1 // SPDX-License-Identifier: 0BSD 2 3 /////////////////////////////////////////////////////////////////////////////// 4 // 5 /// \file lzip_decoder.c 6 /// \brief Decodes .lz (lzip) files 7 // 8 // Author: Michał Górny 9 // Lasse Collin 10 // 11 /////////////////////////////////////////////////////////////////////////////// 12 13 #include "lzip_decoder.h" 14 #include "lzma_decoder.h" 15 #include "check.h" 16 17 18 // .lz format version 0 lacks the 64-bit Member size field in the footer. 19 #define LZIP_V0_FOOTER_SIZE 12 20 #define LZIP_V1_FOOTER_SIZE 20 21 #define LZIP_FOOTER_SIZE_MAX LZIP_V1_FOOTER_SIZE 22 23 // lc/lp/pb are hardcoded in the .lz format. 24 #define LZIP_LC 3 25 #define LZIP_LP 0 26 #define LZIP_PB 2 27 28 29 typedef struct { 30 enum { 31 SEQ_ID_STRING, 32 SEQ_VERSION, 33 SEQ_DICT_SIZE, 34 SEQ_CODER_INIT, 35 SEQ_LZMA_STREAM, 36 SEQ_MEMBER_FOOTER, 37 } sequence; 38 39 /// .lz member format version 40 uint32_t version; 41 42 /// CRC32 of the uncompressed data in the .lz member 43 uint32_t crc32; 44 45 /// Uncompressed size of the .lz member 46 uint64_t uncompressed_size; 47 48 /// Compressed size of the .lz member 49 uint64_t member_size; 50 51 /// Memory usage limit 52 uint64_t memlimit; 53 54 /// Amount of memory actually needed 55 uint64_t memusage; 56 57 /// If true, LZMA_GET_CHECK is returned after decoding the header 58 /// fields. As all files use CRC32 this is redundant but it's 59 /// implemented anyway since the initialization functions supports 60 /// all other flags in addition to LZMA_TELL_ANY_CHECK. 61 bool tell_any_check; 62 63 /// If true, we won't calculate or verify the CRC32 of 64 /// the uncompressed data. 65 bool ignore_check; 66 67 /// If true, we will decode concatenated .lz members and stop if 68 /// non-.lz data is seen after at least one member has been 69 /// successfully decoded. 70 bool concatenated; 71 72 /// When decoding concatenated .lz members, this is true as long as 73 /// we are decoding the first .lz member. This is needed to avoid 74 /// incorrect LZMA_FORMAT_ERROR in case there is non-.lz data at 75 /// the end of the file. 76 bool first_member; 77 78 /// Reading position in the header and footer fields 79 size_t pos; 80 81 /// Buffer to hold the .lz footer fields 82 uint8_t buffer[LZIP_FOOTER_SIZE_MAX]; 83 84 /// Options decoded from the .lz header that needed to initialize 85 /// the LZMA1 decoder. 86 lzma_options_lzma options; 87 88 /// LZMA1 decoder 89 lzma_next_coder lzma_decoder; 90 91 } lzma_lzip_coder; 92 93 94 static lzma_ret 95 lzip_decode(void *coder_ptr, const lzma_allocator *allocator, 96 const uint8_t *restrict in, size_t *restrict in_pos, 97 size_t in_size, uint8_t *restrict out, 98 size_t *restrict out_pos, size_t out_size, lzma_action action) 99 { 100 lzma_lzip_coder *coder = coder_ptr; 101 102 while (true) 103 switch (coder->sequence) { 104 case SEQ_ID_STRING: { 105 // The "ID string" or magic bytes are "LZIP" in US-ASCII. 106 const uint8_t lzip_id_string[4] = { 0x4C, 0x5A, 0x49, 0x50 }; 107 108 while (coder->pos < sizeof(lzip_id_string)) { 109 if (*in_pos >= in_size) { 110 // If we are on the 2nd+ concatenated member 111 // and the input ends before we can read 112 // the magic bytes, we discard the bytes that 113 // were already read (up to 3) and finish. 114 // See the reasoning below. 115 return !coder->first_member 116 && action == LZMA_FINISH 117 ? LZMA_STREAM_END : LZMA_OK; 118 } 119 120 if (in[*in_pos] != lzip_id_string[coder->pos]) { 121 // The .lz format allows putting non-.lz data 122 // at the end of the file. If we have seen 123 // at least one valid .lz member already, 124 // then we won't consume the byte at *in_pos 125 // and will return LZMA_STREAM_END. This way 126 // apps can easily locate and read the non-.lz 127 // data after the .lz member(s). 128 // 129 // NOTE: If the first 1-3 bytes of the non-.lz 130 // data match the .lz ID string then the first 131 // 1-3 bytes of the junk will get ignored by 132 // us. If apps want to properly locate the 133 // trailing data they must ensure that the 134 // first byte of their custom data isn't the 135 // same as the first byte of .lz ID string. 136 // With the liblzma API we cannot rewind the 137 // input position across calls to lzma_code(). 138 return !coder->first_member 139 ? LZMA_STREAM_END : LZMA_FORMAT_ERROR; 140 } 141 142 ++*in_pos; 143 ++coder->pos; 144 } 145 146 coder->pos = 0; 147 148 coder->crc32 = 0; 149 coder->uncompressed_size = 0; 150 coder->member_size = sizeof(lzip_id_string); 151 152 coder->sequence = SEQ_VERSION; 153 FALLTHROUGH; 154 } 155 156 case SEQ_VERSION: 157 if (*in_pos >= in_size) 158 return LZMA_OK; 159 160 coder->version = in[(*in_pos)++]; 161 162 // We support version 0 and unextended version 1. 163 if (coder->version > 1) 164 return LZMA_OPTIONS_ERROR; 165 166 ++coder->member_size; 167 coder->sequence = SEQ_DICT_SIZE; 168 169 // .lz versions 0 and 1 use CRC32 as the integrity check 170 // so if the application wanted to know that 171 // (LZMA_TELL_ANY_CHECK) we can tell it now. 172 if (coder->tell_any_check) 173 return LZMA_GET_CHECK; 174 175 FALLTHROUGH; 176 177 case SEQ_DICT_SIZE: { 178 if (*in_pos >= in_size) 179 return LZMA_OK; 180 181 const uint32_t ds = in[(*in_pos)++]; 182 ++coder->member_size; 183 184 // The five lowest bits are for the base-2 logarithm of 185 // the dictionary size and the highest three bits are 186 // the fractional part (0/16 to 7/16) that will be 187 // subtracted to get the final value. 188 // 189 // For example, with 0xB5: 190 // b2log = 21 191 // fracnum = 5 192 // dict_size = 2^21 - 2^21 * 5 / 16 = 1408 KiB 193 const uint32_t b2log = ds & 0x1F; 194 const uint32_t fracnum = ds >> 5; 195 196 // The format versions 0 and 1 allow dictionary size in the 197 // range [4 KiB, 512 MiB]. 198 if (b2log < 12 || b2log > 29 || (b2log == 12 && fracnum > 0)) 199 return LZMA_DATA_ERROR; 200 201 // 2^[b2log] - 2^[b2log] * [fracnum] / 16 202 // = 2^[b2log] - [fracnum] * 2^([b2log] - 4) 203 coder->options.dict_size = (UINT32_C(1) << b2log) 204 - (fracnum << (b2log - 4)); 205 206 assert(coder->options.dict_size >= 4096); 207 assert(coder->options.dict_size <= (UINT32_C(512) << 20)); 208 209 coder->options.preset_dict = NULL; 210 coder->options.lc = LZIP_LC; 211 coder->options.lp = LZIP_LP; 212 coder->options.pb = LZIP_PB; 213 214 // Calculate the memory usage. 215 coder->memusage 216 = lzma_lzma_decoder_memusage_nocheck(&coder->options) 217 + LZMA_MEMUSAGE_BASE; 218 219 // Initialization is a separate step because if we return 220 // LZMA_MEMLIMIT_ERROR we need to be able to restart after 221 // the memlimit has been increased. 222 coder->sequence = SEQ_CODER_INIT; 223 FALLTHROUGH; 224 } 225 226 case SEQ_CODER_INIT: { 227 if (coder->memusage > coder->memlimit) 228 return LZMA_MEMLIMIT_ERROR; 229 230 const lzma_filter_info filters[2] = { 231 { 232 .id = LZMA_FILTER_LZMA1, 233 .init = &lzma_lzma_decoder_init, 234 .options = &coder->options, 235 }, { 236 .init = NULL, 237 } 238 }; 239 240 return_if_error(lzma_next_filter_init(&coder->lzma_decoder, 241 allocator, filters)); 242 243 coder->crc32 = 0; 244 coder->sequence = SEQ_LZMA_STREAM; 245 FALLTHROUGH; 246 } 247 248 case SEQ_LZMA_STREAM: { 249 const size_t in_start = *in_pos; 250 const size_t out_start = *out_pos; 251 252 const lzma_ret ret = coder->lzma_decoder.code( 253 coder->lzma_decoder.coder, allocator, 254 in, in_pos, in_size, out, out_pos, out_size, 255 action); 256 257 const size_t out_used = *out_pos - out_start; 258 259 coder->member_size += *in_pos - in_start; 260 coder->uncompressed_size += out_used; 261 262 // Don't update the CRC32 if the integrity check will be 263 // ignored or if there was no new output. The latter is 264 // important in case out == NULL to avoid null pointer + 0 265 // which is undefined behavior. 266 if (!coder->ignore_check && out_used > 0) 267 coder->crc32 = lzma_crc32(out + out_start, out_used, 268 coder->crc32); 269 270 if (ret != LZMA_STREAM_END) 271 return ret; 272 273 coder->sequence = SEQ_MEMBER_FOOTER; 274 FALLTHROUGH; 275 } 276 277 case SEQ_MEMBER_FOOTER: { 278 // The footer of .lz version 0 lacks the Member size field. 279 // This is the only difference between version 0 and 280 // unextended version 1 formats. 281 const size_t footer_size = coder->version == 0 282 ? LZIP_V0_FOOTER_SIZE 283 : LZIP_V1_FOOTER_SIZE; 284 285 // Copy the CRC32, Data size, and Member size fields to 286 // the internal buffer. 287 lzma_bufcpy(in, in_pos, in_size, coder->buffer, &coder->pos, 288 footer_size); 289 290 // Return if we didn't get the whole footer yet. 291 if (coder->pos < footer_size) 292 return LZMA_OK; 293 294 coder->pos = 0; 295 coder->member_size += footer_size; 296 297 // Check that the footer fields match the observed data. 298 if (!coder->ignore_check 299 && coder->crc32 != read32le(&coder->buffer[0])) 300 return LZMA_DATA_ERROR; 301 302 if (coder->uncompressed_size != read64le(&coder->buffer[4])) 303 return LZMA_DATA_ERROR; 304 305 if (coder->version > 0) { 306 // .lz version 0 has no Member size field. 307 if (coder->member_size != read64le(&coder->buffer[12])) 308 return LZMA_DATA_ERROR; 309 } 310 311 // Decoding is finished if we weren't requested to decode 312 // more than one .lz member. 313 if (!coder->concatenated) 314 return LZMA_STREAM_END; 315 316 coder->first_member = false; 317 coder->sequence = SEQ_ID_STRING; 318 break; 319 } 320 321 default: 322 assert(0); 323 return LZMA_PROG_ERROR; 324 } 325 326 // Never reached 327 } 328 329 330 static void 331 lzip_decoder_end(void *coder_ptr, const lzma_allocator *allocator) 332 { 333 lzma_lzip_coder *coder = coder_ptr; 334 lzma_next_end(&coder->lzma_decoder, allocator); 335 lzma_free(coder, allocator); 336 return; 337 } 338 339 340 static lzma_check 341 lzip_decoder_get_check(const void *coder_ptr lzma_attribute((__unused__))) 342 { 343 return LZMA_CHECK_CRC32; 344 } 345 346 347 static lzma_ret 348 lzip_decoder_memconfig(void *coder_ptr, uint64_t *memusage, 349 uint64_t *old_memlimit, uint64_t new_memlimit) 350 { 351 lzma_lzip_coder *coder = coder_ptr; 352 353 *memusage = coder->memusage; 354 *old_memlimit = coder->memlimit; 355 356 if (new_memlimit != 0) { 357 if (new_memlimit < coder->memusage) 358 return LZMA_MEMLIMIT_ERROR; 359 360 coder->memlimit = new_memlimit; 361 } 362 363 return LZMA_OK; 364 } 365 366 367 extern lzma_ret 368 lzma_lzip_decoder_init( 369 lzma_next_coder *next, const lzma_allocator *allocator, 370 uint64_t memlimit, uint32_t flags) 371 { 372 lzma_next_coder_init(&lzma_lzip_decoder_init, next, allocator); 373 374 if (flags & ~LZMA_SUPPORTED_FLAGS) 375 return LZMA_OPTIONS_ERROR; 376 377 lzma_lzip_coder *coder = next->coder; 378 if (coder == NULL) { 379 coder = lzma_alloc(sizeof(lzma_lzip_coder), allocator); 380 if (coder == NULL) 381 return LZMA_MEM_ERROR; 382 383 next->coder = coder; 384 next->code = &lzip_decode; 385 next->end = &lzip_decoder_end; 386 next->get_check = &lzip_decoder_get_check; 387 next->memconfig = &lzip_decoder_memconfig; 388 389 coder->lzma_decoder = LZMA_NEXT_CODER_INIT; 390 } 391 392 coder->sequence = SEQ_ID_STRING; 393 coder->memlimit = my_max(1, memlimit); 394 coder->memusage = LZMA_MEMUSAGE_BASE; 395 coder->tell_any_check = (flags & LZMA_TELL_ANY_CHECK) != 0; 396 coder->ignore_check = (flags & LZMA_IGNORE_CHECK) != 0; 397 coder->concatenated = (flags & LZMA_CONCATENATED) != 0; 398 coder->first_member = true; 399 coder->pos = 0; 400 401 return LZMA_OK; 402 } 403 404 405 extern LZMA_API(lzma_ret) 406 lzma_lzip_decoder(lzma_stream *strm, uint64_t memlimit, uint32_t flags) 407 { 408 lzma_next_strm_init(lzma_lzip_decoder_init, strm, memlimit, flags); 409 410 strm->internal->supported_actions[LZMA_RUN] = true; 411 strm->internal->supported_actions[LZMA_FINISH] = true; 412 413 return LZMA_OK; 414 } 415