/src/CMake/Utilities/cmliblzma/liblzma/common/index_hash.c

Source
// SPDX-License-Identifier: 0BSD

///////////////////////////////////////////////////////////////////////////////
//
/// \file       index_hash.c
/// \brief      Validates Index by using a hash function
//
//  Author:     Lasse Collin
//
///////////////////////////////////////////////////////////////////////////////

#include "common.h"
#include "index.h"
#include "check.h"


typedef struct {
  /// Sum of the Block sizes (including Block Padding)
  lzma_vli blocks_size;

  /// Sum of the Uncompressed Size fields
  lzma_vli uncompressed_size;

  /// Number of Records
  lzma_vli count;

  /// Size of the List of Index Records as bytes
  lzma_vli index_list_size;

  /// Check calculated from Unpadded Sizes and Uncompressed Sizes.
  lzma_check_state check;

} lzma_index_hash_info;


struct lzma_index_hash_s {
  enum {
    SEQ_BLOCK,
    SEQ_COUNT,
    SEQ_UNPADDED,
    SEQ_UNCOMPRESSED,
    SEQ_PADDING_INIT,
    SEQ_PADDING,
    SEQ_CRC32,
  } sequence;

  /// Information collected while decoding the actual Blocks.
  lzma_index_hash_info blocks;

  /// Information collected from the Index field.
  lzma_index_hash_info records;

  /// Number of Records not fully decoded
  lzma_vli remaining;

  /// Unpadded Size currently being read from an Index Record.
  lzma_vli unpadded_size;

  /// Uncompressed Size currently being read from an Index Record.
  lzma_vli uncompressed_size;

  /// Position in variable-length integers when decoding them from
  /// the List of Records.
  size_t pos;

  /// CRC32 of the Index
  uint32_t crc32;
};


extern LZMA_API(lzma_index_hash *)
lzma_index_hash_init(lzma_index_hash *index_hash,
    const lzma_allocator *allocator)
{
  if (index_hash == NULL) {
    index_hash = lzma_alloc(sizeof(lzma_index_hash), allocator);
    if (index_hash == NULL)
      return NULL;
  }

  index_hash->sequence = SEQ_BLOCK;
  index_hash->blocks.blocks_size = 0;
  index_hash->blocks.uncompressed_size = 0;
  index_hash->blocks.count = 0;
  index_hash->blocks.index_list_size = 0;
  index_hash->records.blocks_size = 0;
  index_hash->records.uncompressed_size = 0;
  index_hash->records.count = 0;
  index_hash->records.index_list_size = 0;
  index_hash->unpadded_size = 0;
  index_hash->uncompressed_size = 0;
  index_hash->pos = 0;
  index_hash->crc32 = 0;

  // These cannot fail because LZMA_CHECK_BEST is known to be supported.
  (void)lzma_check_init(&index_hash->blocks.check, LZMA_CHECK_BEST);
  (void)lzma_check_init(&index_hash->records.check, LZMA_CHECK_BEST);

  return index_hash;
}


extern LZMA_API(void)
lzma_index_hash_end(lzma_index_hash *index_hash,
    const lzma_allocator *allocator)
{
  lzma_free(index_hash, allocator);
  return;
}


extern LZMA_API(lzma_vli)
lzma_index_hash_size(const lzma_index_hash *index_hash)
{
  // Get the size of the Index from ->blocks instead of ->records for
  // cases where application wants to know the Index Size before
  // decoding the Index.
  return index_size(index_hash->blocks.count,
      index_hash->blocks.index_list_size);
}


/// Updates the sizes and the hash without any validation.
static void
hash_append(lzma_index_hash_info *info, lzma_vli unpadded_size,
    lzma_vli uncompressed_size)
{
  info->blocks_size += vli_ceil4(unpadded_size);
  info->uncompressed_size += uncompressed_size;
  info->index_list_size += lzma_vli_size(unpadded_size)
      + lzma_vli_size(uncompressed_size);
  ++info->count;

  const lzma_vli sizes[2] = { unpadded_size, uncompressed_size };
  lzma_check_update(&info->check, LZMA_CHECK_BEST,
      (const uint8_t *)(sizes), sizeof(sizes));

  return;
}


extern LZMA_API(lzma_ret)
lzma_index_hash_append(lzma_index_hash *index_hash, lzma_vli unpadded_size,
    lzma_vli uncompressed_size)
{
  // Validate the arguments.
  if (index_hash == NULL || index_hash->sequence != SEQ_BLOCK
      || unpadded_size < UNPADDED_SIZE_MIN
      || unpadded_size > UNPADDED_SIZE_MAX
      || uncompressed_size > LZMA_VLI_MAX)
    return LZMA_PROG_ERROR;

  // Update the hash.
  hash_append(&index_hash->blocks, unpadded_size, uncompressed_size);

  // Validate the properties of *info are still in allowed limits.
  if (index_hash->blocks.blocks_size > LZMA_VLI_MAX
      || index_hash->blocks.uncompressed_size > LZMA_VLI_MAX
      || index_size(index_hash->blocks.count,
          index_hash->blocks.index_list_size)
        > LZMA_BACKWARD_SIZE_MAX
      || index_stream_size(index_hash->blocks.blocks_size,
          index_hash->blocks.count,
          index_hash->blocks.index_list_size)
        > LZMA_VLI_MAX)
    return LZMA_DATA_ERROR;

  return LZMA_OK;
}


extern LZMA_API(lzma_ret)
lzma_index_hash_decode(lzma_index_hash *index_hash, const uint8_t *in,
    size_t *in_pos, size_t in_size)
{
  // Catch zero input buffer here, because in contrast to Index encoder
  // and decoder functions, applications call this function directly
  // instead of via lzma_code(), which does the buffer checking.
  if (*in_pos >= in_size)
    return LZMA_BUF_ERROR;

  // NOTE: This function has many similarities to index_encode() and
  // index_decode() functions found from index_encoder.c and
  // index_decoder.c. See the comments especially in index_encoder.c.
  const size_t in_start = *in_pos;
  lzma_ret ret = LZMA_OK;

  while (*in_pos < in_size)
  switch (index_hash->sequence) {
  case SEQ_BLOCK:
    // Check the Index Indicator is present.
    if (in[(*in_pos)++] != INDEX_INDICATOR)
      return LZMA_DATA_ERROR;

    index_hash->sequence = SEQ_COUNT;
    break;

  case SEQ_COUNT: {
    ret = lzma_vli_decode(&index_hash->remaining,
        &index_hash->pos, in, in_pos, in_size);
    if (ret != LZMA_STREAM_END)
      goto out;

    // The count must match the count of the Blocks decoded.
    if (index_hash->remaining != index_hash->blocks.count)
      return LZMA_DATA_ERROR;

    ret = LZMA_OK;
    index_hash->pos = 0;

    // Handle the special case when there are no Blocks.
    index_hash->sequence = index_hash->remaining == 0
        ? SEQ_PADDING_INIT : SEQ_UNPADDED;
    break;
  }

  case SEQ_UNPADDED:
  case SEQ_UNCOMPRESSED: {
    lzma_vli *size = index_hash->sequence == SEQ_UNPADDED
        ? &index_hash->unpadded_size
        : &index_hash->uncompressed_size;

    ret = lzma_vli_decode(size, &index_hash->pos,
        in, in_pos, in_size);
    if (ret != LZMA_STREAM_END)
      goto out;

    ret = LZMA_OK;
    index_hash->pos = 0;

    if (index_hash->sequence == SEQ_UNPADDED) {
      if (index_hash->unpadded_size < UNPADDED_SIZE_MIN
          || index_hash->unpadded_size
            > UNPADDED_SIZE_MAX)
        return LZMA_DATA_ERROR;

      index_hash->sequence = SEQ_UNCOMPRESSED;
    } else {
      // Update the hash.
      hash_append(&index_hash->records,
          index_hash->unpadded_size,
          index_hash->uncompressed_size);

      // Verify that we don't go over the known sizes. Note
      // that this validation is simpler than the one used
      // in lzma_index_hash_append(), because here we know
      // that values in index_hash->blocks are already
      // validated and we are fine as long as we don't
      // exceed them in index_hash->records.
      if (index_hash->blocks.blocks_size
          < index_hash->records.blocks_size
          || index_hash->blocks.uncompressed_size
          < index_hash->records.uncompressed_size
          || index_hash->blocks.index_list_size
          < index_hash->records.index_list_size)
        return LZMA_DATA_ERROR;

      // Check if this was the last Record.
      index_hash->sequence = --index_hash->remaining == 0
          ? SEQ_PADDING_INIT : SEQ_UNPADDED;
    }

    break;
  }

  case SEQ_PADDING_INIT:
    index_hash->pos = (LZMA_VLI_C(4) - index_size_unpadded(
        index_hash->records.count,
        index_hash->records.index_list_size)) & 3;
    index_hash->sequence = SEQ_PADDING;

  // Fall through

  case SEQ_PADDING:
    if (index_hash->pos > 0) {
      --index_hash->pos;
      if (in[(*in_pos)++] != 0x00)
        return LZMA_DATA_ERROR;

      break;
    }

    // Compare the sizes.
    if (index_hash->blocks.blocks_size
        != index_hash->records.blocks_size
        || index_hash->blocks.uncompressed_size
        != index_hash->records.uncompressed_size
        || index_hash->blocks.index_list_size
        != index_hash->records.index_list_size)
      return LZMA_DATA_ERROR;

    // Finish the hashes and compare them.
    lzma_check_finish(&index_hash->blocks.check, LZMA_CHECK_BEST);
    lzma_check_finish(&index_hash->records.check, LZMA_CHECK_BEST);
    if (memcmp(index_hash->blocks.check.buffer.u8,
        index_hash->records.check.buffer.u8,
        lzma_check_size(LZMA_CHECK_BEST)) != 0)
      return LZMA_DATA_ERROR;

    // Finish the CRC32 calculation.
    index_hash->crc32 = lzma_crc32(in + in_start,
        *in_pos - in_start, index_hash->crc32);

    index_hash->sequence = SEQ_CRC32;

  // Fall through

  case SEQ_CRC32:
    do {
      if (*in_pos == in_size)
        return LZMA_OK;

      if (((index_hash->crc32 >> (index_hash->pos * 8))
          & 0xFF) != in[(*in_pos)++]) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
        return LZMA_DATA_ERROR;
#endif
      }

    } while (++index_hash->pos < 4);

    return LZMA_STREAM_END;

  default:
    assert(0);
    return LZMA_PROG_ERROR;
  }

out:
  // Update the CRC32.
  //
  // Avoid null pointer + 0 (undefined behavior) in "in + in_start".
  // In such a case we had no input and thus in_used == 0.
  {
    const size_t in_used = *in_pos - in_start;
    if (in_used > 0)
      index_hash->crc32 = lzma_crc32(in + in_start,
          in_used, index_hash->crc32);
  }

  return ret;
}

Coverage Report

Created: 2026-02-09 06:05

Line	Count	Source
1		// SPDX-License-Identifier: 0BSD
2
3		///////////////////////////////////////////////////////////////////////////////
4		//
5		/// \file index_hash.c
6		/// \brief Validates Index by using a hash function
7		//
8		// Author: Lasse Collin
9		//
10		///////////////////////////////////////////////////////////////////////////////
11
12		#include "common.h"
13		#include "index.h"
14		#include "check.h"
15
16
17		typedef struct {
18		/// Sum of the Block sizes (including Block Padding)
19		lzma_vli blocks_size;
20
21		/// Sum of the Uncompressed Size fields
22		lzma_vli uncompressed_size;
23
24		/// Number of Records
25		lzma_vli count;
26
27		/// Size of the List of Index Records as bytes
28		lzma_vli index_list_size;
29
30		/// Check calculated from Unpadded Sizes and Uncompressed Sizes.
31		lzma_check_state check;
32
33		} lzma_index_hash_info;
34
35
36		struct lzma_index_hash_s {
37		enum {
38		SEQ_BLOCK,
39		SEQ_COUNT,
40		SEQ_UNPADDED,
41		SEQ_UNCOMPRESSED,
42		SEQ_PADDING_INIT,
43		SEQ_PADDING,
44		SEQ_CRC32,
45		} sequence;
46
47		/// Information collected while decoding the actual Blocks.
48		lzma_index_hash_info blocks;
49
50		/// Information collected from the Index field.
51		lzma_index_hash_info records;
52
53		/// Number of Records not fully decoded
54		lzma_vli remaining;
55
56		/// Unpadded Size currently being read from an Index Record.
57		lzma_vli unpadded_size;
58
59		/// Uncompressed Size currently being read from an Index Record.
60		lzma_vli uncompressed_size;
61
62		/// Position in variable-length integers when decoding them from
63		/// the List of Records.
64		size_t pos;
65
66		/// CRC32 of the Index
67		uint32_t crc32;
68		};
69
70
71		extern LZMA_API(lzma_index_hash *)
72		lzma_index_hash_init(lzma_index_hash *index_hash,
73		const lzma_allocator *allocator)
74	738	{
75	738	if (index_hash == NULL) {
76	738	index_hash = lzma_alloc(sizeof(lzma_index_hash), allocator);
77	738	if (index_hash == NULL)
78	0	return NULL;
79	738	}
80
81	738	index_hash->sequence = SEQ_BLOCK;
82	738	index_hash->blocks.blocks_size = 0;
83	738	index_hash->blocks.uncompressed_size = 0;
84	738	index_hash->blocks.count = 0;
85	738	index_hash->blocks.index_list_size = 0;
86	738	index_hash->records.blocks_size = 0;
87	738	index_hash->records.uncompressed_size = 0;
88	738	index_hash->records.count = 0;
89	738	index_hash->records.index_list_size = 0;
90	738	index_hash->unpadded_size = 0;
91	738	index_hash->uncompressed_size = 0;
92	738	index_hash->pos = 0;
93	738	index_hash->crc32 = 0;
94
95		// These cannot fail because LZMA_CHECK_BEST is known to be supported.
96	738	(void)lzma_check_init(&index_hash->blocks.check, LZMA_CHECK_BEST);
97	738	(void)lzma_check_init(&index_hash->records.check, LZMA_CHECK_BEST);
98
99	738	return index_hash;
100	738	}
101
102
103		extern LZMA_API(void)
104		lzma_index_hash_end(lzma_index_hash *index_hash,
105		const lzma_allocator *allocator)
106	738	{
107	738	lzma_free(index_hash, allocator);
108	738	return;
109	738	}
110
111
112		extern LZMA_API(lzma_vli)
113		lzma_index_hash_size(const lzma_index_hash *index_hash)
114	0	{
115		// Get the size of the Index from ->blocks instead of ->records for
116		// cases where application wants to know the Index Size before
117		// decoding the Index.
118	0	return index_size(index_hash->blocks.count,
119	0	index_hash->blocks.index_list_size);
120	0	}
121
122
123		/// Updates the sizes and the hash without any validation.
124		static void
125		hash_append(lzma_index_hash_info *info, lzma_vli unpadded_size,
126		lzma_vli uncompressed_size)
127	54	{
128	54	info->blocks_size += vli_ceil4(unpadded_size);
129	54	info->uncompressed_size += uncompressed_size;
130	54	info->index_list_size += lzma_vli_size(unpadded_size)
131	54	+ lzma_vli_size(uncompressed_size);
132	54	++info->count;
133
134	54	const lzma_vli sizes[2] = { unpadded_size, uncompressed_size };
135	54	lzma_check_update(&info->check, LZMA_CHECK_BEST,
136	54	(const uint8_t *)(sizes), sizeof(sizes));
137
138	54	return;
139	54	}
140
141
142		extern LZMA_API(lzma_ret)
143		lzma_index_hash_append(lzma_index_hash *index_hash, lzma_vli unpadded_size,
144		lzma_vli uncompressed_size)
145	40	{
146		// Validate the arguments.
147	40	if (index_hash == NULL \|\| index_hash->sequence != SEQ_BLOCK
148	40	\|\| unpadded_size < UNPADDED_SIZE_MIN
149	40	\|\| unpadded_size > UNPADDED_SIZE_MAX
150	40	\|\| uncompressed_size > LZMA_VLI_MAX)
151	0	return LZMA_PROG_ERROR;
152
153		// Update the hash.
154	40	hash_append(&index_hash->blocks, unpadded_size, uncompressed_size);
155
156		// Validate the properties of *info are still in allowed limits.
157	40	if (index_hash->blocks.blocks_size > LZMA_VLI_MAX
158	40	\|\| index_hash->blocks.uncompressed_size > LZMA_VLI_MAX
159	40	\|\| index_size(index_hash->blocks.count,
160	40	index_hash->blocks.index_list_size)
161	40	> LZMA_BACKWARD_SIZE_MAX
162	40	\|\| index_stream_size(index_hash->blocks.blocks_size,
163	40	index_hash->blocks.count,
164	40	index_hash->blocks.index_list_size)
165	40	> LZMA_VLI_MAX)
166	0	return LZMA_DATA_ERROR;
167
168	40	return LZMA_OK;
169	40	}
170
171
172		extern LZMA_API(lzma_ret)
173		lzma_index_hash_decode(lzma_index_hash index_hash, const uint8_t in,
174		size_t *in_pos, size_t in_size)
175	156	{
176		// Catch zero input buffer here, because in contrast to Index encoder
177		// and decoder functions, applications call this function directly
178		// instead of via lzma_code(), which does the buffer checking.
179	156	if (*in_pos >= in_size)
180	0	return LZMA_BUF_ERROR;
181
182		// NOTE: This function has many similarities to index_encode() and
183		// index_decode() functions found from index_encoder.c and
184		// index_decoder.c. See the comments especially in index_encoder.c.
185	156	const size_t in_start = *in_pos;
186	156	lzma_ret ret = LZMA_OK;
187
188	494	while (*in_pos < in_size)
189	486	switch (index_hash->sequence) {
190	156	case SEQ_BLOCK:
191		// Check the Index Indicator is present.
192	156	if (in[(*in_pos)++] != INDEX_INDICATOR)
193	0	return LZMA_DATA_ERROR;
194
195	156	index_hash->sequence = SEQ_COUNT;
196	156	break;
197
198	154	case SEQ_COUNT: {
199	154	ret = lzma_vli_decode(&index_hash->remaining,
200	154	&index_hash->pos, in, in_pos, in_size);
201	154	if (ret != LZMA_STREAM_END)
202	14	goto out;
203
204		// The count must match the count of the Blocks decoded.
205	140	if (index_hash->remaining != index_hash->blocks.count)
206	70	return LZMA_DATA_ERROR;
207
208	70	ret = LZMA_OK;
209	70	index_hash->pos = 0;
210
211		// Handle the special case when there are no Blocks.
212	70	index_hash->sequence = index_hash->remaining == 0
213	70	? SEQ_PADDING_INIT : SEQ_UNPADDED;
214	70	break;
215	140	}
216
217	18	case SEQ_UNPADDED:
218	32	case SEQ_UNCOMPRESSED: {
219	32	lzma_vli *size = index_hash->sequence == SEQ_UNPADDED
220	32	? &index_hash->unpadded_size
221	32	: &index_hash->uncompressed_size;
222
223	32	ret = lzma_vli_decode(size, &index_hash->pos,
224	32	in, in_pos, in_size);
225	32	if (ret != LZMA_STREAM_END)
226	2	goto out;
227
228	30	ret = LZMA_OK;
229	30	index_hash->pos = 0;
230
231	30	if (index_hash->sequence == SEQ_UNPADDED) {
232	16	if (index_hash->unpadded_size < UNPADDED_SIZE_MIN
233	14	\|\| index_hash->unpadded_size
234	14	> UNPADDED_SIZE_MAX)
235	2	return LZMA_DATA_ERROR;
236
237	14	index_hash->sequence = SEQ_UNCOMPRESSED;
238	14	} else {
239		// Update the hash.
240	14	hash_append(&index_hash->records,
241	14	index_hash->unpadded_size,
242	14	index_hash->uncompressed_size);
243
244		// Verify that we don't go over the known sizes. Note
245		// that this validation is simpler than the one used
246		// in lzma_index_hash_append(), because here we know
247		// that values in index_hash->blocks are already
248		// validated and we are fine as long as we don't
249		// exceed them in index_hash->records.
250	14	if (index_hash->blocks.blocks_size
251	14	< index_hash->records.blocks_size
252	6	\|\| index_hash->blocks.uncompressed_size
253	6	< index_hash->records.uncompressed_size
254	4	\|\| index_hash->blocks.index_list_size
255	4	< index_hash->records.index_list_size)
256	10	return LZMA_DATA_ERROR;
257
258		// Check if this was the last Record.
259	4	index_hash->sequence = --index_hash->remaining == 0
260	4	? SEQ_PADDING_INIT : SEQ_UNPADDED;
261	4	}
262
263	18	break;
264	30	}
265
266	54	case SEQ_PADDING_INIT:
267	54	index_hash->pos = (LZMA_VLI_C(4) - index_size_unpadded(
268	54	index_hash->records.count,
269	54	index_hash->records.index_list_size)) & 3;
270	54	index_hash->sequence = SEQ_PADDING;
271
272		// Fall through
273
274	144	case SEQ_PADDING:
275	144	if (index_hash->pos > 0) {
276	96	--index_hash->pos;
277	96	if (in[(*in_pos)++] != 0x00)
278	2	return LZMA_DATA_ERROR;
279
280	94	break;
281	96	}
282
283		// Compare the sizes.
284	48	if (index_hash->blocks.blocks_size
285	48	!= index_hash->records.blocks_size
286	46	\|\| index_hash->blocks.uncompressed_size
287	46	!= index_hash->records.uncompressed_size
288	46	\|\| index_hash->blocks.index_list_size
289	46	!= index_hash->records.index_list_size)
290	2	return LZMA_DATA_ERROR;
291
292		// Finish the hashes and compare them.
293	46	lzma_check_finish(&index_hash->blocks.check, LZMA_CHECK_BEST);
294	46	lzma_check_finish(&index_hash->records.check, LZMA_CHECK_BEST);
295	46	if (memcmp(index_hash->blocks.check.buffer.u8,
296	46	index_hash->records.check.buffer.u8,
297	46	lzma_check_size(LZMA_CHECK_BEST)) != 0)
298	2	return LZMA_DATA_ERROR;
299
300		// Finish the CRC32 calculation.
301	44	index_hash->crc32 = lzma_crc32(in + in_start,
302	44	*in_pos - in_start, index_hash->crc32);
303
304	44	index_hash->sequence = SEQ_CRC32;
305
306		// Fall through
307
308	44	case SEQ_CRC32:
309	170	do {
310	170	if (*in_pos == in_size)
311	4	return LZMA_OK;
312
313	166	if (((index_hash->crc32 >> (index_hash->pos * 8))
314	166	& 0xFF) != in[(*in_pos)++]) {
315		#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
316		return LZMA_DATA_ERROR;
317		#endif
318	166	}
319
320	166	} while (++index_hash->pos < 4);
321
322	40	return LZMA_STREAM_END;
323
324	0	default:
325	0	assert(0);
326	0	return LZMA_PROG_ERROR;
327	486	}
328
329	24	out:
330		// Update the CRC32.
331		//
332		// Avoid null pointer + 0 (undefined behavior) in "in + in_start".
333		// In such a case we had no input and thus in_used == 0.
334	24	{
335	24	const size_t in_used = *in_pos - in_start;
336	24	if (in_used > 0)
337	24	index_hash->crc32 = lzma_crc32(in + in_start,
338	24	in_used, index_hash->crc32);
339	24	}
340
341	24	return ret;
342	156	}