3
0

decompress_unlzma.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527
  1. /* vi: set sw=4 ts=4: */
  2. /*
  3. * Small lzma deflate implementation.
  4. * Copyright (C) 2006 Aurelien Jacobs <aurel@gnuage.org>
  5. *
  6. * Based on LzmaDecode.c from the LZMA SDK 4.22 (http://www.7-zip.org/)
  7. * Copyright (C) 1999-2005 Igor Pavlov
  8. *
  9. * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  10. */
  11. #include "libbb.h"
  12. #include "bb_archive.h"
  13. #if 0
  14. # define dbg(...) bb_error_msg(__VA_ARGS__)
  15. #else
  16. # define dbg(...) ((void)0)
  17. #endif
  18. #if ENABLE_FEATURE_LZMA_FAST
  19. # define speed_inline ALWAYS_INLINE
  20. # define size_inline
  21. #else
  22. # define speed_inline
  23. # define size_inline ALWAYS_INLINE
  24. #endif
  25. typedef struct {
  26. int fd;
  27. uint8_t *ptr;
  28. /* Was keeping rc on stack in unlzma and separately allocating buffer,
  29. * but with "buffer 'attached to' allocated rc" code is smaller: */
  30. /* uint8_t *buffer; */
  31. #define RC_BUFFER ((uint8_t*)(rc+1))
  32. uint8_t *buffer_end;
  33. /* Had provisions for variable buffer, but we don't need it here */
  34. /* int buffer_size; */
  35. #define RC_BUFFER_SIZE 0x10000
  36. uint32_t code;
  37. uint32_t range;
  38. uint32_t bound;
  39. } rc_t;
  40. #define RC_TOP_BITS 24
  41. #define RC_MOVE_BITS 5
  42. #define RC_MODEL_TOTAL_BITS 11
  43. /* Called once in rc_do_normalize() */
  44. static void rc_read(rc_t *rc)
  45. {
  46. int buffer_size = safe_read(rc->fd, RC_BUFFER, RC_BUFFER_SIZE);
  47. //TODO: return -1 instead
  48. //This will make unlzma delete broken unpacked file on unpack errors
  49. if (buffer_size <= 0)
  50. bb_simple_error_msg_and_die("unexpected EOF");
  51. rc->buffer_end = RC_BUFFER + buffer_size;
  52. rc->ptr = RC_BUFFER;
  53. }
  54. /* Called twice, but one callsite is in speed_inline'd rc_is_bit_1() */
  55. static void rc_do_normalize(rc_t *rc)
  56. {
  57. if (rc->ptr >= rc->buffer_end)
  58. rc_read(rc);
  59. rc->range <<= 8;
  60. rc->code = (rc->code << 8) | *rc->ptr++;
  61. }
  62. static ALWAYS_INLINE void rc_normalize(rc_t *rc)
  63. {
  64. if (rc->range < (1 << RC_TOP_BITS)) {
  65. rc_do_normalize(rc);
  66. }
  67. }
  68. /* Called once */
  69. static ALWAYS_INLINE rc_t* rc_init(int fd) /*, int buffer_size) */
  70. {
  71. int i;
  72. rc_t *rc;
  73. rc = xzalloc(sizeof(*rc) + RC_BUFFER_SIZE);
  74. rc->fd = fd;
  75. /* rc->ptr = rc->buffer_end; */
  76. for (i = 0; i < 5; i++) {
  77. rc_do_normalize(rc);
  78. }
  79. rc->range = 0xffffffff;
  80. return rc;
  81. }
  82. /* Called once */
  83. static ALWAYS_INLINE void rc_free(rc_t *rc)
  84. {
  85. free(rc);
  86. }
  87. /* rc_is_bit_1 is called 9 times */
  88. static speed_inline int rc_is_bit_1(rc_t *rc, uint16_t *p)
  89. {
  90. rc_normalize(rc);
  91. rc->bound = *p * (rc->range >> RC_MODEL_TOTAL_BITS);
  92. if (rc->code < rc->bound) {
  93. rc->range = rc->bound;
  94. *p += ((1 << RC_MODEL_TOTAL_BITS) - *p) >> RC_MOVE_BITS;
  95. return 0;
  96. }
  97. rc->range -= rc->bound;
  98. rc->code -= rc->bound;
  99. *p -= *p >> RC_MOVE_BITS;
  100. return 1;
  101. }
  102. /* Called 4 times in unlzma loop */
  103. static ALWAYS_INLINE int rc_get_bit(rc_t *rc, uint16_t *p, int *symbol)
  104. {
  105. int ret = rc_is_bit_1(rc, p);
  106. *symbol = *symbol * 2 + ret;
  107. return ret;
  108. }
  109. /* Called once */
  110. static ALWAYS_INLINE int rc_direct_bit(rc_t *rc)
  111. {
  112. rc_normalize(rc);
  113. rc->range >>= 1;
  114. if (rc->code >= rc->range) {
  115. rc->code -= rc->range;
  116. return 1;
  117. }
  118. return 0;
  119. }
  120. /* Called twice */
  121. static speed_inline void
  122. rc_bit_tree_decode(rc_t *rc, uint16_t *p, int num_levels, int *symbol)
  123. {
  124. int i = num_levels;
  125. *symbol = 1;
  126. while (i--)
  127. rc_get_bit(rc, p + *symbol, symbol);
  128. *symbol -= 1 << num_levels;
  129. }
  130. typedef struct {
  131. uint8_t pos;
  132. uint32_t dict_size;
  133. uint64_t dst_size;
  134. } PACKED lzma_header_t;
  135. /* #defines will force compiler to compute/optimize each one with each usage.
  136. * Have heart and use enum instead. */
  137. enum {
  138. LZMA_BASE_SIZE = 1846,
  139. LZMA_LIT_SIZE = 768,
  140. LZMA_NUM_POS_BITS_MAX = 4,
  141. LZMA_LEN_NUM_LOW_BITS = 3,
  142. LZMA_LEN_NUM_MID_BITS = 3,
  143. LZMA_LEN_NUM_HIGH_BITS = 8,
  144. LZMA_LEN_CHOICE = 0,
  145. LZMA_LEN_CHOICE_2 = (LZMA_LEN_CHOICE + 1),
  146. LZMA_LEN_LOW = (LZMA_LEN_CHOICE_2 + 1),
  147. LZMA_LEN_MID = (LZMA_LEN_LOW \
  148. + (1 << (LZMA_NUM_POS_BITS_MAX + LZMA_LEN_NUM_LOW_BITS))),
  149. LZMA_LEN_HIGH = (LZMA_LEN_MID \
  150. + (1 << (LZMA_NUM_POS_BITS_MAX + LZMA_LEN_NUM_MID_BITS))),
  151. LZMA_NUM_LEN_PROBS = (LZMA_LEN_HIGH + (1 << LZMA_LEN_NUM_HIGH_BITS)),
  152. LZMA_NUM_STATES = 12,
  153. LZMA_NUM_LIT_STATES = 7,
  154. LZMA_START_POS_MODEL_INDEX = 4,
  155. LZMA_END_POS_MODEL_INDEX = 14,
  156. LZMA_NUM_FULL_DISTANCES = (1 << (LZMA_END_POS_MODEL_INDEX >> 1)),
  157. LZMA_NUM_POS_SLOT_BITS = 6,
  158. LZMA_NUM_LEN_TO_POS_STATES = 4,
  159. LZMA_NUM_ALIGN_BITS = 4,
  160. LZMA_MATCH_MIN_LEN = 2,
  161. LZMA_IS_MATCH = 0,
  162. LZMA_IS_REP = (LZMA_IS_MATCH + (LZMA_NUM_STATES << LZMA_NUM_POS_BITS_MAX)),
  163. LZMA_IS_REP_G0 = (LZMA_IS_REP + LZMA_NUM_STATES),
  164. LZMA_IS_REP_G1 = (LZMA_IS_REP_G0 + LZMA_NUM_STATES),
  165. LZMA_IS_REP_G2 = (LZMA_IS_REP_G1 + LZMA_NUM_STATES),
  166. LZMA_IS_REP_0_LONG = (LZMA_IS_REP_G2 + LZMA_NUM_STATES),
  167. LZMA_POS_SLOT = (LZMA_IS_REP_0_LONG \
  168. + (LZMA_NUM_STATES << LZMA_NUM_POS_BITS_MAX)),
  169. LZMA_SPEC_POS = (LZMA_POS_SLOT \
  170. + (LZMA_NUM_LEN_TO_POS_STATES << LZMA_NUM_POS_SLOT_BITS)),
  171. LZMA_ALIGN = (LZMA_SPEC_POS \
  172. + LZMA_NUM_FULL_DISTANCES - LZMA_END_POS_MODEL_INDEX),
  173. LZMA_LEN_CODER = (LZMA_ALIGN + (1 << LZMA_NUM_ALIGN_BITS)),
  174. LZMA_REP_LEN_CODER = (LZMA_LEN_CODER + LZMA_NUM_LEN_PROBS),
  175. LZMA_LITERAL = (LZMA_REP_LEN_CODER + LZMA_NUM_LEN_PROBS),
  176. };
  177. IF_DESKTOP(long long) int FAST_FUNC
  178. unpack_lzma_stream(transformer_state_t *xstate)
  179. {
  180. IF_DESKTOP(long long total_written = 0;)
  181. lzma_header_t header;
  182. int lc, pb, lp;
  183. uint32_t pos_state_mask;
  184. uint32_t literal_pos_mask;
  185. uint16_t *p;
  186. rc_t *rc;
  187. int i;
  188. uint8_t *buffer;
  189. uint32_t buffer_size;
  190. uint8_t previous_byte = 0;
  191. size_t buffer_pos = 0, global_pos = 0;
  192. int len = 0;
  193. int state = 0;
  194. uint32_t rep0 = 1, rep1 = 1, rep2 = 1, rep3 = 1;
  195. if (full_read(xstate->src_fd, &header, sizeof(header)) != sizeof(header)
  196. || header.pos >= (9 * 5 * 5)
  197. ) {
  198. bb_simple_error_msg("bad lzma header");
  199. return -1;
  200. }
  201. i = header.pos / 9;
  202. lc = header.pos % 9;
  203. pb = i / 5;
  204. lp = i % 5;
  205. pos_state_mask = (1 << pb) - 1;
  206. literal_pos_mask = (1 << lp) - 1;
  207. /* Example values from linux-3.3.4.tar.lzma:
  208. * dict_size: 64M, dst_size: 2^64-1
  209. */
  210. header.dict_size = SWAP_LE32(header.dict_size);
  211. header.dst_size = SWAP_LE64(header.dst_size);
  212. if (header.dict_size == 0)
  213. header.dict_size++;
  214. buffer_size = MIN(header.dst_size, header.dict_size);
  215. buffer = xmalloc(buffer_size);
  216. {
  217. int num_probs;
  218. num_probs = LZMA_BASE_SIZE + (LZMA_LIT_SIZE << (lc + lp));
  219. p = xmalloc(num_probs * sizeof(*p));
  220. num_probs += LZMA_LITERAL - LZMA_BASE_SIZE;
  221. for (i = 0; i < num_probs; i++)
  222. p[i] = (1 << RC_MODEL_TOTAL_BITS) >> 1;
  223. }
  224. rc = rc_init(xstate->src_fd); /*, RC_BUFFER_SIZE); */
  225. while (global_pos + buffer_pos < header.dst_size) {
  226. int pos_state = (buffer_pos + global_pos) & pos_state_mask;
  227. uint16_t *prob = p + LZMA_IS_MATCH + (state << LZMA_NUM_POS_BITS_MAX) + pos_state;
  228. if (!rc_is_bit_1(rc, prob)) {
  229. static const char next_state[LZMA_NUM_STATES] =
  230. { 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 4, 5 };
  231. int mi = 1;
  232. prob = (p + LZMA_LITERAL
  233. + (LZMA_LIT_SIZE * ((((buffer_pos + global_pos) & literal_pos_mask) << lc)
  234. + (previous_byte >> (8 - lc))
  235. )
  236. )
  237. );
  238. if (state >= LZMA_NUM_LIT_STATES) {
  239. int match_byte;
  240. uint32_t pos;
  241. pos = buffer_pos - rep0;
  242. if ((int32_t)pos < 0) {
  243. pos += header.dict_size;
  244. if ((int32_t)pos < 0)
  245. goto bad;
  246. }
  247. match_byte = buffer[pos];
  248. do {
  249. int bit;
  250. match_byte <<= 1;
  251. bit = match_byte & 0x100;
  252. bit ^= (rc_get_bit(rc, prob + 0x100 + bit + mi, &mi) << 8); /* 0x100 or 0 */
  253. if (bit)
  254. break;
  255. } while (mi < 0x100);
  256. }
  257. while (mi < 0x100) {
  258. rc_get_bit(rc, prob + mi, &mi);
  259. }
  260. state = next_state[state];
  261. previous_byte = (uint8_t) mi;
  262. #if ENABLE_FEATURE_LZMA_FAST
  263. one_byte1:
  264. buffer[buffer_pos++] = previous_byte;
  265. if (buffer_pos == header.dict_size) {
  266. buffer_pos = 0;
  267. global_pos += header.dict_size;
  268. if (transformer_write(xstate, buffer, header.dict_size) != (ssize_t)header.dict_size)
  269. goto bad;
  270. IF_DESKTOP(total_written += header.dict_size;)
  271. }
  272. #else
  273. len = 1;
  274. goto one_byte2;
  275. #endif
  276. } else {
  277. int num_bits;
  278. int offset;
  279. uint16_t *prob2;
  280. #define prob_len prob2
  281. prob2 = p + LZMA_IS_REP + state;
  282. if (!rc_is_bit_1(rc, prob2)) {
  283. rep3 = rep2;
  284. rep2 = rep1;
  285. rep1 = rep0;
  286. state = state < LZMA_NUM_LIT_STATES ? 0 : 3;
  287. prob2 = p + LZMA_LEN_CODER;
  288. } else {
  289. prob2 += LZMA_IS_REP_G0 - LZMA_IS_REP;
  290. if (!rc_is_bit_1(rc, prob2)) {
  291. prob2 = (p + LZMA_IS_REP_0_LONG
  292. + (state << LZMA_NUM_POS_BITS_MAX)
  293. + pos_state
  294. );
  295. if (!rc_is_bit_1(rc, prob2)) {
  296. #if ENABLE_FEATURE_LZMA_FAST
  297. uint32_t pos;
  298. state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
  299. pos = buffer_pos - rep0;
  300. if ((int32_t)pos < 0) {
  301. pos += header.dict_size;
  302. /* see unzip_bad_lzma_2.zip: */
  303. if (pos >= buffer_size) {
  304. dbg("%d pos:%d buffer_size:%d", __LINE__, pos, buffer_size);
  305. goto bad;
  306. }
  307. }
  308. previous_byte = buffer[pos];
  309. goto one_byte1;
  310. #else
  311. state = state < LZMA_NUM_LIT_STATES ? 9 : 11;
  312. len = 1;
  313. goto string;
  314. #endif
  315. }
  316. } else {
  317. uint32_t distance;
  318. prob2 += LZMA_IS_REP_G1 - LZMA_IS_REP_G0;
  319. distance = rep1;
  320. if (rc_is_bit_1(rc, prob2)) {
  321. prob2 += LZMA_IS_REP_G2 - LZMA_IS_REP_G1;
  322. distance = rep2;
  323. if (rc_is_bit_1(rc, prob2)) {
  324. distance = rep3;
  325. rep3 = rep2;
  326. }
  327. rep2 = rep1;
  328. }
  329. rep1 = rep0;
  330. rep0 = distance;
  331. }
  332. state = state < LZMA_NUM_LIT_STATES ? 8 : 11;
  333. prob2 = p + LZMA_REP_LEN_CODER;
  334. }
  335. prob_len = prob2 + LZMA_LEN_CHOICE;
  336. num_bits = LZMA_LEN_NUM_LOW_BITS;
  337. if (!rc_is_bit_1(rc, prob_len)) {
  338. prob_len += LZMA_LEN_LOW - LZMA_LEN_CHOICE
  339. + (pos_state << LZMA_LEN_NUM_LOW_BITS);
  340. offset = 0;
  341. } else {
  342. prob_len += LZMA_LEN_CHOICE_2 - LZMA_LEN_CHOICE;
  343. if (!rc_is_bit_1(rc, prob_len)) {
  344. prob_len += LZMA_LEN_MID - LZMA_LEN_CHOICE_2
  345. + (pos_state << LZMA_LEN_NUM_MID_BITS);
  346. offset = 1 << LZMA_LEN_NUM_LOW_BITS;
  347. num_bits += LZMA_LEN_NUM_MID_BITS - LZMA_LEN_NUM_LOW_BITS;
  348. } else {
  349. prob_len += LZMA_LEN_HIGH - LZMA_LEN_CHOICE_2;
  350. offset = ((1 << LZMA_LEN_NUM_LOW_BITS)
  351. + (1 << LZMA_LEN_NUM_MID_BITS));
  352. num_bits += LZMA_LEN_NUM_HIGH_BITS - LZMA_LEN_NUM_LOW_BITS;
  353. }
  354. }
  355. rc_bit_tree_decode(rc, prob_len, num_bits, &len);
  356. len += offset;
  357. if (state < 4) {
  358. int pos_slot;
  359. uint16_t *prob3;
  360. state += LZMA_NUM_LIT_STATES;
  361. prob3 = p + LZMA_POS_SLOT +
  362. ((len < LZMA_NUM_LEN_TO_POS_STATES ? len :
  363. LZMA_NUM_LEN_TO_POS_STATES - 1)
  364. << LZMA_NUM_POS_SLOT_BITS);
  365. rc_bit_tree_decode(rc, prob3,
  366. LZMA_NUM_POS_SLOT_BITS, &pos_slot);
  367. rep0 = pos_slot;
  368. if (pos_slot >= LZMA_START_POS_MODEL_INDEX) {
  369. int i2, mi2, num_bits2 = (pos_slot >> 1) - 1;
  370. rep0 = 2 | (pos_slot & 1);
  371. if (pos_slot < LZMA_END_POS_MODEL_INDEX) {
  372. rep0 <<= num_bits2;
  373. prob3 = p + LZMA_SPEC_POS + rep0 - pos_slot - 1;
  374. } else {
  375. for (; num_bits2 != LZMA_NUM_ALIGN_BITS; num_bits2--)
  376. rep0 = (rep0 << 1) | rc_direct_bit(rc);
  377. rep0 <<= LZMA_NUM_ALIGN_BITS;
  378. // Note: (int32_t)rep0 may be < 0 here
  379. // (I have linux-3.3.4.tar.lzma which has it).
  380. // I moved the check after "++rep0 == 0" check below.
  381. prob3 = p + LZMA_ALIGN;
  382. }
  383. i2 = 1;
  384. mi2 = 1;
  385. while (num_bits2--) {
  386. if (rc_get_bit(rc, prob3 + mi2, &mi2))
  387. rep0 |= i2;
  388. i2 <<= 1;
  389. }
  390. }
  391. rep0++;
  392. if ((int32_t)rep0 <= 0) {
  393. if (rep0 == 0)
  394. break;
  395. dbg("%d rep0:%d", __LINE__, rep0);
  396. goto bad;
  397. }
  398. }
  399. len += LZMA_MATCH_MIN_LEN;
  400. /*
  401. * LZMA SDK has this optimized:
  402. * it precalculates size and copies many bytes
  403. * in a loop with simpler checks, a-la:
  404. * do
  405. * *(dest) = *(dest + ofs);
  406. * while (++dest != lim);
  407. * and
  408. * do {
  409. * buffer[buffer_pos++] = buffer[pos];
  410. * if (++pos == header.dict_size)
  411. * pos = 0;
  412. * } while (--cur_len != 0);
  413. * Our code is slower (more checks per byte copy):
  414. */
  415. IF_NOT_FEATURE_LZMA_FAST(string:)
  416. do {
  417. uint32_t pos = buffer_pos - rep0;
  418. if ((int32_t)pos < 0) {
  419. pos += header.dict_size;
  420. /* bug 10436 has an example file where this triggers: */
  421. //if ((int32_t)pos < 0)
  422. // goto bad;
  423. /* more stringent test (see unzip_bad_lzma_1.zip): */
  424. if (pos >= buffer_size)
  425. goto bad;
  426. }
  427. previous_byte = buffer[pos];
  428. IF_NOT_FEATURE_LZMA_FAST(one_byte2:)
  429. buffer[buffer_pos++] = previous_byte;
  430. if (buffer_pos == header.dict_size) {
  431. buffer_pos = 0;
  432. global_pos += header.dict_size;
  433. if (transformer_write(xstate, buffer, header.dict_size) != (ssize_t)header.dict_size)
  434. goto bad;
  435. IF_DESKTOP(total_written += header.dict_size;)
  436. }
  437. len--;
  438. } while (len != 0 && buffer_pos < header.dst_size);
  439. /* FIXME: ...........^^^^^
  440. * shouldn't it be "global_pos + buffer_pos < header.dst_size"?
  441. * It probably should, but it is a "do we accidentally
  442. * unpack more bytes than expected?" check - which
  443. * never happens for well-formed compression data...
  444. */
  445. }
  446. }
  447. {
  448. IF_NOT_DESKTOP(int total_written = 0; /* success */)
  449. IF_DESKTOP(total_written += buffer_pos;)
  450. if (transformer_write(xstate, buffer, buffer_pos) != (ssize_t)buffer_pos) {
  451. bad:
  452. /* One of our users, bbunpack(), expects _us_ to emit
  453. * the error message (since it's the best place to give
  454. * potentially more detailed information).
  455. * Do not fail silently.
  456. */
  457. bb_simple_error_msg("corrupted data");
  458. total_written = -1; /* failure */
  459. }
  460. rc_free(rc);
  461. free(p);
  462. free(buffer);
  463. return total_written;
  464. }
  465. }