aboutsummaryrefslogtreecommitdiffstats
path: root/lib/decompress_unlzo.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/decompress_unlzo.c')
-rw-r--r--lib/decompress_unlzo.c105
1 files changed, 89 insertions, 16 deletions
diff --git a/lib/decompress_unlzo.c b/lib/decompress_unlzo.c
index bcb3a4bd68f..5a7a2adf4c4 100644
--- a/lib/decompress_unlzo.c
+++ b/lib/decompress_unlzo.c
@@ -33,7 +33,6 @@
33#ifdef STATIC 33#ifdef STATIC
34#include "lzo/lzo1x_decompress.c" 34#include "lzo/lzo1x_decompress.c"
35#else 35#else
36#include <linux/slab.h>
37#include <linux/decompress/unlzo.h> 36#include <linux/decompress/unlzo.h>
38#endif 37#endif
39 38
@@ -49,14 +48,25 @@ static const unsigned char lzop_magic[] = {
49 48
50#define LZO_BLOCK_SIZE (256*1024l) 49#define LZO_BLOCK_SIZE (256*1024l)
51#define HEADER_HAS_FILTER 0x00000800L 50#define HEADER_HAS_FILTER 0x00000800L
51#define HEADER_SIZE_MIN (9 + 7 + 4 + 8 + 1 + 4)
52#define HEADER_SIZE_MAX (9 + 7 + 1 + 8 + 8 + 4 + 1 + 255 + 4)
52 53
53STATIC inline int INIT parse_header(u8 *input, u8 *skip) 54STATIC inline int INIT parse_header(u8 *input, int *skip, int in_len)
54{ 55{
55 int l; 56 int l;
56 u8 *parse = input; 57 u8 *parse = input;
58 u8 *end = input + in_len;
57 u8 level = 0; 59 u8 level = 0;
58 u16 version; 60 u16 version;
59 61
62 /*
63 * Check that there's enough input to possibly have a valid header.
64 * Then it is possible to parse several fields until the minimum
65 * size may have been used.
66 */
67 if (in_len < HEADER_SIZE_MIN)
68 return 0;
69
60 /* read magic: 9 first bits */ 70 /* read magic: 9 first bits */
61 for (l = 0; l < 9; l++) { 71 for (l = 0; l < 9; l++) {
62 if (*parse++ != lzop_magic[l]) 72 if (*parse++ != lzop_magic[l])
@@ -74,6 +84,15 @@ STATIC inline int INIT parse_header(u8 *input, u8 *skip)
74 else 84 else
75 parse += 4; /* flags */ 85 parse += 4; /* flags */
76 86
87 /*
88 * At least mode, mtime_low, filename length, and checksum must
89 * be left to be parsed. If also mtime_high is present, it's OK
90 * because the next input buffer check is after reading the
91 * filename length.
92 */
93 if (end - parse < 8 + 1 + 4)
94 return 0;
95
77 /* skip mode and mtime_low */ 96 /* skip mode and mtime_low */
78 parse += 8; 97 parse += 8;
79 if (version >= 0x0940) 98 if (version >= 0x0940)
@@ -81,6 +100,8 @@ STATIC inline int INIT parse_header(u8 *input, u8 *skip)
81 100
82 l = *parse++; 101 l = *parse++;
83 /* don't care about the file name, and skip checksum */ 102 /* don't care about the file name, and skip checksum */
103 if (end - parse < l + 4)
104 return 0;
84 parse += l + 4; 105 parse += l + 4;
85 106
86 *skip = parse - input; 107 *skip = parse - input;
@@ -91,16 +112,15 @@ STATIC inline int INIT unlzo(u8 *input, int in_len,
91 int (*fill) (void *, unsigned int), 112 int (*fill) (void *, unsigned int),
92 int (*flush) (void *, unsigned int), 113 int (*flush) (void *, unsigned int),
93 u8 *output, int *posp, 114 u8 *output, int *posp,
94 void (*error_fn) (char *x)) 115 void (*error) (char *x))
95{ 116{
96 u8 skip = 0, r = 0; 117 u8 r = 0;
118 int skip = 0;
97 u32 src_len, dst_len; 119 u32 src_len, dst_len;
98 size_t tmp; 120 size_t tmp;
99 u8 *in_buf, *in_buf_save, *out_buf; 121 u8 *in_buf, *in_buf_save, *out_buf;
100 int ret = -1; 122 int ret = -1;
101 123
102 set_error_fn(error_fn);
103
104 if (output) { 124 if (output) {
105 out_buf = output; 125 out_buf = output;
106 } else if (!flush) { 126 } else if (!flush) {
@@ -119,8 +139,8 @@ STATIC inline int INIT unlzo(u8 *input, int in_len,
119 goto exit_1; 139 goto exit_1;
120 } else if (input) { 140 } else if (input) {
121 in_buf = input; 141 in_buf = input;
122 } else if (!fill || !posp) { 142 } else if (!fill) {
123 error("NULL input pointer and missing position pointer or fill function"); 143 error("NULL input pointer and missing fill function");
124 goto exit_1; 144 goto exit_1;
125 } else { 145 } else {
126 in_buf = malloc(lzo1x_worst_compress(LZO_BLOCK_SIZE)); 146 in_buf = malloc(lzo1x_worst_compress(LZO_BLOCK_SIZE));
@@ -134,22 +154,47 @@ STATIC inline int INIT unlzo(u8 *input, int in_len,
134 if (posp) 154 if (posp)
135 *posp = 0; 155 *posp = 0;
136 156
137 if (fill) 157 if (fill) {
138 fill(in_buf, lzo1x_worst_compress(LZO_BLOCK_SIZE)); 158 /*
159 * Start from in_buf + HEADER_SIZE_MAX to make it possible
160 * to use memcpy() to copy the unused data to the beginning
161 * of the buffer. This way memmove() isn't needed which
162 * is missing from pre-boot environments of most archs.
163 */
164 in_buf += HEADER_SIZE_MAX;
165 in_len = fill(in_buf, HEADER_SIZE_MAX);
166 }
139 167
140 if (!parse_header(input, &skip)) { 168 if (!parse_header(in_buf, &skip, in_len)) {
141 error("invalid header"); 169 error("invalid header");
142 goto exit_2; 170 goto exit_2;
143 } 171 }
144 in_buf += skip; 172 in_buf += skip;
173 in_len -= skip;
174
175 if (fill) {
176 /* Move the unused data to the beginning of the buffer. */
177 memcpy(in_buf_save, in_buf, in_len);
178 in_buf = in_buf_save;
179 }
145 180
146 if (posp) 181 if (posp)
147 *posp = skip; 182 *posp = skip;
148 183
149 for (;;) { 184 for (;;) {
150 /* read uncompressed block size */ 185 /* read uncompressed block size */
186 if (fill && in_len < 4) {
187 skip = fill(in_buf + in_len, 4 - in_len);
188 if (skip > 0)
189 in_len += skip;
190 }
191 if (in_len < 4) {
192 error("file corrupted");
193 goto exit_2;
194 }
151 dst_len = get_unaligned_be32(in_buf); 195 dst_len = get_unaligned_be32(in_buf);
152 in_buf += 4; 196 in_buf += 4;
197 in_len -= 4;
153 198
154 /* exit if last block */ 199 /* exit if last block */
155 if (dst_len == 0) { 200 if (dst_len == 0) {
@@ -164,8 +209,18 @@ STATIC inline int INIT unlzo(u8 *input, int in_len,
164 } 209 }
165 210
166 /* read compressed block size, and skip block checksum info */ 211 /* read compressed block size, and skip block checksum info */
212 if (fill && in_len < 8) {
213 skip = fill(in_buf + in_len, 8 - in_len);
214 if (skip > 0)
215 in_len += skip;
216 }
217 if (in_len < 8) {
218 error("file corrupted");
219 goto exit_2;
220 }
167 src_len = get_unaligned_be32(in_buf); 221 src_len = get_unaligned_be32(in_buf);
168 in_buf += 8; 222 in_buf += 8;
223 in_len -= 8;
169 224
170 if (src_len <= 0 || src_len > dst_len) { 225 if (src_len <= 0 || src_len > dst_len) {
171 error("file corrupted"); 226 error("file corrupted");
@@ -173,6 +228,15 @@ STATIC inline int INIT unlzo(u8 *input, int in_len,
173 } 228 }
174 229
175 /* decompress */ 230 /* decompress */
231 if (fill && in_len < src_len) {
232 skip = fill(in_buf + in_len, src_len - in_len);
233 if (skip > 0)
234 in_len += skip;
235 }
236 if (in_len < src_len) {
237 error("file corrupted");
238 goto exit_2;
239 }
176 tmp = dst_len; 240 tmp = dst_len;
177 241
178 /* When the input data is not compressed at all, 242 /* When the input data is not compressed at all,
@@ -190,17 +254,26 @@ STATIC inline int INIT unlzo(u8 *input, int in_len,
190 } 254 }
191 } 255 }
192 256
193 if (flush) 257 if (flush && flush(out_buf, dst_len) != dst_len)
194 flush(out_buf, dst_len); 258 goto exit_2;
195 if (output) 259 if (output)
196 out_buf += dst_len; 260 out_buf += dst_len;
197 if (posp) 261 if (posp)
198 *posp += src_len + 12; 262 *posp += src_len + 12;
263
264 in_buf += src_len;
265 in_len -= src_len;
199 if (fill) { 266 if (fill) {
267 /*
268 * If there happens to still be unused data left in
269 * in_buf, move it to the beginning of the buffer.
270 * Use a loop to avoid memmove() dependency.
271 */
272 if (in_len > 0)
273 for (skip = 0; skip < in_len; ++skip)
274 in_buf_save[skip] = in_buf[skip];
200 in_buf = in_buf_save; 275 in_buf = in_buf_save;
201 fill(in_buf, lzo1x_worst_compress(LZO_BLOCK_SIZE)); 276 }
202 } else
203 in_buf += src_len;
204 } 277 }
205 278
206 ret = 0; 279 ret = 0;
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-25 21:18:12 -0400