xz_dec_stream.c 19 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836
  1. // SPDX-License-Identifier: 0BSD
  2. /*
  3. * .xz Stream decoder
  4. *
  5. * Author: Lasse Collin <lasse.collin@tukaani.org>
  6. */
  7. #include "xz_private.h"
  8. #include "xz_stream.h"
  9. /* Hash used to validate the Index field */
  10. struct xz_dec_hash {
  11. vli_type unpadded;
  12. vli_type uncompressed;
  13. uint32_t crc32;
  14. };
  15. struct xz_dec {
  16. /* Position in dec_main() */
  17. enum {
  18. SEQ_STREAM_HEADER,
  19. SEQ_BLOCK_START,
  20. SEQ_BLOCK_HEADER,
  21. SEQ_BLOCK_UNCOMPRESS,
  22. SEQ_BLOCK_PADDING,
  23. SEQ_BLOCK_CHECK,
  24. SEQ_INDEX,
  25. SEQ_INDEX_PADDING,
  26. SEQ_INDEX_CRC32,
  27. SEQ_STREAM_FOOTER
  28. } sequence;
  29. /* Position in variable-length integers and Check fields */
  30. uint32_t pos;
  31. /* Variable-length integer decoded by dec_vli() */
  32. vli_type vli;
  33. /* Saved in_pos and out_pos */
  34. size_t in_start;
  35. size_t out_start;
  36. /* CRC32 value in Block or Index */
  37. uint32_t crc32;
  38. /* Type of the integrity check calculated from uncompressed data */
  39. enum xz_check check_type;
  40. /* Operation mode */
  41. enum xz_mode mode;
  42. /*
  43. * True if the next call to xz_dec_run() is allowed to return
  44. * XZ_BUF_ERROR.
  45. */
  46. bool allow_buf_error;
  47. /* Information stored in Block Header */
  48. struct {
  49. /*
  50. * Value stored in the Compressed Size field, or
  51. * VLI_UNKNOWN if Compressed Size is not present.
  52. */
  53. vli_type compressed;
  54. /*
  55. * Value stored in the Uncompressed Size field, or
  56. * VLI_UNKNOWN if Uncompressed Size is not present.
  57. */
  58. vli_type uncompressed;
  59. /* Size of the Block Header field */
  60. uint32_t size;
  61. } block_header;
  62. /* Information collected when decoding Blocks */
  63. struct {
  64. /* Observed compressed size of the current Block */
  65. vli_type compressed;
  66. /* Observed uncompressed size of the current Block */
  67. vli_type uncompressed;
  68. /* Number of Blocks decoded so far */
  69. vli_type count;
  70. /*
  71. * Hash calculated from the Block sizes. This is used to
  72. * validate the Index field.
  73. */
  74. struct xz_dec_hash hash;
  75. } block;
  76. /* Variables needed when verifying the Index field */
  77. struct {
  78. /* Position in dec_index() */
  79. enum {
  80. SEQ_INDEX_COUNT,
  81. SEQ_INDEX_UNPADDED,
  82. SEQ_INDEX_UNCOMPRESSED
  83. } sequence;
  84. /* Size of the Index in bytes */
  85. vli_type size;
  86. /* Number of Records (matches block.count in valid files) */
  87. vli_type count;
  88. /*
  89. * Hash calculated from the Records (matches block.hash in
  90. * valid files).
  91. */
  92. struct xz_dec_hash hash;
  93. } index;
  94. /*
  95. * Temporary buffer needed to hold Stream Header, Block Header,
  96. * and Stream Footer. The Block Header is the biggest (1 KiB)
  97. * so we reserve space according to that. buf[] has to be aligned
  98. * to a multiple of four bytes; the size_t variables before it
  99. * should guarantee this.
  100. */
  101. struct {
  102. size_t pos;
  103. size_t size;
  104. uint8_t buf[1024];
  105. } temp;
  106. struct xz_dec_lzma2 *lzma2;
  107. #ifdef XZ_DEC_BCJ
  108. struct xz_dec_bcj *bcj;
  109. bool bcj_active;
  110. #endif
  111. };
  112. #ifdef XZ_DEC_ANY_CHECK
  113. /* Sizes of the Check field with different Check IDs */
  114. static const uint8_t check_sizes[16] = {
  115. 0,
  116. 4, 4, 4,
  117. 8, 8, 8,
  118. 16, 16, 16,
  119. 32, 32, 32,
  120. 64, 64, 64
  121. };
  122. #endif
  123. /*
  124. * Fill s->temp by copying data starting from b->in[b->in_pos]. Caller
  125. * must have set s->temp.pos to indicate how much data we are supposed
  126. * to copy into s->temp.buf. Return true once s->temp.pos has reached
  127. * s->temp.size.
  128. */
  129. static bool fill_temp(struct xz_dec *s, struct xz_buf *b)
  130. {
  131. size_t copy_size = min_t(size_t,
  132. b->in_size - b->in_pos, s->temp.size - s->temp.pos);
  133. memcpy(s->temp.buf + s->temp.pos, b->in + b->in_pos, copy_size);
  134. b->in_pos += copy_size;
  135. s->temp.pos += copy_size;
  136. if (s->temp.pos == s->temp.size) {
  137. s->temp.pos = 0;
  138. return true;
  139. }
  140. return false;
  141. }
  142. /* Decode a variable-length integer (little-endian base-128 encoding) */
  143. static enum xz_ret dec_vli(struct xz_dec *s, const uint8_t *in,
  144. size_t *in_pos, size_t in_size)
  145. {
  146. uint8_t byte;
  147. if (s->pos == 0)
  148. s->vli = 0;
  149. while (*in_pos < in_size) {
  150. byte = in[*in_pos];
  151. ++*in_pos;
  152. s->vli |= (vli_type)(byte & 0x7F) << s->pos;
  153. if ((byte & 0x80) == 0) {
  154. /* Don't allow non-minimal encodings. */
  155. if (byte == 0 && s->pos != 0)
  156. return XZ_DATA_ERROR;
  157. s->pos = 0;
  158. return XZ_STREAM_END;
  159. }
  160. s->pos += 7;
  161. if (s->pos == 7 * VLI_BYTES_MAX)
  162. return XZ_DATA_ERROR;
  163. }
  164. return XZ_OK;
  165. }
  166. /*
  167. * Decode the Compressed Data field from a Block. Update and validate
  168. * the observed compressed and uncompressed sizes of the Block so that
  169. * they don't exceed the values possibly stored in the Block Header
  170. * (validation assumes that no integer overflow occurs, since vli_type
  171. * is normally uint64_t). Update the CRC32 if presence of the CRC32
  172. * field was indicated in Stream Header.
  173. *
  174. * Once the decoding is finished, validate that the observed sizes match
  175. * the sizes possibly stored in the Block Header. Update the hash and
  176. * Block count, which are later used to validate the Index field.
  177. */
  178. static enum xz_ret dec_block(struct xz_dec *s, struct xz_buf *b)
  179. {
  180. enum xz_ret ret;
  181. s->in_start = b->in_pos;
  182. s->out_start = b->out_pos;
  183. #ifdef XZ_DEC_BCJ
  184. if (s->bcj_active)
  185. ret = xz_dec_bcj_run(s->bcj, s->lzma2, b);
  186. else
  187. #endif
  188. ret = xz_dec_lzma2_run(s->lzma2, b);
  189. s->block.compressed += b->in_pos - s->in_start;
  190. s->block.uncompressed += b->out_pos - s->out_start;
  191. /*
  192. * There is no need to separately check for VLI_UNKNOWN, since
  193. * the observed sizes are always smaller than VLI_UNKNOWN.
  194. */
  195. if (s->block.compressed > s->block_header.compressed
  196. || s->block.uncompressed
  197. > s->block_header.uncompressed)
  198. return XZ_DATA_ERROR;
  199. if (s->check_type == XZ_CHECK_CRC32)
  200. s->crc32 = xz_crc32(b->out + s->out_start,
  201. b->out_pos - s->out_start, s->crc32);
  202. if (ret == XZ_STREAM_END) {
  203. if (s->block_header.compressed != VLI_UNKNOWN
  204. && s->block_header.compressed
  205. != s->block.compressed)
  206. return XZ_DATA_ERROR;
  207. if (s->block_header.uncompressed != VLI_UNKNOWN
  208. && s->block_header.uncompressed
  209. != s->block.uncompressed)
  210. return XZ_DATA_ERROR;
  211. s->block.hash.unpadded += s->block_header.size
  212. + s->block.compressed;
  213. #ifdef XZ_DEC_ANY_CHECK
  214. s->block.hash.unpadded += check_sizes[s->check_type];
  215. #else
  216. if (s->check_type == XZ_CHECK_CRC32)
  217. s->block.hash.unpadded += 4;
  218. #endif
  219. s->block.hash.uncompressed += s->block.uncompressed;
  220. s->block.hash.crc32 = xz_crc32(
  221. (const uint8_t *)&s->block.hash,
  222. sizeof(s->block.hash), s->block.hash.crc32);
  223. ++s->block.count;
  224. }
  225. return ret;
  226. }
  227. /* Update the Index size and the CRC32 value. */
  228. static void index_update(struct xz_dec *s, const struct xz_buf *b)
  229. {
  230. size_t in_used = b->in_pos - s->in_start;
  231. s->index.size += in_used;
  232. s->crc32 = xz_crc32(b->in + s->in_start, in_used, s->crc32);
  233. }
  234. /*
  235. * Decode the Number of Records, Unpadded Size, and Uncompressed Size
  236. * fields from the Index field. That is, Index Padding and CRC32 are not
  237. * decoded by this function.
  238. *
  239. * This can return XZ_OK (more input needed), XZ_STREAM_END (everything
  240. * successfully decoded), or XZ_DATA_ERROR (input is corrupt).
  241. */
  242. static enum xz_ret dec_index(struct xz_dec *s, struct xz_buf *b)
  243. {
  244. enum xz_ret ret;
  245. do {
  246. ret = dec_vli(s, b->in, &b->in_pos, b->in_size);
  247. if (ret != XZ_STREAM_END) {
  248. index_update(s, b);
  249. return ret;
  250. }
  251. switch (s->index.sequence) {
  252. case SEQ_INDEX_COUNT:
  253. s->index.count = s->vli;
  254. /*
  255. * Validate that the Number of Records field
  256. * indicates the same number of Records as
  257. * there were Blocks in the Stream.
  258. */
  259. if (s->index.count != s->block.count)
  260. return XZ_DATA_ERROR;
  261. s->index.sequence = SEQ_INDEX_UNPADDED;
  262. break;
  263. case SEQ_INDEX_UNPADDED:
  264. s->index.hash.unpadded += s->vli;
  265. s->index.sequence = SEQ_INDEX_UNCOMPRESSED;
  266. break;
  267. case SEQ_INDEX_UNCOMPRESSED:
  268. s->index.hash.uncompressed += s->vli;
  269. s->index.hash.crc32 = xz_crc32(
  270. (const uint8_t *)&s->index.hash,
  271. sizeof(s->index.hash),
  272. s->index.hash.crc32);
  273. --s->index.count;
  274. s->index.sequence = SEQ_INDEX_UNPADDED;
  275. break;
  276. }
  277. } while (s->index.count > 0);
  278. return XZ_STREAM_END;
  279. }
  280. /*
  281. * Validate that the next four input bytes match the value of s->crc32.
  282. * s->pos must be zero when starting to validate the first byte.
  283. */
  284. static enum xz_ret crc32_validate(struct xz_dec *s, struct xz_buf *b)
  285. {
  286. do {
  287. if (b->in_pos == b->in_size)
  288. return XZ_OK;
  289. if (((s->crc32 >> s->pos) & 0xFF) != b->in[b->in_pos++])
  290. return XZ_DATA_ERROR;
  291. s->pos += 8;
  292. } while (s->pos < 32);
  293. s->crc32 = 0;
  294. s->pos = 0;
  295. return XZ_STREAM_END;
  296. }
  297. #ifdef XZ_DEC_ANY_CHECK
  298. /*
  299. * Skip over the Check field when the Check ID is not supported.
  300. * Returns true once the whole Check field has been skipped over.
  301. */
  302. static bool check_skip(struct xz_dec *s, struct xz_buf *b)
  303. {
  304. while (s->pos < check_sizes[s->check_type]) {
  305. if (b->in_pos == b->in_size)
  306. return false;
  307. ++b->in_pos;
  308. ++s->pos;
  309. }
  310. s->pos = 0;
  311. return true;
  312. }
  313. #endif
  314. /* Decode the Stream Header field (the first 12 bytes of the .xz Stream). */
  315. static enum xz_ret dec_stream_header(struct xz_dec *s)
  316. {
  317. if (!memeq(s->temp.buf, HEADER_MAGIC, HEADER_MAGIC_SIZE))
  318. return XZ_FORMAT_ERROR;
  319. if (xz_crc32(s->temp.buf + HEADER_MAGIC_SIZE, 2, 0)
  320. != get_le32(s->temp.buf + HEADER_MAGIC_SIZE + 2))
  321. return XZ_DATA_ERROR;
  322. if (s->temp.buf[HEADER_MAGIC_SIZE] != 0)
  323. return XZ_OPTIONS_ERROR;
  324. /*
  325. * Of integrity checks, we support only none (Check ID = 0) and
  326. * CRC32 (Check ID = 1). However, if XZ_DEC_ANY_CHECK is defined,
  327. * we will accept other check types too, but then the check won't
  328. * be verified and a warning (XZ_UNSUPPORTED_CHECK) will be given.
  329. */
  330. if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX)
  331. return XZ_OPTIONS_ERROR;
  332. s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1];
  333. #ifdef XZ_DEC_ANY_CHECK
  334. if (s->check_type > XZ_CHECK_CRC32)
  335. return XZ_UNSUPPORTED_CHECK;
  336. #else
  337. if (s->check_type > XZ_CHECK_CRC32)
  338. return XZ_OPTIONS_ERROR;
  339. #endif
  340. return XZ_OK;
  341. }
  342. /* Decode the Stream Footer field (the last 12 bytes of the .xz Stream) */
  343. static enum xz_ret dec_stream_footer(struct xz_dec *s)
  344. {
  345. if (!memeq(s->temp.buf + 10, FOOTER_MAGIC, FOOTER_MAGIC_SIZE))
  346. return XZ_DATA_ERROR;
  347. if (xz_crc32(s->temp.buf + 4, 6, 0) != get_le32(s->temp.buf))
  348. return XZ_DATA_ERROR;
  349. /*
  350. * Validate Backward Size. Note that we never added the size of the
  351. * Index CRC32 field to s->index.size, thus we use s->index.size / 4
  352. * instead of s->index.size / 4 - 1.
  353. */
  354. if ((s->index.size >> 2) != get_le32(s->temp.buf + 4))
  355. return XZ_DATA_ERROR;
  356. if (s->temp.buf[8] != 0 || s->temp.buf[9] != s->check_type)
  357. return XZ_DATA_ERROR;
  358. /*
  359. * Use XZ_STREAM_END instead of XZ_OK to be more convenient
  360. * for the caller.
  361. */
  362. return XZ_STREAM_END;
  363. }
  364. /* Decode the Block Header and initialize the filter chain. */
  365. static enum xz_ret dec_block_header(struct xz_dec *s)
  366. {
  367. enum xz_ret ret;
  368. /*
  369. * Validate the CRC32. We know that the temp buffer is at least
  370. * eight bytes so this is safe.
  371. */
  372. s->temp.size -= 4;
  373. if (xz_crc32(s->temp.buf, s->temp.size, 0)
  374. != get_le32(s->temp.buf + s->temp.size))
  375. return XZ_DATA_ERROR;
  376. s->temp.pos = 2;
  377. /*
  378. * Catch unsupported Block Flags. We support only one or two filters
  379. * in the chain, so we catch that with the same test.
  380. */
  381. #ifdef XZ_DEC_BCJ
  382. if (s->temp.buf[1] & 0x3E)
  383. #else
  384. if (s->temp.buf[1] & 0x3F)
  385. #endif
  386. return XZ_OPTIONS_ERROR;
  387. /* Compressed Size */
  388. if (s->temp.buf[1] & 0x40) {
  389. if (dec_vli(s, s->temp.buf, &s->temp.pos, s->temp.size)
  390. != XZ_STREAM_END)
  391. return XZ_DATA_ERROR;
  392. s->block_header.compressed = s->vli;
  393. } else {
  394. s->block_header.compressed = VLI_UNKNOWN;
  395. }
  396. /* Uncompressed Size */
  397. if (s->temp.buf[1] & 0x80) {
  398. if (dec_vli(s, s->temp.buf, &s->temp.pos, s->temp.size)
  399. != XZ_STREAM_END)
  400. return XZ_DATA_ERROR;
  401. s->block_header.uncompressed = s->vli;
  402. } else {
  403. s->block_header.uncompressed = VLI_UNKNOWN;
  404. }
  405. #ifdef XZ_DEC_BCJ
  406. /* If there are two filters, the first one must be a BCJ filter. */
  407. s->bcj_active = s->temp.buf[1] & 0x01;
  408. if (s->bcj_active) {
  409. if (s->temp.size - s->temp.pos < 2)
  410. return XZ_OPTIONS_ERROR;
  411. ret = xz_dec_bcj_reset(s->bcj, s->temp.buf[s->temp.pos++]);
  412. if (ret != XZ_OK)
  413. return ret;
  414. /*
  415. * We don't support custom start offset,
  416. * so Size of Properties must be zero.
  417. */
  418. if (s->temp.buf[s->temp.pos++] != 0x00)
  419. return XZ_OPTIONS_ERROR;
  420. }
  421. #endif
  422. /* Valid Filter Flags always take at least two bytes. */
  423. if (s->temp.size - s->temp.pos < 2)
  424. return XZ_DATA_ERROR;
  425. /* Filter ID = LZMA2 */
  426. if (s->temp.buf[s->temp.pos++] != 0x21)
  427. return XZ_OPTIONS_ERROR;
  428. /* Size of Properties = 1-byte Filter Properties */
  429. if (s->temp.buf[s->temp.pos++] != 0x01)
  430. return XZ_OPTIONS_ERROR;
  431. /* Filter Properties contains LZMA2 dictionary size. */
  432. if (s->temp.size - s->temp.pos < 1)
  433. return XZ_DATA_ERROR;
  434. ret = xz_dec_lzma2_reset(s->lzma2, s->temp.buf[s->temp.pos++]);
  435. if (ret != XZ_OK)
  436. return ret;
  437. /* The rest must be Header Padding. */
  438. while (s->temp.pos < s->temp.size)
  439. if (s->temp.buf[s->temp.pos++] != 0x00)
  440. return XZ_OPTIONS_ERROR;
  441. s->temp.pos = 0;
  442. s->block.compressed = 0;
  443. s->block.uncompressed = 0;
  444. return XZ_OK;
  445. }
  446. static enum xz_ret dec_main(struct xz_dec *s, struct xz_buf *b)
  447. {
  448. enum xz_ret ret;
  449. /*
  450. * Store the start position for the case when we are in the middle
  451. * of the Index field.
  452. */
  453. s->in_start = b->in_pos;
  454. while (true) {
  455. switch (s->sequence) {
  456. case SEQ_STREAM_HEADER:
  457. /*
  458. * Stream Header is copied to s->temp, and then
  459. * decoded from there. This way if the caller
  460. * gives us only little input at a time, we can
  461. * still keep the Stream Header decoding code
  462. * simple. Similar approach is used in many places
  463. * in this file.
  464. */
  465. if (!fill_temp(s, b))
  466. return XZ_OK;
  467. /*
  468. * If dec_stream_header() returns
  469. * XZ_UNSUPPORTED_CHECK, it is still possible
  470. * to continue decoding if working in multi-call
  471. * mode. Thus, update s->sequence before calling
  472. * dec_stream_header().
  473. */
  474. s->sequence = SEQ_BLOCK_START;
  475. ret = dec_stream_header(s);
  476. if (ret != XZ_OK)
  477. return ret;
  478. fallthrough;
  479. case SEQ_BLOCK_START:
  480. /* We need one byte of input to continue. */
  481. if (b->in_pos == b->in_size)
  482. return XZ_OK;
  483. /* See if this is the beginning of the Index field. */
  484. if (b->in[b->in_pos] == 0) {
  485. s->in_start = b->in_pos++;
  486. s->sequence = SEQ_INDEX;
  487. break;
  488. }
  489. /*
  490. * Calculate the size of the Block Header and
  491. * prepare to decode it.
  492. */
  493. s->block_header.size
  494. = ((uint32_t)b->in[b->in_pos] + 1) * 4;
  495. s->temp.size = s->block_header.size;
  496. s->temp.pos = 0;
  497. s->sequence = SEQ_BLOCK_HEADER;
  498. fallthrough;
  499. case SEQ_BLOCK_HEADER:
  500. if (!fill_temp(s, b))
  501. return XZ_OK;
  502. ret = dec_block_header(s);
  503. if (ret != XZ_OK)
  504. return ret;
  505. s->sequence = SEQ_BLOCK_UNCOMPRESS;
  506. fallthrough;
  507. case SEQ_BLOCK_UNCOMPRESS:
  508. ret = dec_block(s, b);
  509. if (ret != XZ_STREAM_END)
  510. return ret;
  511. s->sequence = SEQ_BLOCK_PADDING;
  512. fallthrough;
  513. case SEQ_BLOCK_PADDING:
  514. /*
  515. * Size of Compressed Data + Block Padding
  516. * must be a multiple of four. We don't need
  517. * s->block.compressed for anything else
  518. * anymore, so we use it here to test the size
  519. * of the Block Padding field.
  520. */
  521. while (s->block.compressed & 3) {
  522. if (b->in_pos == b->in_size)
  523. return XZ_OK;
  524. if (b->in[b->in_pos++] != 0)
  525. return XZ_DATA_ERROR;
  526. ++s->block.compressed;
  527. }
  528. s->sequence = SEQ_BLOCK_CHECK;
  529. fallthrough;
  530. case SEQ_BLOCK_CHECK:
  531. if (s->check_type == XZ_CHECK_CRC32) {
  532. ret = crc32_validate(s, b);
  533. if (ret != XZ_STREAM_END)
  534. return ret;
  535. }
  536. #ifdef XZ_DEC_ANY_CHECK
  537. else if (!check_skip(s, b)) {
  538. return XZ_OK;
  539. }
  540. #endif
  541. s->sequence = SEQ_BLOCK_START;
  542. break;
  543. case SEQ_INDEX:
  544. ret = dec_index(s, b);
  545. if (ret != XZ_STREAM_END)
  546. return ret;
  547. s->sequence = SEQ_INDEX_PADDING;
  548. fallthrough;
  549. case SEQ_INDEX_PADDING:
  550. while ((s->index.size + (b->in_pos - s->in_start))
  551. & 3) {
  552. if (b->in_pos == b->in_size) {
  553. index_update(s, b);
  554. return XZ_OK;
  555. }
  556. if (b->in[b->in_pos++] != 0)
  557. return XZ_DATA_ERROR;
  558. }
  559. /* Finish the CRC32 value and Index size. */
  560. index_update(s, b);
  561. /* Compare the hashes to validate the Index field. */
  562. if (!memeq(&s->block.hash, &s->index.hash,
  563. sizeof(s->block.hash)))
  564. return XZ_DATA_ERROR;
  565. s->sequence = SEQ_INDEX_CRC32;
  566. fallthrough;
  567. case SEQ_INDEX_CRC32:
  568. ret = crc32_validate(s, b);
  569. if (ret != XZ_STREAM_END)
  570. return ret;
  571. s->temp.size = STREAM_HEADER_SIZE;
  572. s->sequence = SEQ_STREAM_FOOTER;
  573. fallthrough;
  574. case SEQ_STREAM_FOOTER:
  575. if (!fill_temp(s, b))
  576. return XZ_OK;
  577. return dec_stream_footer(s);
  578. }
  579. }
  580. /* Never reached */
  581. }
  582. /*
  583. * xz_dec_run() is a wrapper for dec_main() to handle some special cases in
  584. * multi-call and single-call decoding.
  585. *
  586. * In multi-call mode, we must return XZ_BUF_ERROR when it seems clear that we
  587. * are not going to make any progress anymore. This is to prevent the caller
  588. * from calling us infinitely when the input file is truncated or otherwise
  589. * corrupt. Since zlib-style API allows that the caller fills the input buffer
  590. * only when the decoder doesn't produce any new output, we have to be careful
  591. * to avoid returning XZ_BUF_ERROR too easily: XZ_BUF_ERROR is returned only
  592. * after the second consecutive call to xz_dec_run() that makes no progress.
  593. *
  594. * In single-call mode, if we couldn't decode everything and no error
  595. * occurred, either the input is truncated or the output buffer is too small.
  596. * Since we know that the last input byte never produces any output, we know
  597. * that if all the input was consumed and decoding wasn't finished, the file
  598. * must be corrupt. Otherwise the output buffer has to be too small or the
  599. * file is corrupt in a way that decoding it produces too big output.
  600. *
  601. * If single-call decoding fails, we reset b->in_pos and b->out_pos back to
  602. * their original values. This is because with some filter chains there won't
  603. * be any valid uncompressed data in the output buffer unless the decoding
  604. * actually succeeds (that's the price to pay of using the output buffer as
  605. * the workspace).
  606. */
  607. enum xz_ret xz_dec_run(struct xz_dec *s, struct xz_buf *b)
  608. {
  609. size_t in_start;
  610. size_t out_start;
  611. enum xz_ret ret;
  612. if (DEC_IS_SINGLE(s->mode))
  613. xz_dec_reset(s);
  614. in_start = b->in_pos;
  615. out_start = b->out_pos;
  616. ret = dec_main(s, b);
  617. if (DEC_IS_SINGLE(s->mode)) {
  618. if (ret == XZ_OK)
  619. ret = b->in_pos == b->in_size
  620. ? XZ_DATA_ERROR : XZ_BUF_ERROR;
  621. if (ret != XZ_STREAM_END) {
  622. b->in_pos = in_start;
  623. b->out_pos = out_start;
  624. }
  625. } else if (ret == XZ_OK && in_start == b->in_pos
  626. && out_start == b->out_pos) {
  627. if (s->allow_buf_error)
  628. ret = XZ_BUF_ERROR;
  629. s->allow_buf_error = true;
  630. } else {
  631. s->allow_buf_error = false;
  632. }
  633. return ret;
  634. }
  635. struct xz_dec *xz_dec_init(enum xz_mode mode, uint32_t dict_max)
  636. {
  637. struct xz_dec *s = kmalloc_obj(*s);
  638. if (s == NULL)
  639. return NULL;
  640. s->mode = mode;
  641. #ifdef XZ_DEC_BCJ
  642. s->bcj = xz_dec_bcj_create(DEC_IS_SINGLE(mode));
  643. if (s->bcj == NULL)
  644. goto error_bcj;
  645. #endif
  646. s->lzma2 = xz_dec_lzma2_create(mode, dict_max);
  647. if (s->lzma2 == NULL)
  648. goto error_lzma2;
  649. xz_dec_reset(s);
  650. return s;
  651. error_lzma2:
  652. #ifdef XZ_DEC_BCJ
  653. xz_dec_bcj_end(s->bcj);
  654. error_bcj:
  655. #endif
  656. kfree(s);
  657. return NULL;
  658. }
  659. void xz_dec_reset(struct xz_dec *s)
  660. {
  661. s->sequence = SEQ_STREAM_HEADER;
  662. s->allow_buf_error = false;
  663. s->pos = 0;
  664. s->crc32 = 0;
  665. memzero(&s->block, sizeof(s->block));
  666. memzero(&s->index, sizeof(s->index));
  667. s->temp.pos = 0;
  668. s->temp.size = STREAM_HEADER_SIZE;
  669. }
  670. void xz_dec_end(struct xz_dec *s)
  671. {
  672. if (s != NULL) {
  673. xz_dec_lzma2_end(s->lzma2);
  674. #ifdef XZ_DEC_BCJ
  675. xz_dec_bcj_end(s->bcj);
  676. #endif
  677. kfree(s);
  678. }
  679. }