1 /* xzcat.c - Simple XZ decoder command line tool
2 *
3 * Author: Lasse Collin <[email protected]>
4 *
5 * This file has been put into the public domain.
6 * You can do whatever you want with this file.
7 * Modified for toybox by Isaac Dunham
8 *
9 * See http://tukaani.org/xz/xz-file-format.txt
10 USE_XZCAT(NEWTOY(xzcat, NULL, TOYFLAG_USR|TOYFLAG_BIN))
11
12 config XZCAT
13 bool "xzcat"
14 default n
15 help
16 usage: xzcat [FILE...]
17
18 Decompress listed files to stdout. Use stdin if no files listed.
19
20 */
21 #define FOR_xzcat
22 #include "toys.h"
23
24 // BEGIN xz.h
25
26 enum xz_ret {
27 // Doing fine, More input or output space needed
28 XZ_OK,
29 // EOF, Everything went fine
30 XZ_STREAM_END,
31 // Integrity check type is not supported. Decoding is still possible in
32 // multi-call mode by simply calling xz_dec_run() again. Note that this
33 // return value is used only if XZ_DEC_ANY_CHECK was defined at build
34 // time, which is not used in the kernel. Unsupported check types return
35 // XZ_OPTIONS_ERROR if XZ_DEC_ANY_CHECK was not defined at build time.
36 XZ_UNSUPPORTED_CHECK,
37 // Cant allocate memory
38 XZ_MEM_ERROR,
39 // OOM
40 XZ_MEMLIMIT_ERROR,
41 // Not a xz file
42 XZ_FORMAT_ERROR,
43 // Compression option not available
44 XZ_OPTIONS_ERROR,
45 // Corrupt Data
46 XZ_DATA_ERROR,
47 // Can't make progress
48 XZ_BUF_ERROR,
49 // XZ_BUF_ERROR is returned when two consecutive calls to XZ code cannot
50 // consume any input and cannot produce any new output. This happens when
51 // there is no new input available, or the output buffer is full while at
52 // least one output byte is still pending. Assuming your code is not buggy,
53 // you can get this error only when decoding a compressed stream that is
54 // truncated or otherwise corrupt.
55 };
56
57 // Passing input and output buffers to XZ code
58 // Only the contents of the output buffer from out[out_pos] onward, and
59 // the variables in_pos and out_pos are modified by the XZ code.
60 struct xz_buf {
61 // buffer begins (Can be 0 IF pos == size)
62 const char *in;
63 // buffer position
64 size_t in_pos;
65 // buffer size
66 size_t in_size;
67
68 char *out;
69 size_t out_pos;
70 size_t out_size;
71 };
72
73 // Opaque type to hold the XZ decoder state
74 struct xz_dec;
75
76 // Update CRC32 value using the polynomial from IEEE-802.3. To start a new
77 // calculation, the third argument must be zero. To continue the calculation,
78 // the previously returned value is passed as the third argument.
79 static unsigned xz_crc32_table[256];
80
xz_crc32(const char * buf,size_t size,unsigned crc)81 unsigned xz_crc32(const char *buf, size_t size, unsigned crc)
82 {
83 crc = ~crc;
84
85 while (size) {
86 crc = xz_crc32_table[*buf++ ^ (crc & 0xFF)] ^ (crc >> 8);
87 --size;
88 }
89
90 return ~crc;
91 }
92
93 static uint64_t xz_crc64_table[256];
94
95
96 // END xz.h
97 // BEGIN xz_private.h
98
99 #define memeq(a, b, size) (!memcmp(a, b, size))
100
101 /* Inline functions to access unaligned unsigned 32-bit integers */
get_unaligned_le32(const char * buf)102 static unsigned get_unaligned_le32(const char *buf)
103 {
104 return (unsigned)buf[0]
105 | ((unsigned)buf[1] << 8)
106 | ((unsigned)buf[2] << 16)
107 | ((unsigned)buf[3] << 24);
108 }
109
get_unaligned_be32(const char * buf)110 static unsigned get_unaligned_be32(const char *buf)
111 {
112 return (unsigned)(buf[0] << 24)
113 | ((unsigned)buf[1] << 16)
114 | ((unsigned)buf[2] << 8)
115 | (unsigned)buf[3];
116 }
117
put_unaligned_le32(unsigned val,char * buf)118 static void put_unaligned_le32(unsigned val, char *buf)
119 {
120 buf[0] = (char)val;
121 buf[1] = (char)(val >> 8);
122 buf[2] = (char)(val >> 16);
123 buf[3] = (char)(val >> 24);
124 }
125
put_unaligned_be32(unsigned val,char * buf)126 static void put_unaligned_be32(unsigned val, char *buf)
127 {
128 buf[0] = (char)(val >> 24);
129 buf[1] = (char)(val >> 16);
130 buf[2] = (char)(val >> 8);
131 buf[3] = (char)val;
132 }
133
134 // Allocate memory for LZMA2 decoder. xz_dec_lzma2_reset() must be used
135 // before calling xz_dec_lzma2_run().
136 struct xz_dec_lzma2 *xz_dec_lzma2_create(unsigned dict_max);
137
138 // Decode the LZMA2 properties (one byte) and reset the decoder. Return
139 // XZ_OK on success, XZ_MEMLIMIT_ERROR if the preallocated dictionary is not
140 // big enough, and XZ_OPTIONS_ERROR if props indicates something that this
141 // decoder doesn't support.
142 enum xz_ret xz_dec_lzma2_reset(struct xz_dec_lzma2 *s,
143 char props);
144
145 /* Decode raw LZMA2 stream from b->in to b->out. */
146 enum xz_ret xz_dec_lzma2_run(struct xz_dec_lzma2 *s,
147 struct xz_buf *b);
148
149 // END "xz_private.h"
150
151
152
153
154 // Branch/Call/Jump (BCJ) filter decoders
155
156 struct xz_dec_bcj {
157 /* Type of the BCJ filter being used */
158 enum {
159 BCJ_X86 = 4, /* x86 or x86-64 */
160 BCJ_POWERPC = 5, /* Big endian only */
161 BCJ_IA64 = 6, /* Big or little endian */
162 BCJ_ARM = 7, /* Little endian only */
163 BCJ_ARMTHUMB = 8, /* Little endian only */
164 BCJ_SPARC = 9 /* Big or little endian */
165 } type;
166
167 /* Return value of the next filter in the chain. We need to preserve
168 * this information across calls, because we must not call the next
169 * filter anymore once it has returned XZ_STREAM_END.
170 */
171 enum xz_ret ret;
172
173 /* Absolute position relative to the beginning of the uncompressed
174 * data (in a single .xz Block). We care only about the lowest 32
175 * bits so this doesn't need to be uint64_t even with big files.
176 */
177 unsigned pos;
178
179 /* x86 filter state */
180 unsigned x86_prev_mask;
181
182 /* Temporary space to hold the variables from struct xz_buf */
183 char *out;
184 size_t out_pos;
185 size_t out_size;
186
187 struct {
188 /* Amount of already filtered data in the beginning of buf */
189 size_t filtered;
190
191 /* Total amount of data currently stored in buf */
192 size_t size;
193
194 /*
195 * Buffer to hold a mix of filtered and unfiltered data. This
196 * needs to be big enough to hold Alignment + 2 * Look-ahead:
197 *
198 * Type Alignment Look-ahead
199 * x86 1 4
200 * PowerPC 4 0
201 * IA-64 16 0
202 * ARM 4 0
203 * ARM-Thumb 2 2
204 * SPARC 4 0
205 */
206 char buf[16];
207 } temp;
208 };
209
210 // This is used to test the most significant byte of a memory address
211 // in an x86 instruction.
bcj_x86_test_msbyte(char b)212 static int bcj_x86_test_msbyte(char b)
213 {
214 return !b || !~b;
215 }
216
bcj_x86(struct xz_dec_bcj * s,char * buf,size_t size)217 static size_t bcj_x86(struct xz_dec_bcj *s, char *buf, size_t size)
218 {
219 static const int mask_to_allowed_status[8]
220 = { 1,1,1,0,1,0,0,0 };
221
222 static const char mask_to_bit_num[8] = { 0, 1, 2, 2, 3, 3, 3, 3 };
223
224 size_t i;
225 size_t prev_pos = (size_t)-1;
226 unsigned prev_mask = s->x86_prev_mask;
227 unsigned src;
228 unsigned dest;
229 unsigned j;
230 char b;
231
232 if (size <= 4)
233 return 0;
234
235 size -= 4;
236 for (i = 0; i < size; ++i) {
237 if ((buf[i] & 0xFE) != 0xE8)
238 continue;
239
240 prev_pos = i - prev_pos;
241 if (prev_pos > 3) {
242 prev_mask = 0;
243 } else {
244 prev_mask = (prev_mask << (prev_pos - 1)) & 7;
245 if (prev_mask) {
246 b = buf[i + 4 - mask_to_bit_num[prev_mask]];
247 if (!mask_to_allowed_status[prev_mask]
248 || bcj_x86_test_msbyte(b)) {
249 prev_pos = i;
250 prev_mask = (prev_mask << 1) | 1;
251 continue;
252 }
253 }
254 }
255
256 prev_pos = i;
257
258 if (bcj_x86_test_msbyte(buf[i + 4])) {
259 src = get_unaligned_le32(buf + i + 1);
260 for (;;) {
261 dest = src - (s->pos + (unsigned)i + 5);
262 if (!prev_mask)
263 break;
264
265 j = mask_to_bit_num[prev_mask] * 8;
266 b = (char)(dest >> (24 - j));
267 if (!bcj_x86_test_msbyte(b))
268 break;
269
270 src = dest ^ (((unsigned)1 << (32 - j)) - 1);
271 }
272
273 dest &= 0x01FFFFFF;
274 dest |= (unsigned)0 - (dest & 0x01000000);
275 put_unaligned_le32(dest, buf + i + 1);
276 i += 4;
277 } else {
278 prev_mask = (prev_mask << 1) | 1;
279 }
280 }
281
282 prev_pos = i - prev_pos;
283 s->x86_prev_mask = prev_pos > 3 ? 0 : prev_mask << (prev_pos - 1);
284 return i;
285 }
286
bcj_powerpc(struct xz_dec_bcj * s,char * buf,size_t size)287 static size_t bcj_powerpc(struct xz_dec_bcj *s, char *buf, size_t size)
288 {
289 size_t i;
290 unsigned instr;
291
292 for (i = 0; i + 4 <= size; i += 4) {
293 instr = get_unaligned_be32(buf + i);
294 if ((instr & 0xFC000003) == 0x48000001) {
295 instr &= 0x03FFFFFC;
296 instr -= s->pos + (unsigned)i;
297 instr &= 0x03FFFFFC;
298 instr |= 0x48000001;
299 put_unaligned_be32(instr, buf + i);
300 }
301 }
302
303 return i;
304 }
305
bcj_ia64(struct xz_dec_bcj * s,char * buf,size_t size)306 static size_t bcj_ia64(struct xz_dec_bcj *s, char *buf, size_t size)
307 {
308 static const char branch_table[32] = {
309 0, 0, 0, 0, 0, 0, 0, 0,
310 0, 0, 0, 0, 0, 0, 0, 0,
311 4, 4, 6, 6, 0, 0, 7, 7,
312 4, 4, 0, 0, 4, 4, 0, 0
313 };
314
315 /*
316 * The local variables take a little bit stack space, but it's less
317 * than what LZMA2 decoder takes, so it doesn't make sense to reduce
318 * stack usage here without doing that for the LZMA2 decoder too.
319 */
320
321 /* Loop counters */
322 size_t i;
323 size_t j;
324
325 /* Instruction slot (0, 1, or 2) in the 128-bit instruction word */
326 unsigned slot;
327
328 /* Bitwise offset of the instruction indicated by slot */
329 unsigned bit_pos;
330
331 /* bit_pos split into byte and bit parts */
332 unsigned byte_pos;
333 unsigned bit_res;
334
335 /* Address part of an instruction */
336 unsigned addr;
337
338 /* Mask used to detect which instructions to convert */
339 unsigned mask;
340
341 /* 41-bit instruction stored somewhere in the lowest 48 bits */
342 uint64_t instr;
343
344 /* Instruction normalized with bit_res for easier manipulation */
345 uint64_t norm;
346
347 for (i = 0; i + 16 <= size; i += 16) {
348 mask = branch_table[buf[i] & 0x1F];
349 for (slot = 0, bit_pos = 5; slot < 3; ++slot, bit_pos += 41) {
350 if (!((mask >> slot) & 1))
351 continue;
352
353 byte_pos = bit_pos >> 3;
354 bit_res = bit_pos & 7;
355 instr = 0;
356 for (j = 0; j < 6; ++j)
357 instr |= (uint64_t)(buf[i + j + byte_pos])
358 << (8 * j);
359
360 norm = instr >> bit_res;
361
362 if (((norm >> 37) & 0x0F) == 5
363 && !((norm >> 9) & 7)) {
364 addr = (norm >> 13) & 0x0FFFFF;
365 addr |= ((unsigned)(norm >> 36) & 1) << 20;
366 addr <<= 4;
367 addr -= s->pos + (unsigned)i;
368 addr >>= 4;
369
370 norm &= ~((uint64_t)0x8FFFFF << 13);
371 norm |= (uint64_t)(addr & 0x0FFFFF) << 13;
372 norm |= (uint64_t)(addr & 0x100000)
373 << (36 - 20);
374
375 instr &= (1 << bit_res) - 1;
376 instr |= norm << bit_res;
377
378 for (j = 0; j < 6; j++)
379 buf[i + j + byte_pos]
380 = (char)(instr >> (8 * j));
381 }
382 }
383 }
384
385 return i;
386 }
387
bcj_arm(struct xz_dec_bcj * s,char * buf,size_t size)388 static size_t bcj_arm(struct xz_dec_bcj *s, char *buf, size_t size)
389 {
390 size_t i;
391 unsigned addr;
392
393 for (i = 0; i + 4 <= size; i += 4) {
394 if (buf[i + 3] == 0xEB) {
395 addr = (unsigned)buf[i] | ((unsigned)buf[i + 1] << 8)
396 | ((unsigned)buf[i + 2] << 16);
397 addr <<= 2;
398 addr -= s->pos + (unsigned)i + 8;
399 addr >>= 2;
400 buf[i] = (char)addr;
401 buf[i + 1] = (char)(addr >> 8);
402 buf[i + 2] = (char)(addr >> 16);
403 }
404 }
405
406 return i;
407 }
408
bcj_armthumb(struct xz_dec_bcj * s,char * buf,size_t size)409 static size_t bcj_armthumb(struct xz_dec_bcj *s, char *buf, size_t size)
410 {
411 size_t i;
412 unsigned addr;
413
414 for (i = 0; i + 4 <= size; i += 2) {
415 if ((buf[i + 1] & 0xF8) == 0xF0
416 && (buf[i + 3] & 0xF8) == 0xF8) {
417 addr = (((unsigned)buf[i + 1] & 7) << 19)
418 | ((unsigned)buf[i] << 11)
419 | (((unsigned)buf[i + 3] & 7) << 8)
420 | (unsigned)buf[i + 2];
421 addr <<= 1;
422 addr -= s->pos + (unsigned)i + 4;
423 addr >>= 1;
424 buf[i + 1] = (char)(0xF0 | ((addr >> 19) & 7));
425 buf[i] = (char)(addr >> 11);
426 buf[i + 3] = (char)(0xF8 | ((addr >> 8) & 7));
427 buf[i + 2] = (char)addr;
428 i += 2;
429 }
430 }
431
432 return i;
433 }
434
bcj_sparc(struct xz_dec_bcj * s,char * buf,size_t size)435 static size_t bcj_sparc(struct xz_dec_bcj *s, char *buf, size_t size)
436 {
437 size_t i;
438 unsigned instr;
439
440 for (i = 0; i + 4 <= size; i += 4) {
441 instr = get_unaligned_be32(buf + i);
442 if ((instr >> 22) == 0x100 || (instr >> 22) == 0x1FF) {
443 instr <<= 2;
444 instr -= s->pos + (unsigned)i;
445 instr >>= 2;
446 instr = ((unsigned)0x40000000 - (instr & 0x400000))
447 | 0x40000000 | (instr & 0x3FFFFF);
448 put_unaligned_be32(instr, buf + i);
449 }
450 }
451
452 return i;
453 }
454
455 /*
456 * Apply the selected BCJ filter. Update *pos and s->pos to match the amount
457 * of data that got filtered.
458 *
459 * NOTE: This is implemented as a switch statement to avoid using function
460 * pointers, which could be problematic in the kernel boot code, which must
461 * avoid pointers to static data (at least on x86).
462 */
bcj_apply(struct xz_dec_bcj * s,char * buf,size_t * pos,size_t size)463 static void bcj_apply(struct xz_dec_bcj *s,
464 char *buf, size_t *pos, size_t size)
465 {
466 size_t filtered;
467
468 buf += *pos;
469 size -= *pos;
470
471 switch (s->type) {
472 case BCJ_X86:
473 filtered = bcj_x86(s, buf, size);
474 break;
475 case BCJ_POWERPC:
476 filtered = bcj_powerpc(s, buf, size);
477 break;
478 case BCJ_IA64:
479 filtered = bcj_ia64(s, buf, size);
480 break;
481 case BCJ_ARM:
482 filtered = bcj_arm(s, buf, size);
483 break;
484 case BCJ_ARMTHUMB:
485 filtered = bcj_armthumb(s, buf, size);
486 break;
487 case BCJ_SPARC:
488 filtered = bcj_sparc(s, buf, size);
489 break;
490 default:
491 /* Never reached but silence compiler warnings. */
492 filtered = 0;
493 break;
494 }
495
496 *pos += filtered;
497 s->pos += filtered;
498 }
499
500 /*
501 * Flush pending filtered data from temp to the output buffer.
502 * Move the remaining mixture of possibly filtered and unfiltered
503 * data to the beginning of temp.
504 */
bcj_flush(struct xz_dec_bcj * s,struct xz_buf * b)505 static void bcj_flush(struct xz_dec_bcj *s, struct xz_buf *b)
506 {
507 size_t copy_size;
508
509 copy_size = minof(s->temp.filtered, b->out_size - b->out_pos);
510 memcpy(b->out + b->out_pos, s->temp.buf, copy_size);
511 b->out_pos += copy_size;
512
513 s->temp.filtered -= copy_size;
514 s->temp.size -= copy_size;
515 memmove(s->temp.buf, s->temp.buf + copy_size, s->temp.size);
516 }
517
518 // Decode raw BCJ + LZMA2 stream. This must be used only if there actually is
519 // a BCJ filter in the chain. If the chain has only LZMA2, xz_dec_lzma2_run()
520 // must be called directly.
521 // The BCJ filter functions are primitive in sense that they process the
522 // data in chunks of 1-16 bytes. To hide this issue, this function does
523 // some buffering.
xz_dec_bcj_run(struct xz_dec_bcj * s,struct xz_dec_lzma2 * lzma2,struct xz_buf * b)524 enum xz_ret xz_dec_bcj_run(struct xz_dec_bcj *s, struct xz_dec_lzma2 *lzma2,
525 struct xz_buf *b)
526 {
527 size_t out_start;
528
529 /*
530 * Flush pending already filtered data to the output buffer. Return
531 * immediatelly if we couldn't flush everything, or if the next
532 * filter in the chain had already returned XZ_STREAM_END.
533 */
534 if (s->temp.filtered > 0) {
535 bcj_flush(s, b);
536 if (s->temp.filtered > 0)
537 return XZ_OK;
538
539 if (s->ret == XZ_STREAM_END)
540 return XZ_STREAM_END;
541 }
542
543 /*
544 * If we have more output space than what is currently pending in
545 * temp, copy the unfiltered data from temp to the output buffer
546 * and try to fill the output buffer by decoding more data from the
547 * next filter in the chain. Apply the BCJ filter on the new data
548 * in the output buffer. If everything cannot be filtered, copy it
549 * to temp and rewind the output buffer position accordingly.
550 *
551 * This needs to be always run when temp.size == 0 to handle a special
552 * case where the output buffer is full and the next filter has no
553 * more output coming but hasn't returned XZ_STREAM_END yet.
554 */
555 if (s->temp.size < b->out_size - b->out_pos || !s->temp.size) {
556 out_start = b->out_pos;
557 memcpy(b->out + b->out_pos, s->temp.buf, s->temp.size);
558 b->out_pos += s->temp.size;
559
560 s->ret = xz_dec_lzma2_run(lzma2, b);
561 if (s->ret != XZ_STREAM_END
562 && (s->ret != XZ_OK ))
563 return s->ret;
564
565 bcj_apply(s, b->out, &out_start, b->out_pos);
566
567 /*
568 * As an exception, if the next filter returned XZ_STREAM_END,
569 * we can do that too, since the last few bytes that remain
570 * unfiltered are meant to remain unfiltered.
571 */
572 if (s->ret == XZ_STREAM_END)
573 return XZ_STREAM_END;
574
575 s->temp.size = b->out_pos - out_start;
576 b->out_pos -= s->temp.size;
577 memcpy(s->temp.buf, b->out + b->out_pos, s->temp.size);
578
579 /*
580 * If there wasn't enough input to the next filter to fill
581 * the output buffer with unfiltered data, there's no point
582 * to try decoding more data to temp.
583 */
584 if (b->out_pos + s->temp.size < b->out_size)
585 return XZ_OK;
586 }
587
588 /*
589 * We have unfiltered data in temp. If the output buffer isn't full
590 * yet, try to fill the temp buffer by decoding more data from the
591 * next filter. Apply the BCJ filter on temp. Then we hopefully can
592 * fill the actual output buffer by copying filtered data from temp.
593 * A mix of filtered and unfiltered data may be left in temp; it will
594 * be taken care on the next call to this function.
595 */
596 if (b->out_pos < b->out_size) {
597 /* Make b->out{,_pos,_size} temporarily point to s->temp. */
598 s->out = b->out;
599 s->out_pos = b->out_pos;
600 s->out_size = b->out_size;
601 b->out = s->temp.buf;
602 b->out_pos = s->temp.size;
603 b->out_size = sizeof(s->temp.buf);
604
605 s->ret = xz_dec_lzma2_run(lzma2, b);
606
607 s->temp.size = b->out_pos;
608 b->out = s->out;
609 b->out_pos = s->out_pos;
610 b->out_size = s->out_size;
611
612 if (s->ret != XZ_OK && s->ret != XZ_STREAM_END)
613 return s->ret;
614
615 bcj_apply(s, s->temp.buf, &s->temp.filtered, s->temp.size);
616
617 /*
618 * If the next filter returned XZ_STREAM_END, we mark that
619 * everything is filtered, since the last unfiltered bytes
620 * of the stream are meant to be left as is.
621 */
622 if (s->ret == XZ_STREAM_END)
623 s->temp.filtered = s->temp.size;
624
625 bcj_flush(s, b);
626 if (s->temp.filtered > 0)
627 return XZ_OK;
628 }
629
630 return s->ret;
631 }
632
633 /*
634 * Decode the Filter ID of a BCJ filter. This implementation doesn't
635 * support custom start offsets, so no decoding of Filter Properties
636 * is needed. Returns XZ_OK if the given Filter ID is supported.
637 * Otherwise XZ_OPTIONS_ERROR is returned.
638 */
xz_dec_bcj_reset(struct xz_dec_bcj * s,char id)639 enum xz_ret xz_dec_bcj_reset(struct xz_dec_bcj *s, char id)
640 {
641 s->type = id;
642 s->ret = XZ_OK;
643 s->pos = 0;
644 s->x86_prev_mask = 0;
645 s->temp.filtered = 0;
646 s->temp.size = 0;
647
648 return XZ_OK;
649 }
650
651 /*
652 * LZMA2 decoder
653 */
654
655
656 // BEGIN xz_lzma2.h
657 /*
658 * LZMA2 definitions
659 *
660 */
661
662
663 /* Range coder constants */
664 #define RC_SHIFT_BITS 8
665 #define RC_TOP_BITS 24
666 #define RC_TOP_VALUE (1 << RC_TOP_BITS)
667 #define RC_BIT_MODEL_TOTAL_BITS 11
668 #define RC_BIT_MODEL_TOTAL (1 << RC_BIT_MODEL_TOTAL_BITS)
669 #define RC_MOVE_BITS 5
670
671 /*
672 * Maximum number of position states. A position state is the lowest pb
673 * number of bits of the current uncompressed offset. In some places there
674 * are different sets of probabilities for different position states.
675 */
676 #define POS_STATES_MAX (1 << 4)
677
678 /*
679 * This enum is used to track which LZMA symbols have occurred most recently
680 * and in which order. This information is used to predict the next symbol.
681 *
682 * Symbols:
683 * - Literal: One 8-bit byte
684 * - Match: Repeat a chunk of data at some distance
685 * - Long repeat: Multi-byte match at a recently seen distance
686 * - Short repeat: One-byte repeat at a recently seen distance
687 *
688 * The symbol names are in from STATE_oldest_older_previous. REP means
689 * either short or long repeated match, and NONLIT means any non-literal.
690 */
691 enum lzma_state {
692 STATE_LIT_LIT,
693 STATE_MATCH_LIT_LIT,
694 STATE_REP_LIT_LIT,
695 STATE_SHORTREP_LIT_LIT,
696 STATE_MATCH_LIT,
697 STATE_REP_LIT,
698 STATE_SHORTREP_LIT,
699 STATE_LIT_MATCH,
700 STATE_LIT_LONGREP,
701 STATE_LIT_SHORTREP,
702 STATE_NONLIT_MATCH,
703 STATE_NONLIT_REP
704 };
705
706 /* Total number of states */
707 #define STATES 12
708
709 /* The lowest 7 states indicate that the previous state was a literal. */
710 #define LIT_STATES 7
711
712 /* Indicate that the latest symbol was a literal. */
lzma_state_literal(enum lzma_state * state)713 static void lzma_state_literal(enum lzma_state *state)
714 {
715 if (*state <= STATE_SHORTREP_LIT_LIT)
716 *state = STATE_LIT_LIT;
717 else if (*state <= STATE_LIT_SHORTREP)
718 *state -= 3;
719 else
720 *state -= 6;
721 }
722
723 /* Indicate that the latest symbol was a match. */
lzma_state_match(enum lzma_state * state)724 static void lzma_state_match(enum lzma_state *state)
725 {
726 *state = *state < LIT_STATES ? STATE_LIT_MATCH : STATE_NONLIT_MATCH;
727 }
728
729 /* Indicate that the latest state was a long repeated match. */
lzma_state_long_rep(enum lzma_state * state)730 static void lzma_state_long_rep(enum lzma_state *state)
731 {
732 *state = *state < LIT_STATES ? STATE_LIT_LONGREP : STATE_NONLIT_REP;
733 }
734
735 /* Indicate that the latest symbol was a short match. */
lzma_state_short_rep(enum lzma_state * state)736 static void lzma_state_short_rep(enum lzma_state *state)
737 {
738 *state = *state < LIT_STATES ? STATE_LIT_SHORTREP : STATE_NONLIT_REP;
739 }
740
741 /* Each literal coder is divided in three sections:
742 * - 0x001-0x0FF: Without match byte
743 * - 0x101-0x1FF: With match byte; match bit is 0
744 * - 0x201-0x2FF: With match byte; match bit is 1
745 *
746 * Match byte is used when the previous LZMA symbol was something else than
747 * a literal (that is, it was some kind of match).
748 */
749 #define LITERAL_CODER_SIZE 0x300
750
751 /* Maximum number of literal coders */
752 #define LITERAL_CODERS_MAX (1 << 4)
753
754 /* Minimum length of a match is two bytes. */
755 #define MATCH_LEN_MIN 2
756
757 /* Match length is encoded with 4, 5, or 10 bits.
758 *
759 * Length Bits
760 * 2-9 4 = Choice=0 + 3 bits
761 * 10-17 5 = Choice=1 + Choice2=0 + 3 bits
762 * 18-273 10 = Choice=1 + Choice2=1 + 8 bits
763 */
764 #define LEN_LOW_BITS 3
765 #define LEN_LOW_SYMBOLS (1 << LEN_LOW_BITS)
766 #define LEN_MID_BITS 3
767 #define LEN_MID_SYMBOLS (1 << LEN_MID_BITS)
768 #define LEN_HIGH_BITS 8
769 #define LEN_HIGH_SYMBOLS (1 << LEN_HIGH_BITS)
770 #define LEN_SYMBOLS (LEN_LOW_SYMBOLS + LEN_MID_SYMBOLS + LEN_HIGH_SYMBOLS)
771
772 /*
773 * Maximum length of a match is 273 which is a result of the encoding
774 * described above.
775 */
776 #define MATCH_LEN_MAX (MATCH_LEN_MIN + LEN_SYMBOLS - 1)
777
778 /*
779 * Different sets of probabilities are used for match distances that have
780 * very short match length: Lengths of 2, 3, and 4 bytes have a separate
781 * set of probabilities for each length. The matches with longer length
782 * use a shared set of probabilities.
783 */
784 #define DIST_STATES 4
785
786 /*
787 * Get the index of the appropriate probability array for decoding
788 * the distance slot.
789 */
lzma_get_dist_state(unsigned len)790 static unsigned lzma_get_dist_state(unsigned len)
791 {
792 return len < DIST_STATES + MATCH_LEN_MIN
793 ? len - MATCH_LEN_MIN : DIST_STATES - 1;
794 }
795
796 /*
797 * The highest two bits of a 32-bit match distance are encoded using six bits.
798 * This six-bit value is called a distance slot. This way encoding a 32-bit
799 * value takes 6-36 bits, larger values taking more bits.
800 */
801 #define DIST_SLOT_BITS 6
802 #define DIST_SLOTS (1 << DIST_SLOT_BITS)
803
804 /* Match distances up to 127 are fully encoded using probabilities. Since
805 * the highest two bits (distance slot) are always encoded using six bits,
806 * the distances 0-3 don't need any additional bits to encode, since the
807 * distance slot itself is the same as the actual distance. DIST_MODEL_START
808 * indicates the first distance slot where at least one additional bit is
809 * needed.
810 */
811 #define DIST_MODEL_START 4
812
813 /*
814 * Match distances greater than 127 are encoded in three pieces:
815 * - distance slot: the highest two bits
816 * - direct bits: 2-26 bits below the highest two bits
817 * - alignment bits: four lowest bits
818 *
819 * Direct bits don't use any probabilities.
820 *
821 * The distance slot value of 14 is for distances 128-191.
822 */
823 #define DIST_MODEL_END 14
824
825 /* Distance slots that indicate a distance <= 127. */
826 #define FULL_DISTANCES_BITS (DIST_MODEL_END / 2)
827 #define FULL_DISTANCES (1 << FULL_DISTANCES_BITS)
828
829 /*
830 * For match distances greater than 127, only the highest two bits and the
831 * lowest four bits (alignment) is encoded using probabilities.
832 */
833 #define ALIGN_BITS 4
834 #define ALIGN_SIZE (1 << ALIGN_BITS)
835 #define ALIGN_MASK (ALIGN_SIZE - 1)
836
837 /* Total number of all probability variables */
838 #define PROBS_TOTAL (1846 + LITERAL_CODERS_MAX * LITERAL_CODER_SIZE)
839
840 /*
841 * LZMA remembers the four most recent match distances. Reusing these
842 * distances tends to take less space than re-encoding the actual
843 * distance value.
844 */
845 #define REPS 4
846
847
848 // END xz_lzma2.h
849
850 /*
851 * Range decoder initialization eats the first five bytes of each LZMA chunk.
852 */
853 #define RC_INIT_BYTES 5
854
855 /*
856 * Minimum number of usable input buffer to safely decode one LZMA symbol.
857 * The worst case is that we decode 22 bits using probabilities and 26
858 * direct bits. This may decode at maximum of 20 bytes of input. However,
859 * lzma_main() does an extra normalization before returning, thus we
860 * need to put 21 here.
861 */
862 #define LZMA_IN_REQUIRED 21
863
864 /*
865 * Dictionary (history buffer)
866 *
867 * These are always true:
868 * start <= pos <= full <= end
869 * pos <= limit <= end
870 * end == size
871 * size <= size_max
872 * allocated <= size
873 *
874 * Most of these variables are size_t as a relic of single-call mode,
875 * in which the dictionary variables address the actual output
876 * buffer directly.
877 */
878 struct dictionary {
879 // Beginning of the history buffer
880 char *buf;
881 // Old position in buf (before decoding more data)
882 size_t start;
883 // Position in buf
884 size_t pos;
885 // How full dictionary is. This is used to detect corrupt input that
886 // would read beyond the beginning of the uncompressed stream.
887 size_t full;
888 /* Write limit; we don't write to buf[limit] or later bytes. */
889 size_t limit;
890 // End of the dictionary buffer. This is the same as the dictionary size.
891 size_t end;
892 // Size of the dictionary as specified in Block Header. This is used
893 // together with "full" to detect corrupt input that would make us
894 // read beyond the beginning of the uncompressed stream.
895 unsigned size;
896 // Maximum allowed dictionary size.
897 unsigned size_max;
898 // Amount of memory currently allocated for the dictionary.
899 unsigned allocated;
900 };
901
902 /* Range decoder */
903 struct rc_dec {
904 unsigned range;
905 unsigned code;
906
907 /*
908 * Number of initializing bytes remaining to be read
909 * by rc_read_init().
910 */
911 unsigned init_bytes_left;
912
913 /*
914 * Buffer from which we read our input. It can be either
915 * temp.buf or the caller-provided input buffer.
916 */
917 const char *in;
918 size_t in_pos;
919 size_t in_limit;
920 };
921
922 /* Probabilities for a length decoder. */
923 struct lzma_len_dec {
924 /* Probability of match length being at least 10 */
925 uint16_t choice;
926
927 /* Probability of match length being at least 18 */
928 uint16_t choice2;
929
930 /* Probabilities for match lengths 2-9 */
931 uint16_t low[POS_STATES_MAX][LEN_LOW_SYMBOLS];
932
933 /* Probabilities for match lengths 10-17 */
934 uint16_t mid[POS_STATES_MAX][LEN_MID_SYMBOLS];
935
936 /* Probabilities for match lengths 18-273 */
937 uint16_t high[LEN_HIGH_SYMBOLS];
938 };
939
940 struct lzma_dec {
941 /* Distances of latest four matches */
942 unsigned rep0;
943 unsigned rep1;
944 unsigned rep2;
945 unsigned rep3;
946
947 /* Types of the most recently seen LZMA symbols */
948 enum lzma_state state;
949
950 /*
951 * Length of a match. This is updated so that dict_repeat can
952 * be called again to finish repeating the whole match.
953 */
954 unsigned len;
955
956 /*
957 * LZMA properties or related bit masks (number of literal
958 * context bits, a mask dervied from the number of literal
959 * position bits, and a mask dervied from the number
960 * position bits)
961 */
962 unsigned lc;
963 unsigned literal_pos_mask; /* (1 << lp) - 1 */
964 unsigned pos_mask; /* (1 << pb) - 1 */
965
966 /* If 1, it's a match. Otherwise it's a single 8-bit literal. */
967 uint16_t is_match[STATES][POS_STATES_MAX];
968
969 /* If 1, it's a repeated match. The distance is one of rep0 .. rep3. */
970 uint16_t is_rep[STATES];
971
972 /*
973 * If 0, distance of a repeated match is rep0.
974 * Otherwise check is_rep1.
975 */
976 uint16_t is_rep0[STATES];
977
978 /*
979 * If 0, distance of a repeated match is rep1.
980 * Otherwise check is_rep2.
981 */
982 uint16_t is_rep1[STATES];
983
984 /* If 0, distance of a repeated match is rep2. Otherwise it is rep3. */
985 uint16_t is_rep2[STATES];
986
987 /*
988 * If 1, the repeated match has length of one byte. Otherwise
989 * the length is decoded from rep_len_decoder.
990 */
991 uint16_t is_rep0_long[STATES][POS_STATES_MAX];
992
993 /*
994 * Probability tree for the highest two bits of the match
995 * distance. There is a separate probability tree for match
996 * lengths of 2 (i.e. MATCH_LEN_MIN), 3, 4, and [5, 273].
997 */
998 uint16_t dist_slot[DIST_STATES][DIST_SLOTS];
999
1000 /*
1001 * Probility trees for additional bits for match distance
1002 * when the distance is in the range [4, 127].
1003 */
1004 uint16_t dist_special[FULL_DISTANCES - DIST_MODEL_END];
1005
1006 /*
1007 * Probability tree for the lowest four bits of a match
1008 * distance that is equal to or greater than 128.
1009 */
1010 uint16_t dist_align[ALIGN_SIZE];
1011
1012 /* Length of a normal match */
1013 struct lzma_len_dec match_len_dec;
1014
1015 /* Length of a repeated match */
1016 struct lzma_len_dec rep_len_dec;
1017
1018 /* Probabilities of literals */
1019 uint16_t literal[LITERAL_CODERS_MAX][LITERAL_CODER_SIZE];
1020 };
1021
1022 struct lzma2_dec {
1023 /* Position in xz_dec_lzma2_run(). */
1024 enum lzma2_seq {
1025 SEQ_CONTROL,
1026 SEQ_UNCOMPRESSED_1,
1027 SEQ_UNCOMPRESSED_2,
1028 SEQ_COMPRESSED_0,
1029 SEQ_COMPRESSED_1,
1030 SEQ_PROPERTIES,
1031 SEQ_LZMA_PREPARE,
1032 SEQ_LZMA_RUN,
1033 SEQ_COPY
1034 } sequence;
1035
1036 /* Next position after decoding the compressed size of the chunk. */
1037 enum lzma2_seq next_sequence;
1038
1039 /* Uncompressed size of LZMA chunk (2 MiB at maximum) */
1040 unsigned uncompressed;
1041
1042 /*
1043 * Compressed size of LZMA chunk or compressed/uncompressed
1044 * size of uncompressed chunk (64 KiB at maximum)
1045 */
1046 unsigned compressed;
1047
1048 /*
1049 * True if dictionary reset is needed. This is false before
1050 * the first chunk (LZMA or uncompressed).
1051 */
1052 int need_dict_reset;
1053
1054 /*
1055 * True if new LZMA properties are needed. This is false
1056 * before the first LZMA chunk.
1057 */
1058 int need_props;
1059 };
1060
1061 struct xz_dec_lzma2 {
1062 /*
1063 * The order below is important on x86 to reduce code size and
1064 * it shouldn't hurt on other platforms. Everything up to and
1065 * including lzma.pos_mask are in the first 128 bytes on x86-32,
1066 * which allows using smaller instructions to access those
1067 * variables. On x86-64, fewer variables fit into the first 128
1068 * bytes, but this is still the best order without sacrificing
1069 * the readability by splitting the structures.
1070 */
1071 struct rc_dec rc;
1072 struct dictionary dict;
1073 struct lzma2_dec lzma2;
1074 struct lzma_dec lzma;
1075
1076 /*
1077 * Temporary buffer which holds small number of input bytes between
1078 * decoder calls. See lzma2_lzma() for details.
1079 */
1080 struct {
1081 unsigned size;
1082 char buf[3 * LZMA_IN_REQUIRED];
1083 } temp;
1084 };
1085
1086 /**************
1087 * Dictionary *
1088 **************/
1089
1090 /* Reset the dictionary state. */
dict_reset(struct dictionary * dict)1091 static void dict_reset(struct dictionary *dict)
1092 {
1093 dict->start = 0;
1094 dict->pos = 0;
1095 dict->limit = 0;
1096 dict->full = 0;
1097 }
1098
1099 /* Set dictionary write limit */
dict_limit(struct dictionary * dict,size_t out_max)1100 static void dict_limit(struct dictionary *dict, size_t out_max)
1101 {
1102 if (dict->end - dict->pos <= out_max)
1103 dict->limit = dict->end;
1104 else
1105 dict->limit = dict->pos + out_max;
1106 }
1107
1108 /* Return true if at least one byte can be written into the dictionary. */
dict_has_space(const struct dictionary * dict)1109 static int dict_has_space(const struct dictionary *dict)
1110 {
1111 return dict->pos < dict->limit;
1112 }
1113
1114 /*
1115 * Get a byte from the dictionary at the given distance. The distance is
1116 * assumed to valid, or as a special case, zero when the dictionary is
1117 * still empty. This special case is needed for single-call decoding to
1118 * avoid writing a '\0' to the end of the destination buffer.
1119 */
dict_get(const struct dictionary * dict,unsigned dist)1120 static unsigned dict_get(const struct dictionary *dict, unsigned dist)
1121 {
1122 size_t offset = dict->pos - dist - 1;
1123
1124 if (dist >= dict->pos)
1125 offset += dict->end;
1126
1127 return dict->full > 0 ? dict->buf[offset] : 0;
1128 }
1129
1130 /*
1131 * Put one byte into the dictionary. It is assumed that there is space for it.
1132 */
dict_put(struct dictionary * dict,char byte)1133 static void dict_put(struct dictionary *dict, char byte)
1134 {
1135 dict->buf[dict->pos++] = byte;
1136
1137 if (dict->full < dict->pos)
1138 dict->full = dict->pos;
1139 }
1140
1141 /*
1142 * Repeat given number of bytes from the given distance. If the distance is
1143 * invalid, false is returned. On success, true is returned and *len is
1144 * updated to indicate how many bytes were left to be repeated.
1145 */
dict_repeat(struct dictionary * dict,unsigned * len,unsigned dist)1146 static int dict_repeat(struct dictionary *dict, unsigned *len, unsigned dist)
1147 {
1148 size_t back;
1149 unsigned left;
1150
1151 if (dist >= dict->full || dist >= dict->size) return 0;
1152
1153 left = minof(dict->limit - dict->pos, *len);
1154 *len -= left;
1155
1156 back = dict->pos - dist - 1;
1157 if (dist >= dict->pos)
1158 back += dict->end;
1159
1160 do {
1161 dict->buf[dict->pos++] = dict->buf[back++];
1162 if (back == dict->end)
1163 back = 0;
1164 } while (--left > 0);
1165
1166 if (dict->full < dict->pos)
1167 dict->full = dict->pos;
1168
1169 return 1;
1170 }
1171
1172 /* Copy uncompressed data as is from input to dictionary and output buffers. */
dict_uncompressed(struct dictionary * dict,struct xz_buf * b,unsigned * left)1173 static void dict_uncompressed(struct dictionary *dict, struct xz_buf *b,
1174 unsigned *left)
1175 {
1176 size_t copy_size;
1177
1178 while (*left > 0 && b->in_pos < b->in_size
1179 && b->out_pos < b->out_size) {
1180 copy_size = minof(b->in_size - b->in_pos,
1181 b->out_size - b->out_pos);
1182 if (copy_size > dict->end - dict->pos)
1183 copy_size = dict->end - dict->pos;
1184 if (copy_size > *left)
1185 copy_size = *left;
1186
1187 *left -= copy_size;
1188
1189 memcpy(dict->buf + dict->pos, b->in + b->in_pos, copy_size);
1190 dict->pos += copy_size;
1191
1192 if (dict->full < dict->pos)
1193 dict->full = dict->pos;
1194
1195 if (dict->pos == dict->end)
1196 dict->pos = 0;
1197
1198 memcpy(b->out + b->out_pos, b->in + b->in_pos,
1199 copy_size);
1200
1201 dict->start = dict->pos;
1202
1203 b->out_pos += copy_size;
1204 b->in_pos += copy_size;
1205 }
1206 }
1207
1208 /*
1209 * Flush pending data from dictionary to b->out. It is assumed that there is
1210 * enough space in b->out. This is guaranteed because caller uses dict_limit()
1211 * before decoding data into the dictionary.
1212 */
dict_flush(struct dictionary * dict,struct xz_buf * b)1213 static unsigned dict_flush(struct dictionary *dict, struct xz_buf *b)
1214 {
1215 size_t copy_size = dict->pos - dict->start;
1216
1217 if (dict->pos == dict->end)
1218 dict->pos = 0;
1219
1220 memcpy(b->out + b->out_pos, dict->buf + dict->start,
1221 copy_size);
1222
1223 dict->start = dict->pos;
1224 b->out_pos += copy_size;
1225 return copy_size;
1226 }
1227
1228 /*****************
1229 * Range decoder *
1230 *****************/
1231
1232 /* Reset the range decoder. */
rc_reset(struct rc_dec * rc)1233 static void rc_reset(struct rc_dec *rc)
1234 {
1235 rc->range = (unsigned)-1;
1236 rc->code = 0;
1237 rc->init_bytes_left = RC_INIT_BYTES;
1238 }
1239
1240 /*
1241 * Read the first five initial bytes into rc->code if they haven't been
1242 * read already. (Yes, the first byte gets completely ignored.)
1243 */
rc_read_init(struct rc_dec * rc,struct xz_buf * b)1244 static int rc_read_init(struct rc_dec *rc, struct xz_buf *b)
1245 {
1246 while (rc->init_bytes_left > 0) {
1247 if (b->in_pos == b->in_size) return 0;
1248
1249 rc->code = (rc->code << 8) + b->in[b->in_pos++];
1250 --rc->init_bytes_left;
1251 }
1252
1253 return 1;
1254 }
1255
1256 /* Return true if there may not be enough input for the next decoding loop. */
rc_limit_exceeded(const struct rc_dec * rc)1257 static int rc_limit_exceeded(const struct rc_dec *rc)
1258 {
1259 return rc->in_pos > rc->in_limit;
1260 }
1261
1262 /* Read the next input byte if needed. */
rc_normalize(struct rc_dec * rc)1263 static void rc_normalize(struct rc_dec *rc)
1264 {
1265 if (rc->range < RC_TOP_VALUE) {
1266 rc->range <<= RC_SHIFT_BITS;
1267 rc->code = (rc->code << RC_SHIFT_BITS) + rc->in[rc->in_pos++];
1268 }
1269 }
1270
1271 /*
1272 * Decode one bit. In some versions, this function has been splitted in three
1273 * functions so that the compiler is supposed to be able to more easily avoid
1274 * an extra branch. In this particular version of the LZMA decoder, this
1275 * doesn't seem to be a good idea (tested with GCC 3.3.6, 3.4.6, and 4.3.3
1276 * on x86). Using a non-splitted version results in nicer looking code too.
1277 *
1278 * NOTE: This must return an int. Do not make it return a bool or the speed
1279 * of the code generated by GCC 3.x decreases 10-15 %. (GCC 4.3 doesn't care,
1280 * and it generates 10-20 % faster code than GCC 3.x from this file anyway.)
1281 */
rc_bit(struct rc_dec * rc,uint16_t * prob)1282 static int rc_bit(struct rc_dec *rc, uint16_t *prob)
1283 {
1284 unsigned bound;
1285 int bit;
1286
1287 rc_normalize(rc);
1288 bound = (rc->range >> RC_BIT_MODEL_TOTAL_BITS) * *prob;
1289 if (rc->code < bound) {
1290 rc->range = bound;
1291 *prob += (RC_BIT_MODEL_TOTAL - *prob) >> RC_MOVE_BITS;
1292 bit = 0;
1293 } else {
1294 rc->range -= bound;
1295 rc->code -= bound;
1296 *prob -= *prob >> RC_MOVE_BITS;
1297 bit = 1;
1298 }
1299
1300 return bit;
1301 }
1302
1303 /* Decode a bittree starting from the most significant bit. */
rc_bittree(struct rc_dec * rc,uint16_t * probs,unsigned limit)1304 static unsigned rc_bittree(struct rc_dec *rc,
1305 uint16_t *probs, unsigned limit)
1306 {
1307 unsigned symbol = 1;
1308
1309 do {
1310 if (rc_bit(rc, &probs[symbol]))
1311 symbol = (symbol << 1) + 1;
1312 else
1313 symbol <<= 1;
1314 } while (symbol < limit);
1315
1316 return symbol;
1317 }
1318
1319 /* Decode a bittree starting from the least significant bit. */
rc_bittree_reverse(struct rc_dec * rc,uint16_t * probs,unsigned * dest,unsigned limit)1320 static void rc_bittree_reverse(struct rc_dec *rc,
1321 uint16_t *probs,
1322 unsigned *dest, unsigned limit)
1323 {
1324 unsigned symbol = 1;
1325 unsigned i = 0;
1326
1327 do {
1328 if (rc_bit(rc, &probs[symbol])) {
1329 symbol = (symbol << 1) + 1;
1330 *dest += 1 << i;
1331 } else {
1332 symbol <<= 1;
1333 }
1334 } while (++i < limit);
1335 }
1336
1337 /* Decode direct bits (fixed fifty-fifty probability) */
rc_direct(struct rc_dec * rc,unsigned * dest,unsigned limit)1338 static void rc_direct(struct rc_dec *rc, unsigned *dest, unsigned limit)
1339 {
1340 unsigned mask;
1341
1342 do {
1343 rc_normalize(rc);
1344 rc->range >>= 1;
1345 rc->code -= rc->range;
1346 mask = (unsigned)0 - (rc->code >> 31);
1347 rc->code += rc->range & mask;
1348 *dest = (*dest << 1) + (mask + 1);
1349 } while (--limit > 0);
1350 }
1351
1352 /********
1353 * LZMA *
1354 ********/
1355
1356 /* Get pointer to literal coder probability array. */
lzma_literal_probs(struct xz_dec_lzma2 * s)1357 static uint16_t *lzma_literal_probs(struct xz_dec_lzma2 *s)
1358 {
1359 unsigned prev_byte = dict_get(&s->dict, 0);
1360 unsigned low = prev_byte >> (8 - s->lzma.lc);
1361 unsigned high = (s->dict.pos & s->lzma.literal_pos_mask) << s->lzma.lc;
1362 return s->lzma.literal[low + high];
1363 }
1364
1365 /* Decode a literal (one 8-bit byte) */
lzma_literal(struct xz_dec_lzma2 * s)1366 static void lzma_literal(struct xz_dec_lzma2 *s)
1367 {
1368 uint16_t *probs;
1369 unsigned symbol;
1370 unsigned match_byte;
1371 unsigned match_bit;
1372 unsigned offset;
1373 unsigned i;
1374
1375 probs = lzma_literal_probs(s);
1376
1377 if (s->lzma.state < LIT_STATES) {
1378 symbol = rc_bittree(&s->rc, probs, 0x100);
1379 } else {
1380 symbol = 1;
1381 match_byte = dict_get(&s->dict, s->lzma.rep0) << 1;
1382 offset = 0x100;
1383
1384 do {
1385 match_bit = match_byte & offset;
1386 match_byte <<= 1;
1387 i = offset + match_bit + symbol;
1388
1389 if (rc_bit(&s->rc, &probs[i])) {
1390 symbol = (symbol << 1) + 1;
1391 offset &= match_bit;
1392 } else {
1393 symbol <<= 1;
1394 offset &= ~match_bit;
1395 }
1396 } while (symbol < 0x100);
1397 }
1398
1399 dict_put(&s->dict, (char)symbol);
1400 lzma_state_literal(&s->lzma.state);
1401 }
1402
1403 /* Decode the length of the match into s->lzma.len. */
lzma_len(struct xz_dec_lzma2 * s,struct lzma_len_dec * l,unsigned pos_state)1404 static void lzma_len(struct xz_dec_lzma2 *s, struct lzma_len_dec *l,
1405 unsigned pos_state)
1406 {
1407 uint16_t *probs;
1408 unsigned limit;
1409
1410 if (!rc_bit(&s->rc, &l->choice)) {
1411 probs = l->low[pos_state];
1412 limit = LEN_LOW_SYMBOLS;
1413 s->lzma.len = MATCH_LEN_MIN;
1414 } else {
1415 if (!rc_bit(&s->rc, &l->choice2)) {
1416 probs = l->mid[pos_state];
1417 limit = LEN_MID_SYMBOLS;
1418 s->lzma.len = MATCH_LEN_MIN + LEN_LOW_SYMBOLS;
1419 } else {
1420 probs = l->high;
1421 limit = LEN_HIGH_SYMBOLS;
1422 s->lzma.len = MATCH_LEN_MIN + LEN_LOW_SYMBOLS
1423 + LEN_MID_SYMBOLS;
1424 }
1425 }
1426
1427 s->lzma.len += rc_bittree(&s->rc, probs, limit) - limit;
1428 }
1429
1430 /* Decode a match. The distance will be stored in s->lzma.rep0. */
lzma_match(struct xz_dec_lzma2 * s,unsigned pos_state)1431 static void lzma_match(struct xz_dec_lzma2 *s, unsigned pos_state)
1432 {
1433 uint16_t *probs;
1434 unsigned dist_slot;
1435 unsigned limit;
1436
1437 lzma_state_match(&s->lzma.state);
1438
1439 s->lzma.rep3 = s->lzma.rep2;
1440 s->lzma.rep2 = s->lzma.rep1;
1441 s->lzma.rep1 = s->lzma.rep0;
1442
1443 lzma_len(s, &s->lzma.match_len_dec, pos_state);
1444
1445 probs = s->lzma.dist_slot[lzma_get_dist_state(s->lzma.len)];
1446 dist_slot = rc_bittree(&s->rc, probs, DIST_SLOTS) - DIST_SLOTS;
1447
1448 if (dist_slot < DIST_MODEL_START) {
1449 s->lzma.rep0 = dist_slot;
1450 } else {
1451 limit = (dist_slot >> 1) - 1;
1452 s->lzma.rep0 = 2 + (dist_slot & 1);
1453
1454 if (dist_slot < DIST_MODEL_END) {
1455 s->lzma.rep0 <<= limit;
1456 probs = s->lzma.dist_special + s->lzma.rep0
1457 - dist_slot - 1;
1458 rc_bittree_reverse(&s->rc, probs,
1459 &s->lzma.rep0, limit);
1460 } else {
1461 rc_direct(&s->rc, &s->lzma.rep0, limit - ALIGN_BITS);
1462 s->lzma.rep0 <<= ALIGN_BITS;
1463 rc_bittree_reverse(&s->rc, s->lzma.dist_align,
1464 &s->lzma.rep0, ALIGN_BITS);
1465 }
1466 }
1467 }
1468
1469 /*
1470 * Decode a repeated match. The distance is one of the four most recently
1471 * seen matches. The distance will be stored in s->lzma.rep0.
1472 */
lzma_rep_match(struct xz_dec_lzma2 * s,unsigned pos_state)1473 static void lzma_rep_match(struct xz_dec_lzma2 *s, unsigned pos_state)
1474 {
1475 unsigned tmp;
1476
1477 if (!rc_bit(&s->rc, &s->lzma.is_rep0[s->lzma.state])) {
1478 if (!rc_bit(&s->rc, &s->lzma.is_rep0_long[
1479 s->lzma.state][pos_state])) {
1480 lzma_state_short_rep(&s->lzma.state);
1481 s->lzma.len = 1;
1482 return;
1483 }
1484 } else {
1485 if (!rc_bit(&s->rc, &s->lzma.is_rep1[s->lzma.state])) {
1486 tmp = s->lzma.rep1;
1487 } else {
1488 if (!rc_bit(&s->rc, &s->lzma.is_rep2[s->lzma.state])) {
1489 tmp = s->lzma.rep2;
1490 } else {
1491 tmp = s->lzma.rep3;
1492 s->lzma.rep3 = s->lzma.rep2;
1493 }
1494
1495 s->lzma.rep2 = s->lzma.rep1;
1496 }
1497
1498 s->lzma.rep1 = s->lzma.rep0;
1499 s->lzma.rep0 = tmp;
1500 }
1501
1502 lzma_state_long_rep(&s->lzma.state);
1503 lzma_len(s, &s->lzma.rep_len_dec, pos_state);
1504 }
1505
1506 /* LZMA decoder core */
lzma_main(struct xz_dec_lzma2 * s)1507 static int lzma_main(struct xz_dec_lzma2 *s)
1508 {
1509 unsigned pos_state;
1510
1511 /*
1512 * If the dictionary was reached during the previous call, try to
1513 * finish the possibly pending repeat in the dictionary.
1514 */
1515 if (dict_has_space(&s->dict) && s->lzma.len > 0)
1516 dict_repeat(&s->dict, &s->lzma.len, s->lzma.rep0);
1517
1518 /*
1519 * Decode more LZMA symbols. One iteration may consume up to
1520 * LZMA_IN_REQUIRED - 1 bytes.
1521 */
1522 while (dict_has_space(&s->dict) && !rc_limit_exceeded(&s->rc)) {
1523 pos_state = s->dict.pos & s->lzma.pos_mask;
1524
1525 if (!rc_bit(&s->rc, &s->lzma.is_match[
1526 s->lzma.state][pos_state])) {
1527 lzma_literal(s);
1528 } else {
1529 if (rc_bit(&s->rc, &s->lzma.is_rep[s->lzma.state]))
1530 lzma_rep_match(s, pos_state);
1531 else
1532 lzma_match(s, pos_state);
1533
1534 if (!dict_repeat(&s->dict, &s->lzma.len, s->lzma.rep0))
1535 return 0;
1536 }
1537 }
1538
1539 /*
1540 * Having the range decoder always normalized when we are outside
1541 * this function makes it easier to correctly handle end of the chunk.
1542 */
1543 rc_normalize(&s->rc);
1544
1545 return 1;
1546 }
1547
1548 /*
1549 * Reset the LZMA decoder and range decoder state. Dictionary is nore reset
1550 * here, because LZMA state may be reset without resetting the dictionary.
1551 */
lzma_reset(struct xz_dec_lzma2 * s)1552 static void lzma_reset(struct xz_dec_lzma2 *s)
1553 {
1554 uint16_t *probs;
1555 size_t i;
1556
1557 s->lzma.state = STATE_LIT_LIT;
1558 s->lzma.rep0 = 0;
1559 s->lzma.rep1 = 0;
1560 s->lzma.rep2 = 0;
1561 s->lzma.rep3 = 0;
1562
1563 /*
1564 * All probabilities are initialized to the same value. This hack
1565 * makes the code smaller by avoiding a separate loop for each
1566 * probability array.
1567 *
1568 * This could be optimized so that only that part of literal
1569 * probabilities that are actually required. In the common case
1570 * we would write 12 KiB less.
1571 */
1572 probs = s->lzma.is_match[0];
1573 for (i = 0; i < PROBS_TOTAL; ++i)
1574 probs[i] = RC_BIT_MODEL_TOTAL / 2;
1575
1576 rc_reset(&s->rc);
1577 }
1578
1579 /*
1580 * Decode and validate LZMA properties (lc/lp/pb) and calculate the bit masks
1581 * from the decoded lp and pb values. On success, the LZMA decoder state is
1582 * reset and true is returned.
1583 */
lzma_props(struct xz_dec_lzma2 * s,char props)1584 static int lzma_props(struct xz_dec_lzma2 *s, char props)
1585 {
1586 if (props > (4 * 5 + 4) * 9 + 8)
1587 return 0;
1588
1589 s->lzma.pos_mask = 0;
1590 while (props >= 9 * 5) {
1591 props -= 9 * 5;
1592 ++s->lzma.pos_mask;
1593 }
1594
1595 s->lzma.pos_mask = (1 << s->lzma.pos_mask) - 1;
1596
1597 s->lzma.literal_pos_mask = 0;
1598 while (props >= 9) {
1599 props -= 9;
1600 ++s->lzma.literal_pos_mask;
1601 }
1602
1603 s->lzma.lc = props;
1604
1605 if (s->lzma.lc + s->lzma.literal_pos_mask > 4)
1606 return 0;
1607
1608 s->lzma.literal_pos_mask = (1 << s->lzma.literal_pos_mask) - 1;
1609
1610 lzma_reset(s);
1611
1612 return 1;
1613 }
1614
1615 /*********
1616 * LZMA2 *
1617 *********/
1618
1619 /*
1620 * The LZMA decoder assumes that if the input limit (s->rc.in_limit) hasn't
1621 * been exceeded, it is safe to read up to LZMA_IN_REQUIRED bytes. This
1622 * wrapper function takes care of making the LZMA decoder's assumption safe.
1623 *
1624 * As long as there is plenty of input left to be decoded in the current LZMA
1625 * chunk, we decode directly from the caller-supplied input buffer until
1626 * there's LZMA_IN_REQUIRED bytes left. Those remaining bytes are copied into
1627 * s->temp.buf, which (hopefully) gets filled on the next call to this
1628 * function. We decode a few bytes from the temporary buffer so that we can
1629 * continue decoding from the caller-supplied input buffer again.
1630 */
lzma2_lzma(struct xz_dec_lzma2 * s,struct xz_buf * b)1631 static int lzma2_lzma(struct xz_dec_lzma2 *s, struct xz_buf *b)
1632 {
1633 size_t in_avail;
1634 unsigned tmp;
1635
1636 in_avail = b->in_size - b->in_pos;
1637 if (s->temp.size > 0 || !s->lzma2.compressed) {
1638 tmp = 2 * LZMA_IN_REQUIRED - s->temp.size;
1639 if (tmp > s->lzma2.compressed - s->temp.size)
1640 tmp = s->lzma2.compressed - s->temp.size;
1641 if (tmp > in_avail)
1642 tmp = in_avail;
1643
1644 memcpy(s->temp.buf + s->temp.size, b->in + b->in_pos, tmp);
1645
1646 if (s->temp.size + tmp == s->lzma2.compressed) {
1647 memset(s->temp.buf + s->temp.size + tmp, 0,
1648 sizeof(s->temp.buf)
1649 - s->temp.size - tmp);
1650 s->rc.in_limit = s->temp.size + tmp;
1651 } else if (s->temp.size + tmp < LZMA_IN_REQUIRED) {
1652 s->temp.size += tmp;
1653 b->in_pos += tmp;
1654 return 1;
1655 } else {
1656 s->rc.in_limit = s->temp.size + tmp - LZMA_IN_REQUIRED;
1657 }
1658
1659 s->rc.in = s->temp.buf;
1660 s->rc.in_pos = 0;
1661
1662 if (!lzma_main(s) || s->rc.in_pos > s->temp.size + tmp)
1663 return 0;
1664
1665 s->lzma2.compressed -= s->rc.in_pos;
1666
1667 if (s->rc.in_pos < s->temp.size) {
1668 s->temp.size -= s->rc.in_pos;
1669 memmove(s->temp.buf, s->temp.buf + s->rc.in_pos,
1670 s->temp.size);
1671 return 1;
1672 }
1673
1674 b->in_pos += s->rc.in_pos - s->temp.size;
1675 s->temp.size = 0;
1676 }
1677
1678 in_avail = b->in_size - b->in_pos;
1679 if (in_avail >= LZMA_IN_REQUIRED) {
1680 s->rc.in = b->in;
1681 s->rc.in_pos = b->in_pos;
1682
1683 if (in_avail >= s->lzma2.compressed + LZMA_IN_REQUIRED)
1684 s->rc.in_limit = b->in_pos + s->lzma2.compressed;
1685 else
1686 s->rc.in_limit = b->in_size - LZMA_IN_REQUIRED;
1687
1688 if (!lzma_main(s))
1689 return 0;
1690
1691 in_avail = s->rc.in_pos - b->in_pos;
1692 if (in_avail > s->lzma2.compressed) return 0;
1693
1694 s->lzma2.compressed -= in_avail;
1695 b->in_pos = s->rc.in_pos;
1696 }
1697
1698 in_avail = b->in_size - b->in_pos;
1699 if (in_avail < LZMA_IN_REQUIRED) {
1700 if (in_avail > s->lzma2.compressed)
1701 in_avail = s->lzma2.compressed;
1702
1703 memcpy(s->temp.buf, b->in + b->in_pos, in_avail);
1704 s->temp.size = in_avail;
1705 b->in_pos += in_avail;
1706 }
1707
1708 return 1;
1709 }
1710
1711 /*
1712 * Take care of the LZMA2 control layer, and forward the job of actual LZMA
1713 * decoding or copying of uncompressed chunks to other functions.
1714 */
xz_dec_lzma2_run(struct xz_dec_lzma2 * s,struct xz_buf * b)1715 enum xz_ret xz_dec_lzma2_run(struct xz_dec_lzma2 *s, struct xz_buf *b)
1716 {
1717 unsigned tmp;
1718
1719 while (b->in_pos < b->in_size || s->lzma2.sequence == SEQ_LZMA_RUN) {
1720 switch (s->lzma2.sequence) {
1721 case SEQ_CONTROL:
1722 /*
1723 * LZMA2 control byte
1724 *
1725 * Exact values:
1726 * 0x00 End marker
1727 * 0x01 Dictionary reset followed by
1728 * an uncompressed chunk
1729 * 0x02 Uncompressed chunk (no dictionary reset)
1730 *
1731 * Highest three bits (s->control & 0xE0):
1732 * 0xE0 Dictionary reset, new properties and state
1733 * reset, followed by LZMA compressed chunk
1734 * 0xC0 New properties and state reset, followed
1735 * by LZMA compressed chunk (no dictionary
1736 * reset)
1737 * 0xA0 State reset using old properties,
1738 * followed by LZMA compressed chunk (no
1739 * dictionary reset)
1740 * 0x80 LZMA chunk (no dictionary or state reset)
1741 *
1742 * For LZMA compressed chunks, the lowest five bits
1743 * (s->control & 1F) are the highest bits of the
1744 * uncompressed size (bits 16-20).
1745 *
1746 * A new LZMA2 stream must begin with a dictionary
1747 * reset. The first LZMA chunk must set new
1748 * properties and reset the LZMA state.
1749 *
1750 * Values that don't match anything described above
1751 * are invalid and we return XZ_DATA_ERROR.
1752 */
1753
1754
1755 if (!(tmp = b->in[b->in_pos++]))
1756 return XZ_STREAM_END;
1757
1758 if (tmp >= 0xE0 || tmp == 1) {
1759 s->lzma2.need_props = 1;
1760 s->lzma2.need_dict_reset = 0;
1761 dict_reset(&s->dict);
1762 } else if (s->lzma2.need_dict_reset) {
1763 return XZ_DATA_ERROR;
1764 }
1765
1766 if (tmp >= 0x80) {
1767 s->lzma2.uncompressed = (tmp & 0x1F) << 16;
1768 s->lzma2.sequence = SEQ_UNCOMPRESSED_1;
1769
1770 if (tmp >= 0xC0) {
1771 /*
1772 * When there are new properties,
1773 * state reset is done at
1774 * SEQ_PROPERTIES.
1775 */
1776 s->lzma2.need_props = 0;
1777 s->lzma2.next_sequence
1778 = SEQ_PROPERTIES;
1779
1780 } else if (s->lzma2.need_props) {
1781 return XZ_DATA_ERROR;
1782
1783 } else {
1784 s->lzma2.next_sequence
1785 = SEQ_LZMA_PREPARE;
1786 if (tmp >= 0xA0)
1787 lzma_reset(s);
1788 }
1789 } else {
1790 if (tmp > 2)
1791 return XZ_DATA_ERROR;
1792
1793 s->lzma2.sequence = SEQ_COMPRESSED_0;
1794 s->lzma2.next_sequence = SEQ_COPY;
1795 }
1796
1797 break;
1798
1799 case SEQ_UNCOMPRESSED_1:
1800 s->lzma2.uncompressed
1801 += (unsigned)b->in[b->in_pos++] << 8;
1802 s->lzma2.sequence = SEQ_UNCOMPRESSED_2;
1803 break;
1804
1805 case SEQ_UNCOMPRESSED_2:
1806 s->lzma2.uncompressed
1807 += (unsigned)b->in[b->in_pos++] + 1;
1808 s->lzma2.sequence = SEQ_COMPRESSED_0;
1809 break;
1810
1811 case SEQ_COMPRESSED_0:
1812 s->lzma2.compressed
1813 = (unsigned)b->in[b->in_pos++] << 8;
1814 s->lzma2.sequence = SEQ_COMPRESSED_1;
1815 break;
1816
1817 case SEQ_COMPRESSED_1:
1818 s->lzma2.compressed
1819 += (unsigned)b->in[b->in_pos++] + 1;
1820 s->lzma2.sequence = s->lzma2.next_sequence;
1821 break;
1822
1823 case SEQ_PROPERTIES:
1824 if (!lzma_props(s, b->in[b->in_pos++]))
1825 return XZ_DATA_ERROR;
1826
1827 s->lzma2.sequence = SEQ_LZMA_PREPARE;
1828
1829 case SEQ_LZMA_PREPARE:
1830 if (s->lzma2.compressed < RC_INIT_BYTES)
1831 return XZ_DATA_ERROR;
1832
1833 if (!rc_read_init(&s->rc, b))
1834 return XZ_OK;
1835
1836 s->lzma2.compressed -= RC_INIT_BYTES;
1837 s->lzma2.sequence = SEQ_LZMA_RUN;
1838
1839 case SEQ_LZMA_RUN:
1840 /*
1841 * Set dictionary limit to indicate how much we want
1842 * to be encoded at maximum. Decode new data into the
1843 * dictionary. Flush the new data from dictionary to
1844 * b->out. Check if we finished decoding this chunk.
1845 * In case the dictionary got full but we didn't fill
1846 * the output buffer yet, we may run this loop
1847 * multiple times without changing s->lzma2.sequence.
1848 */
1849 dict_limit(&s->dict, minof(b->out_size - b->out_pos,
1850 s->lzma2.uncompressed));
1851 if (!lzma2_lzma(s, b))
1852 return XZ_DATA_ERROR;
1853
1854 s->lzma2.uncompressed -= dict_flush(&s->dict, b);
1855
1856 if (!s->lzma2.uncompressed) {
1857 if (s->lzma2.compressed > 0 || s->lzma.len > 0
1858 || s->rc.code)
1859 return XZ_DATA_ERROR;
1860
1861 rc_reset(&s->rc);
1862 s->lzma2.sequence = SEQ_CONTROL;
1863
1864 } else if (b->out_pos == b->out_size
1865 || (b->in_pos == b->in_size
1866 && s->temp.size
1867 < s->lzma2.compressed)) {
1868 return XZ_OK;
1869 }
1870
1871 break;
1872
1873 case SEQ_COPY:
1874 dict_uncompressed(&s->dict, b, &s->lzma2.compressed);
1875 if (s->lzma2.compressed > 0)
1876 return XZ_OK;
1877
1878 s->lzma2.sequence = SEQ_CONTROL;
1879 break;
1880 }
1881 }
1882
1883 return XZ_OK;
1884 }
1885
xz_dec_lzma2_create(unsigned dict_max)1886 struct xz_dec_lzma2 *xz_dec_lzma2_create(unsigned dict_max)
1887 {
1888 struct xz_dec_lzma2 *s = malloc(sizeof(*s));
1889 if (!s)
1890 return NULL;
1891
1892 s->dict.size_max = dict_max;
1893 s->dict.buf = NULL;
1894 s->dict.allocated = 0;
1895
1896 return s;
1897 }
1898
xz_dec_lzma2_reset(struct xz_dec_lzma2 * s,char props)1899 enum xz_ret xz_dec_lzma2_reset(struct xz_dec_lzma2 *s, char props)
1900 {
1901 /* This limits dictionary size to 3 GiB to keep parsing simpler. */
1902 if (props > 39)
1903 return XZ_OPTIONS_ERROR;
1904
1905 s->dict.size = 2 + (props & 1);
1906 s->dict.size <<= (props >> 1) + 11;
1907
1908 if (s->dict.size > s->dict.size_max)
1909 return XZ_MEMLIMIT_ERROR;
1910
1911 s->dict.end = s->dict.size;
1912
1913 if (s->dict.allocated < s->dict.size) {
1914 free(s->dict.buf);
1915 s->dict.buf = malloc(s->dict.size);
1916 if (s->dict.buf == NULL) {
1917 s->dict.allocated = 0;
1918 return XZ_MEM_ERROR;
1919 }
1920 }
1921
1922 s->lzma.len = 0;
1923
1924 s->lzma2.sequence = SEQ_CONTROL;
1925 s->lzma2.need_dict_reset = 1;
1926
1927 s->temp.size = 0;
1928
1929 return XZ_OK;
1930 }
1931
1932 /*
1933 * .xz Stream decoder
1934 */
1935
1936
1937 // BEGIN xz_stream.h
1938 /*
1939 * Definitions for handling the .xz file format
1940 */
1941
1942
1943 #define STREAM_HEADER_SIZE 12
1944
1945 #define HEADER_MAGIC "\3757zXZ"
1946 #define HEADER_MAGIC_SIZE 6
1947
1948 #define FOOTER_MAGIC "YZ"
1949 #define FOOTER_MAGIC_SIZE 2
1950
1951 #define VLI_MAX ((uint64_t)-1 / 2)
1952 #define VLI_UNKNOWN (-1ULL)
1953
1954 /* Maximum encoded size of a VLI */
1955 #define VLI_BYTES_MAX (sizeof(uint64_t) * 8 / 7)
1956
1957 /* Integrity Check types */
1958 enum xz_check {
1959 XZ_CHECK_NONE = 0,
1960 XZ_CHECK_CRC32 = 1,
1961 XZ_CHECK_CRC64 = 4,
1962 XZ_CHECK_SHA256 = 10
1963 };
1964
1965 /* Maximum possible Check ID */
1966 #define XZ_CHECK_MAX 15
1967 // END xz_stream.h
1968
1969 /* Hash used to validate the Index field */
1970 struct xz_dec_hash {
1971 uint64_t unpadded;
1972 uint64_t uncompressed;
1973 unsigned crc32;
1974 };
1975
1976 struct xz_dec {
1977 /* Position in dec_main() */
1978 enum {
1979 SEQ_STREAM_HEADER,
1980 SEQ_BLOCK_START,
1981 SEQ_BLOCK_HEADER,
1982 SEQ_BLOCK_UNCOMPRESS,
1983 SEQ_BLOCK_PADDING,
1984 SEQ_BLOCK_CHECK,
1985 SEQ_INDEX,
1986 SEQ_INDEX_PADDING,
1987 SEQ_INDEX_CRC32,
1988 SEQ_STREAM_FOOTER
1989 } sequence;
1990
1991 /* Position in variable-length integers and Check fields */
1992 unsigned pos;
1993
1994 /* Variable-length integer decoded by dec_vli() */
1995 uint64_t vli;
1996
1997 /* Saved in_pos and out_pos */
1998 size_t in_start;
1999 size_t out_start;
2000
2001 /* CRC32 or CRC64 value in Block or CRC32 value in Index */
2002 uint64_t crc;
2003
2004 /* Type of the integrity check calculated from uncompressed data */
2005 enum xz_check check_type;
2006
2007 /*
2008 * True if the next call to xz_dec_run() is allowed to return
2009 * XZ_BUF_ERROR.
2010 */
2011 int allow_buf_error;
2012
2013 /* Information stored in Block Header */
2014 struct {
2015 /* Value stored in the Compressed Size field, or
2016 * VLI_UNKNOWN if Compressed Size is not present. */
2017 uint64_t compressed;
2018
2019 /* Value stored in the Uncompressed Size field, or
2020 * VLI_UNKNOWN if Uncompressed Size is not present. */
2021 uint64_t uncompressed;
2022
2023 /* Size of the Block Header field */
2024 unsigned size;
2025 } block_header;
2026
2027 /* Information collected when decoding Blocks */
2028 struct {
2029 /* Observed compressed size of the current Block */
2030 uint64_t compressed;
2031
2032 /* Observed uncompressed size of the current Block */
2033 uint64_t uncompressed;
2034
2035 uint64_t count; /* Number of Blocks decoded so far */
2036
2037 // Hash calculated from the Block sizes. This is used to
2038 // validate the Index field.
2039 struct xz_dec_hash hash;
2040 } block;
2041
2042 /* Variables needed when verifying the Index field */
2043 struct {
2044 /* Position in dec_index() */
2045 enum {
2046 SEQ_INDEX_COUNT,
2047 SEQ_INDEX_UNPADDED,
2048 SEQ_INDEX_UNCOMPRESSED
2049 } sequence;
2050
2051 // Size of the Index in bytes
2052 uint64_t size;
2053
2054 // Number of Records (matches block.count in valid files)
2055 uint64_t count;
2056
2057 // Hash calculated from the Records (matches block.hash in
2058 // valid files).
2059 struct xz_dec_hash hash;
2060 } index;
2061
2062 /*
2063 * Temporary buffer needed to hold Stream Header, Block Header,
2064 * and Stream Footer. The Block Header is the biggest (1 KiB)
2065 * so we reserve space according to that. buf[] has to be aligned
2066 * to a multiple of four bytes; the size_t variables before it
2067 * should guarantee this.
2068 */
2069 struct {
2070 size_t pos;
2071 size_t size;
2072 char buf[1024];
2073 } temp;
2074
2075 struct xz_dec_lzma2 *lzma2;
2076
2077 struct xz_dec_bcj *bcj;
2078 int bcj_active;
2079 };
2080
2081 /* Sizes of the Check field with different Check IDs */
2082 static const char check_sizes[16] = {
2083 0,
2084 4, 4, 4,
2085 8, 8, 8,
2086 16, 16, 16,
2087 32, 32, 32,
2088 64, 64, 64
2089 };
2090
2091 /*
2092 * Fill s->temp by copying data starting from b->in[b->in_pos]. Caller
2093 * must have set s->temp.pos to indicate how much data we are supposed
2094 * to copy into s->temp.buf. Return true once s->temp.pos has reached
2095 * s->temp.size.
2096 */
fill_temp(struct xz_dec * s,struct xz_buf * b)2097 static int fill_temp(struct xz_dec *s, struct xz_buf *b)
2098 {
2099 size_t copy_size = minof(b->in_size - b->in_pos, s->temp.size - s->temp.pos);
2100
2101 memcpy(s->temp.buf + s->temp.pos, b->in + b->in_pos, copy_size);
2102 b->in_pos += copy_size;
2103 s->temp.pos += copy_size;
2104
2105 if (s->temp.pos == s->temp.size) {
2106 s->temp.pos = 0;
2107 return 1;
2108 }
2109
2110 return 0;
2111 }
2112
2113 /* Decode a variable-length integer (little-endian base-128 encoding) */
dec_vli(struct xz_dec * s,const char * in,size_t * in_pos,size_t in_size)2114 static enum xz_ret dec_vli(struct xz_dec *s, const char *in,
2115 size_t *in_pos, size_t in_size)
2116 {
2117 char byte;
2118
2119 if (!s->pos)
2120 s->vli = 0;
2121
2122 while (*in_pos < in_size) {
2123 byte = in[*in_pos];
2124 ++*in_pos;
2125
2126 s->vli |= (uint64_t)(byte & 0x7F) << s->pos;
2127
2128 if (!(byte & 0x80)) {
2129 // Don't allow non-minimal encodings.
2130 if (!byte && s->pos)
2131 return XZ_DATA_ERROR;
2132
2133 s->pos = 0;
2134 return XZ_STREAM_END;
2135 }
2136
2137 s->pos += 7;
2138 if (s->pos == 7 * VLI_BYTES_MAX)
2139 return XZ_DATA_ERROR;
2140 }
2141
2142 return XZ_OK;
2143 }
2144
2145 /*
2146 * Decode the Compressed Data field from a Block. Update and validate
2147 * the observed compressed and uncompressed sizes of the Block so that
2148 * they don't exceed the values possibly stored in the Block Header
2149 * (validation assumes that no integer overflow occurs, since uint64_t
2150 * is normally uint64_t). Update the CRC32 or CRC64 value if presence of
2151 * the CRC32 or CRC64 field was indicated in Stream Header.
2152 *
2153 * Once the decoding is finished, validate that the observed sizes match
2154 * the sizes possibly stored in the Block Header. Update the hash and
2155 * Block count, which are later used to validate the Index field.
2156 */
dec_block(struct xz_dec * s,struct xz_buf * b)2157 static enum xz_ret dec_block(struct xz_dec *s, struct xz_buf *b)
2158 {
2159 enum xz_ret ret;
2160
2161 s->in_start = b->in_pos;
2162 s->out_start = b->out_pos;
2163
2164 if (s->bcj_active)
2165 ret = xz_dec_bcj_run(s->bcj, s->lzma2, b);
2166 else
2167 ret = xz_dec_lzma2_run(s->lzma2, b);
2168
2169 s->block.compressed += b->in_pos - s->in_start;
2170 s->block.uncompressed += b->out_pos - s->out_start;
2171
2172 /*
2173 * There is no need to separately check for VLI_UNKNOWN, since
2174 * the observed sizes are always smaller than VLI_UNKNOWN.
2175 */
2176 if (s->block.compressed > s->block_header.compressed
2177 || s->block.uncompressed
2178 > s->block_header.uncompressed)
2179 return XZ_DATA_ERROR;
2180
2181 if (s->check_type == XZ_CHECK_CRC32)
2182 s->crc = xz_crc32(b->out + s->out_start,
2183 b->out_pos - s->out_start, s->crc);
2184 else if (s->check_type == XZ_CHECK_CRC64) {
2185 s->crc = ~(s->crc);
2186 size_t size = b->out_pos - s->out_start;
2187 char *buf = b->out + s->out_start;
2188 while (size) {
2189 s->crc = xz_crc64_table[*buf++ ^ (s->crc & 0xFF)] ^ (s->crc >> 8);
2190 --size;
2191 }
2192 s->crc=~(s->crc);
2193 }
2194
2195 if (ret == XZ_STREAM_END) {
2196 if (s->block_header.compressed != VLI_UNKNOWN
2197 && s->block_header.compressed
2198 != s->block.compressed)
2199 return XZ_DATA_ERROR;
2200
2201 if (s->block_header.uncompressed != VLI_UNKNOWN
2202 && s->block_header.uncompressed
2203 != s->block.uncompressed)
2204 return XZ_DATA_ERROR;
2205
2206 s->block.hash.unpadded += s->block_header.size
2207 + s->block.compressed;
2208
2209 s->block.hash.unpadded += check_sizes[s->check_type];
2210
2211 s->block.hash.uncompressed += s->block.uncompressed;
2212 s->block.hash.crc32 = xz_crc32(
2213 (const char *)&s->block.hash,
2214 sizeof(s->block.hash), s->block.hash.crc32);
2215
2216 ++s->block.count;
2217 }
2218
2219 return ret;
2220 }
2221
2222 /* Update the Index size and the CRC32 value. */
index_update(struct xz_dec * s,const struct xz_buf * b)2223 static void index_update(struct xz_dec *s, const struct xz_buf *b)
2224 {
2225 size_t in_used = b->in_pos - s->in_start;
2226 s->index.size += in_used;
2227 s->crc = xz_crc32(b->in + s->in_start, in_used, s->crc);
2228 }
2229
2230 /*
2231 * Decode the Number of Records, Unpadded Size, and Uncompressed Size
2232 * fields from the Index field. That is, Index Padding and CRC32 are not
2233 * decoded by this function.
2234 *
2235 * This can return XZ_OK (more input needed), XZ_STREAM_END (everything
2236 * successfully decoded), or XZ_DATA_ERROR (input is corrupt).
2237 */
dec_index(struct xz_dec * s,struct xz_buf * b)2238 static enum xz_ret dec_index(struct xz_dec *s, struct xz_buf *b)
2239 {
2240 enum xz_ret ret;
2241
2242 do {
2243 ret = dec_vli(s, b->in, &b->in_pos, b->in_size);
2244 if (ret != XZ_STREAM_END) {
2245 index_update(s, b);
2246 return ret;
2247 }
2248
2249 switch (s->index.sequence) {
2250 case SEQ_INDEX_COUNT:
2251 s->index.count = s->vli;
2252
2253 /*
2254 * Validate that the Number of Records field
2255 * indicates the same number of Records as
2256 * there were Blocks in the Stream.
2257 */
2258 if (s->index.count != s->block.count)
2259 return XZ_DATA_ERROR;
2260
2261 s->index.sequence = SEQ_INDEX_UNPADDED;
2262 break;
2263
2264 case SEQ_INDEX_UNPADDED:
2265 s->index.hash.unpadded += s->vli;
2266 s->index.sequence = SEQ_INDEX_UNCOMPRESSED;
2267 break;
2268
2269 case SEQ_INDEX_UNCOMPRESSED:
2270 s->index.hash.uncompressed += s->vli;
2271 s->index.hash.crc32 = xz_crc32(
2272 (const char *)&s->index.hash,
2273 sizeof(s->index.hash),
2274 s->index.hash.crc32);
2275 --s->index.count;
2276 s->index.sequence = SEQ_INDEX_UNPADDED;
2277 break;
2278 }
2279 } while (s->index.count > 0);
2280
2281 return XZ_STREAM_END;
2282 }
2283
2284 /*
2285 * Validate that the next four or eight input bytes match the value
2286 * of s->crc. s->pos must be zero when starting to validate the first byte.
2287 * The "bits" argument allows using the same code for both CRC32 and CRC64.
2288 */
crc_validate(struct xz_dec * s,struct xz_buf * b,unsigned bits)2289 static enum xz_ret crc_validate(struct xz_dec *s, struct xz_buf *b,
2290 unsigned bits)
2291 {
2292 do {
2293 if (b->in_pos == b->in_size)
2294 return XZ_OK;
2295
2296 if (((s->crc >> s->pos) & 0xFF) != b->in[b->in_pos++])
2297 return XZ_DATA_ERROR;
2298
2299 s->pos += 8;
2300
2301 } while (s->pos < bits);
2302
2303 s->crc = 0;
2304 s->pos = 0;
2305
2306 return XZ_STREAM_END;
2307 }
2308
2309 /*
2310 * Skip over the Check field when the Check ID is not supported.
2311 * Returns true once the whole Check field has been skipped over.
2312 */
check_skip(struct xz_dec * s,struct xz_buf * b)2313 static int check_skip(struct xz_dec *s, struct xz_buf *b)
2314 {
2315 while (s->pos < check_sizes[s->check_type]) {
2316 if (b->in_pos == b->in_size) return 0;
2317
2318 ++b->in_pos;
2319 ++s->pos;
2320 }
2321
2322 s->pos = 0;
2323
2324 return 1;
2325 }
2326
2327 /* Decode the Stream Header field (the first 12 bytes of the .xz Stream). */
dec_stream_header(struct xz_dec * s)2328 static enum xz_ret dec_stream_header(struct xz_dec *s)
2329 {
2330 if (!memeq(s->temp.buf, HEADER_MAGIC, HEADER_MAGIC_SIZE))
2331 return XZ_FORMAT_ERROR;
2332
2333 if (xz_crc32(s->temp.buf + HEADER_MAGIC_SIZE, 2, 0)
2334 != get_unaligned_le32(s->temp.buf + HEADER_MAGIC_SIZE + 2))
2335 return XZ_DATA_ERROR;
2336
2337 if (s->temp.buf[HEADER_MAGIC_SIZE])
2338 return XZ_OPTIONS_ERROR;
2339
2340 /*
2341 * Of integrity checks, we support none (Check ID = 0),
2342 * CRC32 (Check ID = 1), and optionally CRC64 (Check ID = 4).
2343 * However, if XZ_DEC_ANY_CHECK is defined, we will accept other
2344 * check types too, but then the check won't be verified and
2345 * a warning (XZ_UNSUPPORTED_CHECK) will be given.
2346 */
2347 s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1];
2348
2349 if (s->check_type > XZ_CHECK_MAX)
2350 return XZ_OPTIONS_ERROR;
2351
2352 if (s->check_type > XZ_CHECK_CRC32 && s->check_type != XZ_CHECK_CRC64)
2353 return XZ_UNSUPPORTED_CHECK;
2354
2355 return XZ_OK;
2356 }
2357
2358 /* Decode the Stream Footer field (the last 12 bytes of the .xz Stream) */
dec_stream_footer(struct xz_dec * s)2359 static enum xz_ret dec_stream_footer(struct xz_dec *s)
2360 {
2361 if (!memeq(s->temp.buf + 10, FOOTER_MAGIC, FOOTER_MAGIC_SIZE))
2362 return XZ_DATA_ERROR;
2363
2364 if (xz_crc32(s->temp.buf + 4, 6, 0) != get_unaligned_le32(s->temp.buf))
2365 return XZ_DATA_ERROR;
2366
2367 /*
2368 * Validate Backward Size. Note that we never added the size of the
2369 * Index CRC32 field to s->index.size, thus we use s->index.size / 4
2370 * instead of s->index.size / 4 - 1.
2371 */
2372 if ((s->index.size >> 2) != get_unaligned_le32(s->temp.buf + 4))
2373 return XZ_DATA_ERROR;
2374
2375 if (s->temp.buf[8] || s->temp.buf[9] != s->check_type)
2376 return XZ_DATA_ERROR;
2377
2378 /*
2379 * Use XZ_STREAM_END instead of XZ_OK to be more convenient
2380 * for the caller.
2381 */
2382 return XZ_STREAM_END;
2383 }
2384
2385 /* Decode the Block Header and initialize the filter chain. */
dec_block_header(struct xz_dec * s)2386 static enum xz_ret dec_block_header(struct xz_dec *s)
2387 {
2388 enum xz_ret ret;
2389
2390 /*
2391 * Validate the CRC32. We know that the temp buffer is at least
2392 * eight bytes so this is safe.
2393 */
2394 s->temp.size -= 4;
2395 if (xz_crc32(s->temp.buf, s->temp.size, 0)
2396 != get_unaligned_le32(s->temp.buf + s->temp.size))
2397 return XZ_DATA_ERROR;
2398
2399 s->temp.pos = 2;
2400
2401 /*
2402 * Catch unsupported Block Flags. We support only one or two filters
2403 * in the chain, so we catch that with the same test.
2404 */
2405 if (s->temp.buf[1] & 0x3E)
2406 return XZ_OPTIONS_ERROR;
2407
2408 /* Compressed Size */
2409 if (s->temp.buf[1] & 0x40) {
2410 if (dec_vli(s, s->temp.buf, &s->temp.pos, s->temp.size)
2411 != XZ_STREAM_END)
2412 return XZ_DATA_ERROR;
2413
2414 s->block_header.compressed = s->vli;
2415 } else {
2416 s->block_header.compressed = VLI_UNKNOWN;
2417 }
2418
2419 /* Uncompressed Size */
2420 if (s->temp.buf[1] & 0x80) {
2421 if (dec_vli(s, s->temp.buf, &s->temp.pos, s->temp.size)
2422 != XZ_STREAM_END)
2423 return XZ_DATA_ERROR;
2424
2425 s->block_header.uncompressed = s->vli;
2426 } else {
2427 s->block_header.uncompressed = VLI_UNKNOWN;
2428 }
2429
2430 /* If there are two filters, the first one must be a BCJ filter. */
2431 s->bcj_active = s->temp.buf[1] & 0x01;
2432 if (s->bcj_active) {
2433 if (s->temp.size - s->temp.pos < 2)
2434 return XZ_OPTIONS_ERROR;
2435
2436 ret = xz_dec_bcj_reset(s->bcj, s->temp.buf[s->temp.pos++]);
2437 if (ret != XZ_OK)
2438 return ret;
2439
2440 /*
2441 * We don't support custom start offset,
2442 * so Size of Properties must be zero.
2443 */
2444 if (s->temp.buf[s->temp.pos++])
2445 return XZ_OPTIONS_ERROR;
2446 }
2447
2448 /* Valid Filter Flags always take at least two bytes. */
2449 if (s->temp.size - s->temp.pos < 2)
2450 return XZ_DATA_ERROR;
2451
2452 /* Filter ID = LZMA2 */
2453 if (s->temp.buf[s->temp.pos++] != 0x21)
2454 return XZ_OPTIONS_ERROR;
2455
2456 /* Size of Properties = 1-byte Filter Properties */
2457 if (s->temp.buf[s->temp.pos++] != 1)
2458 return XZ_OPTIONS_ERROR;
2459
2460 /* Filter Properties contains LZMA2 dictionary size. */
2461 if (s->temp.size - s->temp.pos < 1)
2462 return XZ_DATA_ERROR;
2463
2464 ret = xz_dec_lzma2_reset(s->lzma2, s->temp.buf[s->temp.pos++]);
2465 if (ret != XZ_OK)
2466 return ret;
2467
2468 /* The rest must be Header Padding. */
2469 while (s->temp.pos < s->temp.size)
2470 if (s->temp.buf[s->temp.pos++])
2471 return XZ_OPTIONS_ERROR;
2472
2473 s->temp.pos = 0;
2474 s->block.compressed = 0;
2475 s->block.uncompressed = 0;
2476
2477 return XZ_OK;
2478 }
2479
dec_main(struct xz_dec * s,struct xz_buf * b)2480 static enum xz_ret dec_main(struct xz_dec *s, struct xz_buf *b)
2481 {
2482 enum xz_ret ret;
2483
2484 /*
2485 * Store the start position for the case when we are in the middle
2486 * of the Index field.
2487 */
2488 s->in_start = b->in_pos;
2489
2490 for (;;) {
2491 switch (s->sequence) {
2492 case SEQ_STREAM_HEADER:
2493 /*
2494 * Stream Header is copied to s->temp, and then
2495 * decoded from there. This way if the caller
2496 * gives us only little input at a time, we can
2497 * still keep the Stream Header decoding code
2498 * simple. Similar approach is used in many places
2499 * in this file.
2500 */
2501 if (!fill_temp(s, b))
2502 return XZ_OK;
2503
2504 /*
2505 * If dec_stream_header() returns
2506 * XZ_UNSUPPORTED_CHECK, it is still possible
2507 * to continue decoding if working in multi-call
2508 * mode. Thus, update s->sequence before calling
2509 * dec_stream_header().
2510 */
2511 s->sequence = SEQ_BLOCK_START;
2512
2513 ret = dec_stream_header(s);
2514 if (ret != XZ_OK)
2515 return ret;
2516
2517 case SEQ_BLOCK_START:
2518 /* We need one byte of input to continue. */
2519 if (b->in_pos == b->in_size)
2520 return XZ_OK;
2521
2522 /* See if this is the beginning of the Index field. */
2523 if (!b->in[b->in_pos]) {
2524 s->in_start = b->in_pos++;
2525 s->sequence = SEQ_INDEX;
2526 break;
2527 }
2528
2529 /*
2530 * Calculate the size of the Block Header and
2531 * prepare to decode it.
2532 */
2533 s->block_header.size
2534 = ((unsigned)b->in[b->in_pos] + 1) * 4;
2535
2536 s->temp.size = s->block_header.size;
2537 s->temp.pos = 0;
2538 s->sequence = SEQ_BLOCK_HEADER;
2539
2540 case SEQ_BLOCK_HEADER:
2541 if (!fill_temp(s, b))
2542 return XZ_OK;
2543
2544 ret = dec_block_header(s);
2545 if (ret != XZ_OK)
2546 return ret;
2547
2548 s->sequence = SEQ_BLOCK_UNCOMPRESS;
2549
2550 case SEQ_BLOCK_UNCOMPRESS:
2551 ret = dec_block(s, b);
2552 if (ret != XZ_STREAM_END)
2553 return ret;
2554
2555 s->sequence = SEQ_BLOCK_PADDING;
2556
2557 case SEQ_BLOCK_PADDING:
2558 /*
2559 * Size of Compressed Data + Block Padding
2560 * must be a multiple of four. We don't need
2561 * s->block.compressed for anything else
2562 * anymore, so we use it here to test the size
2563 * of the Block Padding field.
2564 */
2565 while (s->block.compressed & 3) {
2566 if (b->in_pos == b->in_size)
2567 return XZ_OK;
2568
2569 if (b->in[b->in_pos++])
2570 return XZ_DATA_ERROR;
2571
2572 ++s->block.compressed;
2573 }
2574
2575 s->sequence = SEQ_BLOCK_CHECK;
2576
2577 case SEQ_BLOCK_CHECK:
2578 if (s->check_type == XZ_CHECK_CRC32) {
2579 ret = crc_validate(s, b, 32);
2580 if (ret != XZ_STREAM_END)
2581 return ret;
2582 }
2583 else if (s->check_type == XZ_CHECK_CRC64) {
2584 ret = crc_validate(s, b, 64);
2585 if (ret != XZ_STREAM_END)
2586 return ret;
2587 }
2588 else if (!check_skip(s, b)) {
2589 return XZ_OK;
2590 }
2591
2592 s->sequence = SEQ_BLOCK_START;
2593 break;
2594
2595 case SEQ_INDEX:
2596 ret = dec_index(s, b);
2597 if (ret != XZ_STREAM_END)
2598 return ret;
2599
2600 s->sequence = SEQ_INDEX_PADDING;
2601
2602 case SEQ_INDEX_PADDING:
2603 while ((s->index.size + (b->in_pos - s->in_start))
2604 & 3) {
2605 if (b->in_pos == b->in_size) {
2606 index_update(s, b);
2607 return XZ_OK;
2608 }
2609
2610 if (b->in[b->in_pos++])
2611 return XZ_DATA_ERROR;
2612 }
2613
2614 /* Finish the CRC32 value and Index size. */
2615 index_update(s, b);
2616
2617 /* Compare the hashes to validate the Index field. */
2618 if (!memeq(&s->block.hash, &s->index.hash,
2619 sizeof(s->block.hash)))
2620 return XZ_DATA_ERROR;
2621
2622 s->sequence = SEQ_INDEX_CRC32;
2623
2624 case SEQ_INDEX_CRC32:
2625 ret = crc_validate(s, b, 32);
2626 if (ret != XZ_STREAM_END)
2627 return ret;
2628
2629 s->temp.size = STREAM_HEADER_SIZE;
2630 s->sequence = SEQ_STREAM_FOOTER;
2631
2632 case SEQ_STREAM_FOOTER:
2633 if (!fill_temp(s, b))
2634 return XZ_OK;
2635
2636 return dec_stream_footer(s);
2637 }
2638 }
2639
2640 /* Never reached */
2641 }
2642
2643 /*
2644 * xz_dec_run() - Run the XZ decoder
2645 * @s: Decoder state allocated using xz_dec_init()
2646 * @b: Input and output buffers
2647 *
2648 * The possible return values depend on build options and operation mode.
2649 * See enum xz_ret for details.
2650 *
2651 * Note that if an error occurs in single-call mode (return value is not
2652 * XZ_STREAM_END), b->in_pos and b->out_pos are not modified and the
2653 * contents of the output buffer from b->out[b->out_pos] onward are
2654 * undefined. This is true even after XZ_BUF_ERROR, because with some filter
2655 * chains, there may be a second pass over the output buffer, and this pass
2656 * cannot be properly done if the output buffer is truncated. Thus, you
2657 * cannot give the single-call decoder a too small buffer and then expect to
2658 * get that amount valid data from the beginning of the stream. You must use
2659 * the multi-call decoder if you don't want to uncompress the whole stream.
2660 *
2661 * xz_dec_run() is a wrapper for dec_main() to handle some special cases in
2662 * multi-call and single-call decoding.
2663 *
2664 * In multi-call mode, we must return XZ_BUF_ERROR when it seems clear that we
2665 * are not going to make any progress anymore. This is to prevent the caller
2666 * from calling us infinitely when the input file is truncated or otherwise
2667 * corrupt. Since zlib-style API allows that the caller fills the input buffer
2668 * only when the decoder doesn't produce any new output, we have to be careful
2669 * to avoid returning XZ_BUF_ERROR too easily: XZ_BUF_ERROR is returned only
2670 * after the second consecutive call to xz_dec_run() that makes no progress.
2671 *
2672 * In single-call mode, if we couldn't decode everything and no error
2673 * occurred, either the input is truncated or the output buffer is too small.
2674 * Since we know that the last input byte never produces any output, we know
2675 * that if all the input was consumed and decoding wasn't finished, the file
2676 * must be corrupt. Otherwise the output buffer has to be too small or the
2677 * file is corrupt in a way that decoding it produces too big output.
2678 *
2679 * If single-call decoding fails, we reset b->in_pos and b->out_pos back to
2680 * their original values. This is because with some filter chains there won't
2681 * be any valid uncompressed data in the output buffer unless the decoding
2682 * actually succeeds (that's the price to pay of using the output buffer as
2683 * the workspace).
2684 */
xz_dec_run(struct xz_dec * s,struct xz_buf * b)2685 enum xz_ret xz_dec_run(struct xz_dec *s, struct xz_buf *b)
2686 {
2687 size_t in_start;
2688 size_t out_start;
2689 enum xz_ret ret;
2690
2691 in_start = b->in_pos;
2692 out_start = b->out_pos;
2693 ret = dec_main(s, b);
2694
2695 if (ret == XZ_OK && in_start == b->in_pos && out_start == b->out_pos) {
2696 if (s->allow_buf_error)
2697 ret = XZ_BUF_ERROR;
2698
2699 s->allow_buf_error = 1;
2700 } else {
2701 s->allow_buf_error = 0;
2702 }
2703
2704 return ret;
2705 }
2706
2707 /**
2708 * xz_dec_reset() - Reset an already allocated decoder state
2709 * @s: Decoder state allocated using xz_dec_init()
2710 *
2711 * This function can be used to reset the multi-call decoder state without
2712 * freeing and reallocating memory with xz_dec_end() and xz_dec_init().
2713 *
2714 * In single-call mode, xz_dec_reset() is always called in the beginning of
2715 * xz_dec_run(). Thus, explicit call to xz_dec_reset() is useful only in
2716 * multi-call mode.
2717 */
xz_dec_reset(struct xz_dec * s)2718 void xz_dec_reset(struct xz_dec *s)
2719 {
2720 s->sequence = SEQ_STREAM_HEADER;
2721 s->allow_buf_error = 0;
2722 s->pos = 0;
2723 s->crc = 0;
2724 memset(&s->block, 0, sizeof(s->block));
2725 memset(&s->index, 0, sizeof(s->index));
2726 s->temp.pos = 0;
2727 s->temp.size = STREAM_HEADER_SIZE;
2728 }
2729
2730 /**
2731 * Allocate and initialize a XZ decoder state
2732 * @mode: Operation mode
2733 * @dict_max: Maximum size of the LZMA2 dictionary (history buffer) for
2734 * multi-call decoding. LZMA2 dictionary is always 2^n bytes
2735 * or 2^n + 2^(n-1) bytes (the latter sizes are less common
2736 * in practice), so other values for dict_max don't make sense.
2737 * In the kernel, dictionary sizes of 64 KiB, 128 KiB, 256 KiB,
2738 * 512 KiB, and 1 MiB are probably the only reasonable values,
2739 * except for kernel and initramfs images where a bigger
2740 * dictionary can be fine and useful.
2741 *
2742 * dict_max specifies the maximum allowed dictionary size that xz_dec_run()
2743 * may allocate once it has parsed the dictionary size from the stream
2744 * headers. This way excessive allocations can be avoided while still
2745 * limiting the maximum memory usage to a sane value to prevent running the
2746 * system out of memory when decompressing streams from untrusted sources.
2747 *
2748 * returns NULL on failure.
2749 */
xz_dec_init(unsigned dict_max)2750 struct xz_dec *xz_dec_init(unsigned dict_max)
2751 {
2752 struct xz_dec *s = malloc(sizeof(*s));
2753 if (!s)
2754 return NULL;
2755
2756 s->bcj = malloc(sizeof(*s->bcj));
2757 if (!s->bcj)
2758 goto error_bcj;
2759
2760 s->lzma2 = xz_dec_lzma2_create(dict_max);
2761 if (!s->lzma2)
2762 goto error_lzma2;
2763
2764 xz_dec_reset(s);
2765 return s;
2766
2767 error_lzma2:
2768 free(s->bcj);
2769 error_bcj:
2770 free(s);
2771 return NULL;
2772 }
2773
2774 /**
2775 * xz_dec_end() - Free the memory allocated for the decoder state
2776 * @s: Decoder state allocated using xz_dec_init(). If s is NULL,
2777 * this function does nothing.
2778 */
xz_dec_end(struct xz_dec * s)2779 void xz_dec_end(struct xz_dec *s)
2780 {
2781 if (s) {
2782 free((s->lzma2)->dict.buf);
2783 free(s->lzma2);
2784
2785 free(s->bcj);
2786 free(s);
2787 }
2788 }
2789
2790 static char in[BUFSIZ];
2791 static char out[BUFSIZ];
2792
do_xzcat(int fd,char * name)2793 void do_xzcat(int fd, char *name)
2794 {
2795 struct xz_buf b;
2796 struct xz_dec *s;
2797 enum xz_ret ret;
2798 const char *msg;
2799
2800 crc_init(xz_crc32_table, 1);
2801 const uint64_t poly = 0xC96C5795D7870F42ULL;
2802 unsigned i;
2803 unsigned j;
2804 uint64_t r;
2805
2806 char *errors[] = {
2807 "Memory allocation failed",
2808 "Memory usage limit reached",
2809 "Not a .xz file",
2810 "Unsupported options in the .xz headers",
2811 // 2 things in the enum xz_ret use this
2812 "File is corrupt",
2813 "File is corrupt",
2814 };
2815
2816 /* initialize CRC64 table*/
2817 for (i = 0; i < 256; ++i) {
2818 r = i;
2819 for (j = 0; j < 8; ++j)
2820 r = (r >> 1) ^ (poly & ~((r & 1) - 1));
2821
2822 xz_crc64_table[i] = r;
2823 }
2824
2825 /*
2826 * Support up to 64 MiB dictionary. The actually needed memory
2827 * is allocated once the headers have been parsed.
2828 */
2829 s = xz_dec_init(1 << 26);
2830 if (!s) {
2831 msg = "Memory allocation failed\n";
2832 goto error;
2833 }
2834
2835 b.in = in;
2836 b.in_pos = 0;
2837 b.in_size = 0;
2838 b.out = out;
2839 b.out_pos = 0;
2840 b.out_size = BUFSIZ;
2841
2842 for (;;) {
2843 if (b.in_pos == b.in_size) {
2844 b.in_size = read(fd, in, sizeof(in));
2845 b.in_pos = 0;
2846 }
2847
2848 ret = xz_dec_run(s, &b);
2849
2850 if (b.out_pos == sizeof(out)) {
2851 if (fwrite(out, 1, b.out_pos, stdout) != b.out_pos) {
2852 msg = "Write error\n";
2853 goto error;
2854 }
2855
2856 b.out_pos = 0;
2857 }
2858
2859 if (ret == XZ_OK || ret == XZ_UNSUPPORTED_CHECK)
2860 continue;
2861
2862 if (fwrite(out, 1, b.out_pos, stdout) != b.out_pos) {
2863 msg = "Write error\n";
2864 goto error;
2865 }
2866
2867 if (ret == XZ_STREAM_END) {
2868 xz_dec_end(s);
2869 return;
2870 }
2871
2872 msg = (ret-3 < ARRAY_LEN(errors)) ? errors[ret-3] : "Bug!";
2873 goto error;
2874 }
2875
2876 error:
2877 xz_dec_end(s);
2878 error_exit("%s", msg);
2879 }
2880
xzcat_main(void)2881 void xzcat_main(void)
2882 {
2883 loopfiles(toys.optargs, do_xzcat);
2884 }
2885