = LZIP_PB;
215 
216 		// Calculate the memory usage.
217 		coder->memusage = lzma_lzma_decoder_memusage(&coder->options)
218 				+ LZMA_MEMUSAGE_BASE;
219 
220 		// Initialization is a separate step because if we return
221 		// LZMA_MEMLIMIT_ERROR we need to be able to restart after
222 		// the memlimit has been increased.
223 		coder->sequence = SEQ_CODER_INIT;
224 	}
225 
226 	// Fall through
227 
228 	case SEQ_CODER_INIT: {
229 		if (coder->memusage > coder->memlimit)
230 			return LZMA_MEMLIMIT_ERROR;
231 
232 		const lzma_filter_info filters[2] = {
233 			{
234 				.id = LZMA_FILTER_LZMA1,
235 				.init = &lzma_lzma_decoder_init,
236 				.options = &coder->options,
237 			}, {
238 				.init = NULL,
239 			}
240 		};
241 
242 		return_if_error(lzma_next_filter_init(&coder->lzma_decoder,
243 				allocator, filters));
244 
245 		coder->crc32 = 0;
246 		coder->sequence = SEQ_LZMA_STREAM;
247 	}
248 
249 	// Fall through
250 
251 	case SEQ_LZMA_STREAM: {
252 		const size_t in_start = *in_pos;
253 		const size_t out_start = *out_pos;
254 
255 		const lzma_ret ret = coder->lzma_decoder.code(
256 				coder->lzma_decoder.coder, allocator,
257 				in, in_pos, in_size, out, out_pos, out_size,
258 				action);
259 
260 		const size_t out_used = *out_pos - out_start;
261 
262 		coder->member_size += *in_pos - in_start;
263 		coder->uncompressed_size += out_used;
264 
265 		// Don't update the CRC32 if the integrity check will be
266 		// ignored or if there was no new output. The latter is
267 		// important in case out == NULL to avoid null pointer + 0
268 		// which is undefined behavior.
269 		if (!coder->ignore_check && out_used > 0)
270 			coder->crc32 = lzma_crc32(out + out_start, out_used,
271 					coder->crc32);
272 
273 		if (ret != LZMA_STREAM_END)
274 			return ret;
275 
276 		coder->sequence = SEQ_MEMBER_FOOTER;
277 	}
278 
279 	// Fall through
280 
281 	case SEQ_MEMBER_FOOTER: {
282 		// The footer of .lz version 0 lacks the Member size field.
283 		// This is the only difference between version 0 and
284 		// unextended version 1 formats.
285 		const size_t footer_size = coder->version == 0
286 				? LZIP_V0_FOOTER_SIZE
287 				: LZIP_V1_FOOTER_SIZE;
288 
289 		// Copy the CRC32, Data size, and Member size fields to
290 		// the internal buffer.
291 		lzma_bufcpy(in, in_pos, in_size, coder->buffer, &coder->pos,
292 				footer_size);
293 
294 		// Return if we didn't get the whole footer yet.
295 		if (coder->pos < footer_size)
296 			return LZMA_OK;
297 
298 		coder->pos = 0;
299 		coder->member_size += footer_size;
300 
301 		// Check that the footer fields match the observed data.
302 		if (!coder->ignore_check
303 				&& coder->crc32 != read32le(&coder->buffer[0]))
304 			return LZMA_DATA_ERROR;
305 
306 		if (coder->uncompressed_size != read64le(&coder->buffer[4]))
307 			return LZMA_DATA_ERROR;
308 
309 		if (coder->version > 0) {
310 			// .lz version 0 has no Member size field.
311 			if (coder->member_size != read64le(&coder->buffer[12]))
312 				return LZMA_DATA_ERROR;
313 		}
314 
315 		// Decoding is finished if we weren't requested to decode
316 		// more than one .lz member.
317 		if (!coder->concatenated)
318 			return LZMA_STREAM_END;
319 
320 		coder->first_member = false;
321 		coder->sequence = SEQ_ID_STRING;
322 		break;
323 	}
324 
325 	default:
326 		assert(0);
327 		return LZMA_PROG_ERROR;
328 	}
329 
330 	// Never reached
331 }
332 
333 
334 static void
335 lzip_decoder_end(void *coder_ptr, const lzma_allocator *allocator)
336 {
337 	lzma_lzip_coder *coder = coder_ptr;
338 	lzma_next_end(&coder->lzma_decoder, allocator);
339 	lzma_free(coder, allocator);
340 	return;
341 }
342 
343 
344 static lzma_check
345 lzip_decoder_get_check(const void *coder_ptr lzma_attribute((__unused__)))
346 {
347 	return LZMA_CHECK_CRC32;
348 }
349 
350 
351 static lzma_ret
352 lzip_decoder_memconfig(void *coder_ptr, uint64_t *memusage,
353 		uint64_t *old_memlimit, uint64_t new_memlimit)
354 {
355 	lzma_lzip_coder *coder = coder_ptr;
356 
357 	*memusage = coder->memusage;
358 	*old_memlimit = coder->memlimit;
359 
360 	if (new_memlimit != 0) {
361 		if (new_memlimit < coder->memusage)
362 			return LZMA_MEMLIMIT_ERROR;
363 
364 		coder->memlimit = new_memlimit;
365 	}
366 
367 	return LZMA_OK;
368 }
369 
370 
371 extern lzma_ret
372 lzma_lzip_decoder_init(
373 		lzma_next_coder *next, const lzma_allocator *allocator,
374 		uint64_t memlimit, uint32_t flags)
375 {
376 	lzma_next_coder_init(&lzma_lzip_decoder_init, next, allocator);
377 
378 	if (flags & ~LZMA_SUPPORTED_FLAGS)
379 		return LZMA_OPTIONS_ERROR;
380 
381 	lzma_lzip_coder *coder = next->coder;
382 	if (coder == NULL) {
383 		coder = lzma_alloc(sizeof(lzma_lzip_coder), allocator);
384 		if (coder == NULL)
385 			return LZMA_MEM_ERROR;
386 
387 		next->coder = coder;
388 		next->code = &lzip_decode;
389 		next->end = &lzip_decoder_end;
390 		next->get_check = &lzip_decoder_get_check;
391 		next->memconfig = &lzip_decoder_memconfig;
392 
393 		coder->lzma_decoder = LZMA_NEXT_CODER_INIT;
394 	}
395 
396 	coder->sequence = SEQ_ID_STRING;
397 	coder->memlimit = my_max(1, memlimit);
398 	coder->memusage = LZMA_MEMUSAGE_BASE;
399 	coder->tell_any_check = (flags & LZMA_TELL_ANY_CHECK) != 0;
400 	coder->ignore_check = (flags & LZMA_IGNORE_CHECK) != 0;
401 	coder->concatenated = (flags & LZMA_CONCATENATED) != 0;
402 	coder->first_member = true;
403 	coder->pos = 0;
404 
405 	return LZMA_OK;
406 }
407 
408 
409 extern LZMA_API(lzma_ret)
410 lzma_lzip_decoder(lzma_stream *strm, uint64_t memlimit, uint32_t flags)
411 {
412 	lzma_next_strm_init(lzma_lzip_decoder_init, strm, memlimit, flags);
413 
414 	strm->internal->supported_actions[LZMA_RUN] = true;
415 	strm->internal->supported_actions[LZMA_FINISH] = true;
416 
417 	return LZMA_OK;
418 }
419