1 ///////////////////////////////////////////////////////////////////////////////
2 //
3 /// \file lzip_decoder.c
4 /// \brief Decodes .lz (lzip) files
5 //
6 // Author: Michał Górny
7 // Lasse Collin
8 //
9 // This file has been put into the public domain.
10 // You can do whatever you want with this file.
11 //
12 ///////////////////////////////////////////////////////////////////////////////
13
14 #include "lzip_decoder.h"
15 #include "lzma_decoder.h"
16 #include "check.h"
17
18
19 // .lz format version 0 lacks the 64-bit Member size field in the footer.
20 #define LZIP_V0_FOOTER_SIZE 12
21 #define LZIP_V1_FOOTER_SIZE 20
22 #define LZIP_FOOTER_SIZE_MAX LZIP_V1_FOOTER_SIZE
23
24 // lc/lp/pb are hardcoded in the .lz format.
25 #define LZIP_LC 3
26 #define LZIP_LP 0
27 #define LZIP_PB 2
28
29
30 typedef struct {
31 enum {
32 SEQ_ID_STRING,
33 SEQ_VERSION,
34 SEQ_DICT_SIZE,
35 SEQ_CODER_INIT,
36 SEQ_LZMA_STREAM,
37 SEQ_MEMBER_FOOTER,
38 } sequence;
39
40 /// .lz member format version
41 uint32_t version;
42
43 /// CRC32 of the uncompressed data in the .lz member
44 uint32_t crc32;
45
46 /// Uncompressed size of the .lz member
47 uint64_t uncompressed_size;
48
49 /// Compressed size of the .lz member
50 uint64_t member_size;
51
52 /// Memory usage limit
53 uint64_t memlimit;
54
55 /// Amount of memory actually needed
56 uint64_t memusage;
57
58 /// If true, LZMA_GET_CHECK is returned after decoding the header
59 /// fields. As all files use CRC32 this is redundant but it's
60 /// implemented anyway since the initialization functions supports
61 /// all other flags in addition to LZMA_TELL_ANY_CHECK.
62 bool tell_any_check;
63
64 /// If true, we won't calculate or verify the CRC32 of
65 /// the uncompressed data.
66 bool ignore_check;
67
68 /// If true, we will decode concatenated .lz members and stop if
69 /// non-.lz data is seen after at least one member has been
70 /// successfully decoded.
71 bool concatenated;
72
73 /// When decoding concatenated .lz members, this is true as long as
74 /// we are decoding the first .lz member. This is needed to avoid
75 /// incorrect LZMA_FORMAT_ERROR in case there is non-.lz data at
76 /// the end of the file.
77 bool first_member;
78
79 /// Reading position in the header and footer fields
80 size_t pos;
81
82 /// Buffer to hold the .lz footer fields
83 uint8_t buffer[LZIP_FOOTER_SIZE_MAX];
84
85 /// Options decoded from the .lz header that needed to initialize
86 /// the LZMA1 decoder.
87 lzma_options_lzma options;
88
89 /// LZMA1 decoder
90 lzma_next_coder lzma_decoder;
91
92 } lzma_lzip_coder;
93
94
95 static lzma_ret
96 lzip_decode(void *coder_ptr, const lzma_allocator *allocator,
97 const uint8_t *restrict in, size_t *restrict in_pos,
98 size_t in_size, uint8_t *restrict out,
99 size_t *restrict out_pos, size_t out_size, lzma_action action)
100 {
101 lzma_lzip_coder *coder = coder_ptr;
102
103 while (true)
104 switch (coder->sequence) {
105 case SEQ_ID_STRING: {
106 // The "ID string" or magic bytes are "LZIP" in US-ASCII.
107 const uint8_t lzip_id_string[4] = { 0x4C, 0x5A, 0x49, 0x50 };
108
109 while (coder->pos < sizeof(lzip_id_string)) {
110 if (*in_pos >= in_size) {
111 // If we are on the 2nd+ concatenated member
112 // and the input ends before we can read
113 // the magic bytes, we discard the bytes that
114 // were already read (up to 3) and finish.
115 // See the reasoning below.
116 return !coder->first_member
117 && action == LZMA_FINISH
118 ? LZMA_STREAM_END : LZMA_OK;
119 }
120
121 if (in[*in_pos] != lzip_id_string[coder->pos]) {
122 // The .lz format allows putting non-.lz data
123 // at the end of the file. If we have seen
124 // at least one valid .lz member already,
125 // then we won't consume the byte at *in_pos
126 // and will return LZMA_STREAM_END. This way
127 // apps can easily locate and read the non-.lz
128 // data after the .lz member(s).
129 //
130 // NOTE: If the first 1-3 bytes of the non-.lz
131 // data match the .lz ID string then the first
132 // 1-3 bytes of the junk will get ignored by
133 // us. If apps want to properly locate the
134 // trailing data they must ensure that the
135 // first byte of their custom data isn't the
136 // same as the first byte of .lz ID string.
137 // With the liblzma API we cannot rewind the
138 // input position across calls to lzma_code().
139 return !coder->first_member
140 ? LZMA_STREAM_END : LZMA_FORMAT_ERROR;
141 }
142
143 ++*in_pos;
144 ++coder->pos;
145 }
146
147 coder->pos = 0;
148
149 coder->crc32 = 0;
150 coder->uncompressed_size = 0;
151 coder->member_size = sizeof(lzip_id_string);
152
153 coder->sequence = SEQ_VERSION;
154 }
155
156 // Fall through
157
158 case SEQ_VERSION:
159 if (*in_pos >= in_size)
160 return LZMA_OK;
161
162 coder->version = in[(*in_pos)++];
163
164 // We support version 0 and unextended version 1.
165 if (coder->version > 1)
166 return LZMA_OPTIONS_ERROR;
167
168 ++coder->member_size;
169 coder->sequence = SEQ_DICT_SIZE;
170
171 // .lz versions 0 and 1 use CRC32 as the integrity check
172 // so if the application wanted to know that
173 // (LZMA_TELL_ANY_CHECK) we can tell it now.
174 if (coder->tell_any_check)
175 return LZMA_GET_CHECK;
176
177 // Fall through
178
179 case SEQ_DICT_SIZE: {
180 if (*in_pos >= in_size)
181 return LZMA_OK;
182
183 const uint32_t ds = in[(*in_pos)++];
184 ++coder->member_size;
185
186 // The five lowest bits are for the base-2 logarithm of
187 // the dictionary size and the highest three bits are
188 // the fractional part (0/16 to 7/16) that will be
189 // subtracted to get the final value.
190 //
191 // For example, with 0xB5:
192 // b2log = 21
193 // fracnum = 5
194 // dict_size = 2^21 - 2^21 * 5 / 16 = 1408 KiB
195 const uint32_t b2log = ds & 0x1F;
196 const uint32_t fracnum = ds >> 5;
197
198 // The format versions 0 and 1 allow dictionary size in the
199 // range [4 KiB, 512 MiB].
200 if (b2log < 12 || b2log > 29 || (b2log == 12 && fracnum > 0))
201 return LZMA_DATA_ERROR;
202
203 // 2^[b2log] - 2^[b2log] * [fracnum] / 16
204 // = 2^[b2log] - [fracnum] * 2^([b2log] - 4)
205 coder->options.dict_size = (UINT32_C(1) << b2log)
206 - (fracnum << (b2log - 4));
207
208 assert(coder->options.dict_size >= 4096);
209 assert(coder->options.dict_size <= (UINT32_C(512) << 20));
210
211 coder->options.preset_dict = NULL;
212 coder->options.lc = LZIP_LC;
213 coder->options.lp = LZIP_LP;
214 coder->options.pb = LZIP_PB;
215
216 // Calculate the memory usage.
217 coder->memusage = lzma_lzma_decoder_memusage(&coder->options)
218 + LZMA_MEMUSAGE_BASE;
219
220 // Initialization is a separate step because if we return
221 // LZMA_MEMLIMIT_ERROR we need to be able to restart after
222 // the memlimit has been increased.
223 coder->sequence = SEQ_CODER_INIT;
224 }
225
226 // Fall through
227
228 case SEQ_CODER_INIT: {
229 if (coder->memusage > coder->memlimit)
230 return LZMA_MEMLIMIT_ERROR;
231
232 const lzma_filter_info filters[2] = {
233 {
234 .id = LZMA_FILTER_LZMA1,
235 .init = &lzma_lzma_decoder_init,
236 .options = &coder->options,
237 }, {
238 .init = NULL,
239 }
240 };
241
242 return_if_error(lzma_next_filter_init(&coder->lzma_decoder,
243 allocator, filters));
244
245 coder->crc32 = 0;
246 coder->sequence = SEQ_LZMA_STREAM;
247 }
248
249 // Fall through
250
251 case SEQ_LZMA_STREAM: {
252 const size_t in_start = *in_pos;
253 const size_t out_start = *out_pos;
254
255 const lzma_ret ret = coder->lzma_decoder.code(
256 coder->lzma_decoder.coder, allocator,
257 in, in_pos, in_size, out, out_pos, out_size,
258 action);
259
260 const size_t out_used = *out_pos - out_start;
261
262 coder->member_size += *in_pos - in_start;
263 coder->uncompressed_size += out_used;
264
265 // Don't update the CRC32 if the integrity check will be
266 // ignored or if there was no new output. The latter is
267 // important in case out == NULL to avoid null pointer + 0
268 // which is undefined behavior.
269 if (!coder->ignore_check && out_used > 0)
270 coder->crc32 = lzma_crc32(out + out_start, out_used,
271 coder->crc32);
272
273 if (ret != LZMA_STREAM_END)
274 return ret;
275
276 coder->sequence = SEQ_MEMBER_FOOTER;
277 }
278
279 // Fall through
280
281 case SEQ_MEMBER_FOOTER: {
282 // The footer of .lz version 0 lacks the Member size field.
283 // This is the only difference between version 0 and
284 // unextended version 1 formats.
285 const size_t footer_size = coder->version == 0
286 ? LZIP_V0_FOOTER_SIZE
287 : LZIP_V1_FOOTER_SIZE;
288
289 // Copy the CRC32, Data size, and Member size fields to
290 // the internal buffer.
291 lzma_bufcpy(in, in_pos, in_size, coder->buffer, &coder->pos,
292 footer_size);
293
294 // Return if we didn't get the whole footer yet.
295 if (coder->pos < footer_size)
296 return LZMA_OK;
297
298 coder->pos = 0;
299 coder->member_size += footer_size;
300
301 // Check that the footer fields match the observed data.
302 if (!coder->ignore_check
303 && coder->crc32 != read32le(&coder->buffer[0]))
304 return LZMA_DATA_ERROR;
305
306 if (coder->uncompressed_size != read64le(&coder->buffer[4]))
307 return LZMA_DATA_ERROR;
308
309 if (coder->version > 0) {
310 // .lz version 0 has no Member size field.
311 if (coder->member_size != read64le(&coder->buffer[12]))
312 return LZMA_DATA_ERROR;
313 }
314
315 // Decoding is finished if we weren't requested to decode
316 // more than one .lz member.
317 if (!coder->concatenated)
318 return LZMA_STREAM_END;
319
320 coder->first_member = false;
321 coder->sequence = SEQ_ID_STRING;
322 break;
323 }
324
325 default:
326 assert(0);
327 return LZMA_PROG_ERROR;
328 }
329
330 // Never reached
331 }
332
333
334 static void
335 lzip_decoder_end(void *coder_ptr, const lzma_allocator *allocator)
336 {
337 lzma_lzip_coder *coder = coder_ptr;
338 lzma_next_end(&coder->lzma_decoder, allocator);
339 lzma_free(coder, allocator);
340 return;
341 }
342
343
344 static lzma_check
345 lzip_decoder_get_check(const void *coder_ptr lzma_attribute((__unused__)))
346 {
347 return LZMA_CHECK_CRC32;
348 }
349
350
351 static lzma_ret
352 lzip_decoder_memconfig(void *coder_ptr, uint64_t *memusage,
353 uint64_t *old_memlimit, uint64_t new_memlimit)
354 {
355 lzma_lzip_coder *coder = coder_ptr;
356
357 *memusage = coder->memusage;
358 *old_memlimit = coder->memlimit;
359
360 if (new_memlimit != 0) {
361 if (new_memlimit < coder->memusage)
362 return LZMA_MEMLIMIT_ERROR;
363
364 coder->memlimit = new_memlimit;
365 }
366
367 return LZMA_OK;
368 }
369
370
371 extern lzma_ret
372 lzma_lzip_decoder_init(
373 lzma_next_coder *next, const lzma_allocator *allocator,
374 uint64_t memlimit, uint32_t flags)
375 {
376 lzma_next_coder_init(&lzma_lzip_decoder_init, next, allocator);
377
378 if (flags & ~LZMA_SUPPORTED_FLAGS)
379 return LZMA_OPTIONS_ERROR;
380
381 lzma_lzip_coder *coder = next->coder;
382 if (coder == NULL) {
383 coder = lzma_alloc(sizeof(lzma_lzip_coder), allocator);
384 if (coder == NULL)
385 return LZMA_MEM_ERROR;
386
387 next->coder = coder;
388 next->code = &lzip_decode;
389 next->end = &lzip_decoder_end;
390 next->get_check = &lzip_decoder_get_check;
391 next->memconfig = &lzip_decoder_memconfig;
392
393 coder->lzma_decoder = LZMA_NEXT_CODER_INIT;
394 }
395
396 coder->sequence = SEQ_ID_STRING;
397 coder->memlimit = my_max(1, memlimit);
398 coder->memusage = LZMA_MEMUSAGE_BASE;
399 coder->tell_any_check = (flags & LZMA_TELL_ANY_CHECK) != 0;
400 coder->ignore_check = (flags & LZMA_IGNORE_CHECK) != 0;
401 coder->concatenated = (flags & LZMA_CONCATENATED) != 0;
402 coder->first_member = true;
403 coder->pos = 0;
404
405 return LZMA_OK;
406 }
407
408
409 extern LZMA_API(lzma_ret)
410 lzma_lzip_decoder(lzma_stream *strm, uint64_t memlimit, uint32_t flags)
411 {
412 lzma_next_strm_init(lzma_lzip_decoder_init, strm, memlimit, flags);
413
414 strm->internal->supported_actions[LZMA_RUN] = true;
415 strm->internal->supported_actions[LZMA_FINISH] = true;
416
417 return LZMA_OK;
418 }