aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/inflate.c129
1 files changed, 91 insertions, 38 deletions
diff --git a/lib/inflate.c b/lib/inflate.c
index 6db6e98d1637..845f91d3ac12 100644
--- a/lib/inflate.c
+++ b/lib/inflate.c
@@ -292,7 +292,6 @@ STATIC int INIT huft_build(
292 oversubscribed set of lengths), and three if not enough memory. */ 292 oversubscribed set of lengths), and three if not enough memory. */
293{ 293{
294 unsigned a; /* counter for codes of length k */ 294 unsigned a; /* counter for codes of length k */
295 unsigned c[BMAX+1]; /* bit length count table */
296 unsigned f; /* i repeats in table every f entries */ 295 unsigned f; /* i repeats in table every f entries */
297 int g; /* maximum code length */ 296 int g; /* maximum code length */
298 int h; /* table level */ 297 int h; /* table level */
@@ -303,18 +302,33 @@ STATIC int INIT huft_build(
303 register unsigned *p; /* pointer into c[], b[], or v[] */ 302 register unsigned *p; /* pointer into c[], b[], or v[] */
304 register struct huft *q; /* points to current table */ 303 register struct huft *q; /* points to current table */
305 struct huft r; /* table entry for structure assignment */ 304 struct huft r; /* table entry for structure assignment */
306 struct huft *u[BMAX]; /* table stack */
307 unsigned v[N_MAX]; /* values in order of bit length */
308 register int w; /* bits before this table == (l * h) */ 305 register int w; /* bits before this table == (l * h) */
309 unsigned x[BMAX+1]; /* bit offsets, then code stack */
310 unsigned *xp; /* pointer into x */ 306 unsigned *xp; /* pointer into x */
311 int y; /* number of dummy codes added */ 307 int y; /* number of dummy codes added */
312 unsigned z; /* number of entries in current table */ 308 unsigned z; /* number of entries in current table */
309 struct {
310 unsigned c[BMAX+1]; /* bit length count table */
311 struct huft *u[BMAX]; /* table stack */
312 unsigned v[N_MAX]; /* values in order of bit length */
313 unsigned x[BMAX+1]; /* bit offsets, then code stack */
314 } *stk;
315 unsigned *c, *v, *x;
316 struct huft **u;
317 int ret;
313 318
314DEBG("huft1 "); 319DEBG("huft1 ");
315 320
321 stk = malloc(sizeof(*stk));
322 if (stk == NULL)
323 return 3; /* out of memory */
324
325 c = stk->c;
326 v = stk->v;
327 x = stk->x;
328 u = stk->u;
329
316 /* Generate counts for each bit length */ 330 /* Generate counts for each bit length */
317 memzero(c, sizeof(c)); 331 memzero(stk->c, sizeof(stk->c));
318 p = b; i = n; 332 p = b; i = n;
319 do { 333 do {
320 Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? "%c %d\n" : "0x%x %d\n"), 334 Tracecv(*p, (stderr, (n-i >= ' ' && n-i <= '~' ? "%c %d\n" : "0x%x %d\n"),
@@ -326,7 +340,8 @@ DEBG("huft1 ");
326 { 340 {
327 *t = (struct huft *)NULL; 341 *t = (struct huft *)NULL;
328 *m = 0; 342 *m = 0;
329 return 2; 343 ret = 2;
344 goto out;
330 } 345 }
331 346
332DEBG("huft2 "); 347DEBG("huft2 ");
@@ -351,10 +366,14 @@ DEBG("huft3 ");
351 366
352 /* Adjust last length count to fill out codes, if needed */ 367 /* Adjust last length count to fill out codes, if needed */
353 for (y = 1 << j; j < i; j++, y <<= 1) 368 for (y = 1 << j; j < i; j++, y <<= 1)
354 if ((y -= c[j]) < 0) 369 if ((y -= c[j]) < 0) {
355 return 2; /* bad input: more codes than bits */ 370 ret = 2; /* bad input: more codes than bits */
356 if ((y -= c[i]) < 0) 371 goto out;
357 return 2; 372 }
373 if ((y -= c[i]) < 0) {
374 ret = 2;
375 goto out;
376 }
358 c[i] += y; 377 c[i] += y;
359 378
360DEBG("huft4 "); 379DEBG("huft4 ");
@@ -428,7 +447,8 @@ DEBG1("3 ");
428 { 447 {
429 if (h) 448 if (h)
430 huft_free(u[0]); 449 huft_free(u[0]);
431 return 3; /* not enough memory */ 450 ret = 3; /* not enough memory */
451 goto out;
432 } 452 }
433DEBG1("4 "); 453DEBG1("4 ");
434 hufts += z + 1; /* track memory usage */ 454 hufts += z + 1; /* track memory usage */
@@ -492,7 +512,11 @@ DEBG("h6f ");
492DEBG("huft7 "); 512DEBG("huft7 ");
493 513
494 /* Return true (1) if we were given an incomplete table */ 514 /* Return true (1) if we were given an incomplete table */
495 return y != 0 && g != 1; 515 ret = y != 0 && g != 1;
516
517 out:
518 free(stk);
519 return ret;
496} 520}
497 521
498 522
@@ -705,10 +729,14 @@ STATIC int noinline INIT inflate_fixed(void)
705 struct huft *td; /* distance code table */ 729 struct huft *td; /* distance code table */
706 int bl; /* lookup bits for tl */ 730 int bl; /* lookup bits for tl */
707 int bd; /* lookup bits for td */ 731 int bd; /* lookup bits for td */
708 unsigned l[288]; /* length list for huft_build */ 732 unsigned *l; /* length list for huft_build */
709 733
710DEBG("<fix"); 734DEBG("<fix");
711 735
736 l = malloc(sizeof(*l) * 288);
737 if (l == NULL)
738 return 3; /* out of memory */
739
712 /* set up literal table */ 740 /* set up literal table */
713 for (i = 0; i < 144; i++) 741 for (i = 0; i < 144; i++)
714 l[i] = 8; 742 l[i] = 8;
@@ -719,9 +747,10 @@ DEBG("<fix");
719 for (; i < 288; i++) /* make a complete, but wrong code set */ 747 for (; i < 288; i++) /* make a complete, but wrong code set */
720 l[i] = 8; 748 l[i] = 8;
721 bl = 7; 749 bl = 7;
722 if ((i = huft_build(l, 288, 257, cplens, cplext, &tl, &bl)) != 0) 750 if ((i = huft_build(l, 288, 257, cplens, cplext, &tl, &bl)) != 0) {
751 free(l);
723 return i; 752 return i;
724 753 }
725 754
726 /* set up distance table */ 755 /* set up distance table */
727 for (i = 0; i < 30; i++) /* make an incomplete code set */ 756 for (i = 0; i < 30; i++) /* make an incomplete code set */
@@ -730,6 +759,7 @@ DEBG("<fix");
730 if ((i = huft_build(l, 30, 0, cpdist, cpdext, &td, &bd)) > 1) 759 if ((i = huft_build(l, 30, 0, cpdist, cpdext, &td, &bd)) > 1)
731 { 760 {
732 huft_free(tl); 761 huft_free(tl);
762 free(l);
733 763
734 DEBG(">"); 764 DEBG(">");
735 return i; 765 return i;
@@ -737,11 +767,13 @@ DEBG("<fix");
737 767
738 768
739 /* decompress until an end-of-block code */ 769 /* decompress until an end-of-block code */
740 if (inflate_codes(tl, td, bl, bd)) 770 if (inflate_codes(tl, td, bl, bd)) {
771 free(l);
741 return 1; 772 return 1;
742 773 }
743 774
744 /* free the decoding tables, return */ 775 /* free the decoding tables, return */
776 free(l);
745 huft_free(tl); 777 huft_free(tl);
746 huft_free(td); 778 huft_free(td);
747 return 0; 779 return 0;
@@ -766,16 +798,19 @@ STATIC int noinline INIT inflate_dynamic(void)
766 unsigned nb; /* number of bit length codes */ 798 unsigned nb; /* number of bit length codes */
767 unsigned nl; /* number of literal/length codes */ 799 unsigned nl; /* number of literal/length codes */
768 unsigned nd; /* number of distance codes */ 800 unsigned nd; /* number of distance codes */
769#ifdef PKZIP_BUG_WORKAROUND 801 unsigned *ll; /* literal/length and distance code lengths */
770 unsigned ll[288+32]; /* literal/length and distance code lengths */
771#else
772 unsigned ll[286+30]; /* literal/length and distance code lengths */
773#endif
774 register ulg b; /* bit buffer */ 802 register ulg b; /* bit buffer */
775 register unsigned k; /* number of bits in bit buffer */ 803 register unsigned k; /* number of bits in bit buffer */
804 int ret;
776 805
777DEBG("<dyn"); 806DEBG("<dyn");
778 807
808#ifdef PKZIP_BUG_WORKAROUND
809 ll = malloc(sizeof(*ll) * (288+32)); /* literal/length and distance code lengths */
810#else
811 ll = malloc(sizeof(*ll) * (286+30)); /* literal/length and distance code lengths */
812#endif
813
779 /* make local bit buffer */ 814 /* make local bit buffer */
780 b = bb; 815 b = bb;
781 k = bk; 816 k = bk;
@@ -796,7 +831,10 @@ DEBG("<dyn");
796#else 831#else
797 if (nl > 286 || nd > 30) 832 if (nl > 286 || nd > 30)
798#endif 833#endif
799 return 1; /* bad lengths */ 834 {
835 ret = 1; /* bad lengths */
836 goto out;
837 }
800 838
801DEBG("dyn1 "); 839DEBG("dyn1 ");
802 840
@@ -818,7 +856,8 @@ DEBG("dyn2 ");
818 { 856 {
819 if (i == 1) 857 if (i == 1)
820 huft_free(tl); 858 huft_free(tl);
821 return i; /* incomplete code set */ 859 ret = i; /* incomplete code set */
860 goto out;
822 } 861 }
823 862
824DEBG("dyn3 "); 863DEBG("dyn3 ");
@@ -840,8 +879,10 @@ DEBG("dyn3 ");
840 NEEDBITS(2) 879 NEEDBITS(2)
841 j = 3 + ((unsigned)b & 3); 880 j = 3 + ((unsigned)b & 3);
842 DUMPBITS(2) 881 DUMPBITS(2)
843 if ((unsigned)i + j > n) 882 if ((unsigned)i + j > n) {
844 return 1; 883 ret = 1;
884 goto out;
885 }
845 while (j--) 886 while (j--)
846 ll[i++] = l; 887 ll[i++] = l;
847 } 888 }
@@ -850,8 +891,10 @@ DEBG("dyn3 ");
850 NEEDBITS(3) 891 NEEDBITS(3)
851 j = 3 + ((unsigned)b & 7); 892 j = 3 + ((unsigned)b & 7);
852 DUMPBITS(3) 893 DUMPBITS(3)
853 if ((unsigned)i + j > n) 894 if ((unsigned)i + j > n) {
854 return 1; 895 ret = 1;
896 goto out;
897 }
855 while (j--) 898 while (j--)
856 ll[i++] = 0; 899 ll[i++] = 0;
857 l = 0; 900 l = 0;
@@ -861,8 +904,10 @@ DEBG("dyn3 ");
861 NEEDBITS(7) 904 NEEDBITS(7)
862 j = 11 + ((unsigned)b & 0x7f); 905 j = 11 + ((unsigned)b & 0x7f);
863 DUMPBITS(7) 906 DUMPBITS(7)
864 if ((unsigned)i + j > n) 907 if ((unsigned)i + j > n) {
865 return 1; 908 ret = 1;
909 goto out;
910 }
866 while (j--) 911 while (j--)
867 ll[i++] = 0; 912 ll[i++] = 0;
868 l = 0; 913 l = 0;
@@ -891,7 +936,8 @@ DEBG("dyn5b ");
891 error("incomplete literal tree"); 936 error("incomplete literal tree");
892 huft_free(tl); 937 huft_free(tl);
893 } 938 }
894 return i; /* incomplete code set */ 939 ret = i; /* incomplete code set */
940 goto out;
895 } 941 }
896DEBG("dyn5c "); 942DEBG("dyn5c ");
897 bd = dbits; 943 bd = dbits;
@@ -907,15 +953,18 @@ DEBG("dyn5d ");
907 huft_free(td); 953 huft_free(td);
908 } 954 }
909 huft_free(tl); 955 huft_free(tl);
910 return i; /* incomplete code set */ 956 ret = i; /* incomplete code set */
957 goto out;
911#endif 958#endif
912 } 959 }
913 960
914DEBG("dyn6 "); 961DEBG("dyn6 ");
915 962
916 /* decompress until an end-of-block code */ 963 /* decompress until an end-of-block code */
917 if (inflate_codes(tl, td, bl, bd)) 964 if (inflate_codes(tl, td, bl, bd)) {
918 return 1; 965 ret = 1;
966 goto out;
967 }
919 968
920DEBG("dyn7 "); 969DEBG("dyn7 ");
921 970
@@ -924,10 +973,14 @@ DEBG("dyn7 ");
924 huft_free(td); 973 huft_free(td);
925 974
926 DEBG(">"); 975 DEBG(">");
927 return 0; 976 ret = 0;
928 977out:
929 underrun: 978 free(ll);
930 return 4; /* Input underrun */ 979 return ret;
980
981underrun:
982 ret = 4; /* Input underrun */
983 goto out;
931} 984}
932 985
933 986