/src/ffmpeg/libavutil/lzo.c

Source
/*
 * LZO 1x decompression
 * Copyright (c) 2006 Reimar Doeffinger
 *
 * This file is part of FFmpeg.
 *
 * FFmpeg is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * FFmpeg is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with FFmpeg; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 */

#include <limits.h>
#include <stdint.h>
#include <string.h>

#include "avassert.h"
#include "intreadwrite.h"
#include "lzo.h"
#include "macros.h"
#include "mem.h"

/// Define if we may write up to 12 bytes beyond the output buffer.
#define OUTBUF_PADDED 1
/// Define if we may read up to 8 bytes beyond the input buffer.
#define INBUF_PADDED 1

typedef struct LZOContext {
    const uint8_t *in, *in_end;
    uint8_t *out_start, *out, *out_end;
    int error;
} LZOContext;

/**
 * @brief Reads one byte from the input buffer, avoiding an overrun.
 * @return byte read
 */
static inline int get_byte(LZOContext *c)
{
    if (c->in < c->in_end)
        return *c->in++;
    c->error |= AV_LZO_INPUT_DEPLETED;
    return 1;
}

#ifdef INBUF_PADDED
#define GETB(c) (*(c).in++)
#else
#define GETB(c) get_byte(&(c))
#endif

/**
 * @brief Decodes a length value in the coding used by lzo.
 * @param x previous byte value
 * @param mask bits used from x
 * @return decoded length value
 */
static inline int get_len(LZOContext *c, int x, int mask)
{
    int cnt = x & mask;
    if (!cnt) {
        while (!(x = get_byte(c))) {
            if (cnt >= INT_MAX - 1000) {
                c->error |= AV_LZO_ERROR;
                break;
            }
            cnt += 255;
        }
        cnt += mask + x;
    }
    return cnt;
}

/**
 * @brief Copies bytes from input to output buffer with checking.
 * @param cnt number of bytes to copy, must be >= 0
 */
static inline void copy(LZOContext *c, int cnt)
{
    register const uint8_t *src = c->in;
    register uint8_t *dst       = c->out;
    av_assert0(cnt >= 0);
    if (cnt > c->in_end - src) {
        cnt       = FFMAX(c->in_end - src, 0);
        c->error |= AV_LZO_INPUT_DEPLETED;
    }
    if (cnt > c->out_end - dst) {
        cnt       = FFMAX(c->out_end - dst, 0);
        c->error |= AV_LZO_OUTPUT_FULL;
    }
#if defined(INBUF_PADDED) && defined(OUTBUF_PADDED)
    AV_COPY32U(dst, src);
    src += 4;
    dst += 4;
    cnt -= 4;
    if (cnt > 0)
#endif
    memcpy(dst, src, cnt);
    c->in  = src + cnt;
    c->out = dst + cnt;
}

/**
 * @brief Copies previously decoded bytes to current position.
 * @param back how many bytes back we start, must be > 0
 * @param cnt number of bytes to copy, must be > 0
 *
 * cnt > back is valid, this will copy the bytes we just copied,
 * thus creating a repeating pattern with a period length of back.
 */
static inline void copy_backptr(LZOContext *c, int back, int cnt)
{
    register uint8_t *dst       = c->out;
    av_assert0(cnt > 0);
    if (dst - c->out_start < back) {
        c->error |= AV_LZO_INVALID_BACKPTR;
        return;
    }
    if (cnt > c->out_end - dst) {
        cnt       = FFMAX(c->out_end - dst, 0);
        c->error |= AV_LZO_OUTPUT_FULL;
    }
    av_memcpy_backptr(dst, back, cnt);
    c->out = dst + cnt;
}

int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen)
{
    int state = 0;
    int x;
    LZOContext c;
    if (*outlen <= 0 || *inlen <= 0) {
        int res = 0;
        if (*outlen <= 0)
            res |= AV_LZO_OUTPUT_FULL;
        if (*inlen <= 0)
            res |= AV_LZO_INPUT_DEPLETED;
        return res;
    }
    c.in      = in;
    c.in_end  = (const uint8_t *)in + *inlen;
    c.out     = c.out_start = out;
    c.out_end = (uint8_t *)out + *outlen;
    c.error   = 0;
    x         = GETB(c);
    if (x > 17) {
        copy(&c, x - 17);
        x = GETB(c);
        if (x < 16)
            c.error |= AV_LZO_ERROR;
    }
    if (c.in > c.in_end)
        c.error |= AV_LZO_INPUT_DEPLETED;
    while (!c.error) {
        int cnt, back;
        if (x > 15) {
            if (x > 63) {
                cnt  = (x >> 5) - 1;
                back = (GETB(c) << 3) + ((x >> 2) & 7) + 1;
            } else if (x > 31) {
                cnt  = get_len(&c, x, 31);
                x    = GETB(c);
                back = (GETB(c) << 6) + (x >> 2) + 1;
            } else {
                cnt   = get_len(&c, x, 7);
                back  = (1 << 14) + ((x & 8) << 11);
                x     = GETB(c);
                back += (GETB(c) << 6) + (x >> 2);
                if (back == (1 << 14)) {
                    if (cnt != 1)
                        c.error |= AV_LZO_ERROR;
                    break;
                }
            }
        } else if (!state) {
            cnt = get_len(&c, x, 15);
            copy(&c, cnt + 3);
            x = GETB(c);
            if (x > 15)
                continue;
            cnt  = 1;
            back = (1 << 11) + (GETB(c) << 2) + (x >> 2) + 1;
        } else {
            cnt  = 0;
            back = (GETB(c) << 2) + (x >> 2) + 1;
        }
        copy_backptr(&c, back, cnt + 2);
        state =
        cnt   = x & 3;
        copy(&c, cnt);
        x = GETB(c);
    }
    *inlen = c.in_end - c.in;
    if (c.in > c.in_end)
        *inlen = 0;
    *outlen = c.out_end - c.out;
    return c.error;
}

Coverage Report

Created: 2026-05-16 07:49

Line	Count	Source
1		/*
2		* LZO 1x decompression
3		* Copyright (c) 2006 Reimar Doeffinger
4		*
5		* This file is part of FFmpeg.
6		*
7		* FFmpeg is free software; you can redistribute it and/or
8		* modify it under the terms of the GNU Lesser General Public
9		* License as published by the Free Software Foundation; either
10		* version 2.1 of the License, or (at your option) any later version.
11		*
12		* FFmpeg is distributed in the hope that it will be useful,
13		* but WITHOUT ANY WARRANTY; without even the implied warranty of
14		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15		* Lesser General Public License for more details.
16		*
17		* You should have received a copy of the GNU Lesser General Public
18		* License along with FFmpeg; if not, write to the Free Software
19		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20		*/
21
22		#include <limits.h>
23		#include <stdint.h>
24		#include <string.h>
25
26		#include "avassert.h"
27		#include "intreadwrite.h"
28		#include "lzo.h"
29		#include "macros.h"
30		#include "mem.h"
31
32		/// Define if we may write up to 12 bytes beyond the output buffer.
33		#define OUTBUF_PADDED 1
34		/// Define if we may read up to 8 bytes beyond the input buffer.
35		#define INBUF_PADDED 1
36
37		typedef struct LZOContext {
38		const uint8_t in, in_end;
39		uint8_t out_start, out, *out_end;
40		int error;
41		} LZOContext;
42
43		/**
44		* @brief Reads one byte from the input buffer, avoiding an overrun.
45		* @return byte read
46		*/
47		static inline int get_byte(LZOContext *c)
48	7.84M	{
49	7.84M	if (c->in < c->in_end)
50	7.83M	return *c->in++;
51	4.28k	c->error \|= AV_LZO_INPUT_DEPLETED;
52	4.28k	return 1;
53	7.84M	}
54
55		#ifdef INBUF_PADDED
56	3.16M	#define GETB(c) (*(c).in++)
57		#else
58		#define GETB(c) get_byte(&(c))
59		#endif
60
61		/**
62		* @brief Decodes a length value in the coding used by lzo.
63		* @param x previous byte value
64		* @param mask bits used from x
65		* @return decoded length value
66		*/
67		static inline int get_len(LZOContext *c, int x, int mask)
68	545k	{
69	545k	int cnt = x & mask;
70	545k	if (!cnt) {
71	7.84M	while (!(x = get_byte(c))) {
72	7.72M	if (cnt >= INT_MAX - 1000) {
73	0	c->error \|= AV_LZO_ERROR;
74	0	break;
75	0	}
76	7.72M	cnt += 255;
77	7.72M	}
78	121k	cnt += mask + x;
79	121k	}
80	545k	return cnt;
81	545k	}
82
83		/**
84		* @brief Copies bytes from input to output buffer with checking.
85		* @param cnt number of bytes to copy, must be >= 0
86		*/
87		static inline void copy(LZOContext *c, int cnt)
88	1.28M	{
89	1.28M	register const uint8_t *src = c->in;
90	1.28M	register uint8_t *dst = c->out;
91	1.28M	av_assert0(cnt >= 0);
92	1.28M	if (cnt > c->in_end - src) {
93	30.4k	cnt = FFMAX(c->in_end - src, 0);
94	30.4k	c->error \|= AV_LZO_INPUT_DEPLETED;
95	30.4k	}
96	1.28M	if (cnt > c->out_end - dst) {
97	11.3k	cnt = FFMAX(c->out_end - dst, 0);
98	11.3k	c->error \|= AV_LZO_OUTPUT_FULL;
99	11.3k	}
100	1.28M	#if defined(INBUF_PADDED) && defined(OUTBUF_PADDED)
101	1.28M	AV_COPY32U(dst, src);
102	1.28M	src += 4;
103	1.28M	dst += 4;
104	1.28M	cnt -= 4;
105	1.28M	if (cnt > 0)
106	88.8k	#endif
107	88.8k	memcpy(dst, src, cnt);
108	1.28M	c->in = src + cnt;
109	1.28M	c->out = dst + cnt;
110	1.28M	}
111
112		/**
113		* @brief Copies previously decoded bytes to current position.
114		* @param back how many bytes back we start, must be > 0
115		* @param cnt number of bytes to copy, must be > 0
116		*
117		* cnt > back is valid, this will copy the bytes we just copied,
118		* thus creating a repeating pattern with a period length of back.
119		*/
120		static inline void copy_backptr(LZOContext *c, int back, int cnt)
121	1.14M	{
122	1.14M	register uint8_t *dst = c->out;
123	1.14M	av_assert0(cnt > 0);
124	1.14M	if (dst - c->out_start < back) {
125	17.0k	c->error \|= AV_LZO_INVALID_BACKPTR;
126	17.0k	return;
127	17.0k	}
128	1.13M	if (cnt > c->out_end - dst) {
129	17.0k	cnt = FFMAX(c->out_end - dst, 0);
130	17.0k	c->error \|= AV_LZO_OUTPUT_FULL;
131	17.0k	}
132	1.13M	av_memcpy_backptr(dst, back, cnt);
133	1.13M	c->out = dst + cnt;
134	1.13M	}
135
136		int av_lzo1x_decode(void out, int outlen, const void in, int inlen)
137	174k	{
138	174k	int state = 0;
139	174k	int x;
140	174k	LZOContext c;
141	174k	if (outlen <= 0 \|\| inlen <= 0) {
142	3.30k	int res = 0;
143	3.30k	if (*outlen <= 0)
144	1.53k	res \|= AV_LZO_OUTPUT_FULL;
145	3.30k	if (*inlen <= 0)
146	2.91k	res \|= AV_LZO_INPUT_DEPLETED;
147	3.30k	return res;
148	3.30k	}
149	171k	c.in = in;
150	171k	c.in_end = (const uint8_t )in + inlen;
151	171k	c.out = c.out_start = out;
152	171k	c.out_end = (uint8_t )out + outlen;
153	171k	c.error = 0;
154	171k	x = GETB(c);
155	171k	if (x > 17) {
156	24.7k	copy(&c, x - 17);
157	24.7k	x = GETB(c);
158	24.7k	if (x < 16)
159	6.84k	c.error \|= AV_LZO_ERROR;
160	24.7k	}
161	171k	if (c.in > c.in_end)
162	8.14k	c.error \|= AV_LZO_INPUT_DEPLETED;
163	1.38M	while (!c.error) {
164	1.33M	int cnt, back;
165	1.33M	if (x > 15) {
166	1.14M	if (x > 63) {
167	705k	cnt = (x >> 5) - 1;
168	705k	back = (GETB(c) << 3) + ((x >> 2) & 7) + 1;
169	705k	} else if (x > 31) {
170	281k	cnt = get_len(&c, x, 31);
171	281k	x = GETB(c);
172	281k	back = (GETB(c) << 6) + (x >> 2) + 1;
173	281k	} else {
174	154k	cnt = get_len(&c, x, 7);
175	154k	back = (1 << 14) + ((x & 8) << 11);
176	154k	x = GETB(c);
177	154k	back += (GETB(c) << 6) + (x >> 2);
178	154k	if (back == (1 << 14)) {
179	121k	if (cnt != 1)
180	1.24k	c.error \|= AV_LZO_ERROR;
181	121k	break;
182	121k	}
183	154k	}
184	1.14M	} else if (!state) {
185	109k	cnt = get_len(&c, x, 15);
186	109k	copy(&c, cnt + 3);
187	109k	x = GETB(c);
188	109k	if (x > 15)
189	65.2k	continue;
190	44.2k	cnt = 1;
191	44.2k	back = (1 << 11) + (GETB(c) << 2) + (x >> 2) + 1;
192	84.6k	} else {
193	84.6k	cnt = 0;
194	84.6k	back = (GETB(c) << 2) + (x >> 2) + 1;
195	84.6k	}
196	1.14M	copy_backptr(&c, back, cnt + 2);
197	1.14M	state =
198	1.14M	cnt = x & 3;
199	1.14M	copy(&c, cnt);
200	1.14M	x = GETB(c);
201	1.14M	}
202	171k	*inlen = c.in_end - c.in;
203	171k	if (c.in > c.in_end)
204	93.0k	*inlen = 0;
205	171k	*outlen = c.out_end - c.out;
206	171k	return c.error;
207	174k	}