/src/xz/src/liblzma/common/block_header_decoder.c

Source
// SPDX-License-Identifier: 0BSD

///////////////////////////////////////////////////////////////////////////////
//
/// \file       block_header_decoder.c
/// \brief      Decodes Block Header from .xz files
//
//  Author:     Lasse Collin
//
///////////////////////////////////////////////////////////////////////////////

#include "common.h"
#include "check.h"


extern LZMA_API(lzma_ret)
lzma_block_header_decode(lzma_block *block,
    const lzma_allocator *allocator, const uint8_t *in)
{
  // NOTE: We consider the header to be corrupt not only when the
  // CRC32 doesn't match, but also when variable-length integers
  // are invalid or over 63 bits, or if the header is too small
  // to contain the claimed information.

  // Catch unexpected NULL pointers.
  if (block == NULL || block->filters == NULL || in == NULL)
    return LZMA_PROG_ERROR;

  // Initialize the filter options array. This way the caller can
  // safely free() the options even if an error occurs in this function.
  for (size_t i = 0; i <= LZMA_FILTERS_MAX; ++i) {
    block->filters[i].id = LZMA_VLI_UNKNOWN;
    block->filters[i].options = NULL;
  }

  // Versions 0 and 1 are supported. If a newer version was specified,
  // we need to downgrade it.
  if (block->version > 1)
    block->version = 1;

  // This isn't a Block Header option, but since the decompressor will
  // read it if version >= 1, it's better to initialize it here than
  // to expect the caller to do it since in almost all cases this
  // should be false.
  block->ignore_check = false;

  // Validate Block Header Size and Check type. The caller must have
  // already set these, so it is a programming error if this test fails.
  if (lzma_block_header_size_decode(in[0]) != block->header_size
      || (unsigned int)(block->check) > LZMA_CHECK_ID_MAX)
    return LZMA_PROG_ERROR;

  // Exclude the CRC32 field.
  const size_t in_size = block->header_size - 4;

  // Verify CRC32
  if (lzma_crc32(in, in_size, 0) != read32le(in + in_size)) {
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
    return LZMA_DATA_ERROR;
#endif
  }

  // Check for unsupported flags.
  if (in[1] & 0x3C)
    return LZMA_OPTIONS_ERROR;

  // Start after the Block Header Size and Block Flags fields.
  size_t in_pos = 2;

  // Compressed Size
  if (in[1] & 0x40) {
    return_if_error(lzma_vli_decode(&block->compressed_size,
        NULL, in, &in_pos, in_size));

    // Validate Compressed Size. This checks that it isn't zero
    // and that the total size of the Block is a valid VLI.
    if (lzma_block_unpadded_size(block) == 0)
      return LZMA_DATA_ERROR;
  } else {
    block->compressed_size = LZMA_VLI_UNKNOWN;
  }

  // Uncompressed Size
  if (in[1] & 0x80)
    return_if_error(lzma_vli_decode(&block->uncompressed_size,
        NULL, in, &in_pos, in_size));
  else
    block->uncompressed_size = LZMA_VLI_UNKNOWN;

  // Filter Flags
  const size_t filter_count = (in[1] & 3U) + 1;
  for (size_t i = 0; i < filter_count; ++i) {
    const lzma_ret ret = lzma_filter_flags_decode(
        &block->filters[i], allocator,
        in, &in_pos, in_size);
    if (ret != LZMA_OK) {
      lzma_filters_free(block->filters, allocator);
      return ret;
    }
  }

  // Padding
  while (in_pos < in_size) {
    if (in[in_pos++] != 0x00) {
      lzma_filters_free(block->filters, allocator);

      // Possibly some new field present so use
      // LZMA_OPTIONS_ERROR instead of LZMA_DATA_ERROR.
      return LZMA_OPTIONS_ERROR;
    }
  }

  return LZMA_OK;
}

Line	Count	Source
1		// SPDX-License-Identifier: 0BSD
2
3		///////////////////////////////////////////////////////////////////////////////
4		//
5		/// \file block_header_decoder.c
6		/// \brief Decodes Block Header from .xz files
7		//
8		// Author: Lasse Collin
9		//
10		///////////////////////////////////////////////////////////////////////////////
11
12		#include "common.h"
13		#include "check.h"
14
15
16		extern LZMA_API(lzma_ret)
17		lzma_block_header_decode(lzma_block *block,
18		const lzma_allocator allocator, const uint8_t in)
19	3.84k	{
20		// NOTE: We consider the header to be corrupt not only when the
21		// CRC32 doesn't match, but also when variable-length integers
22		// are invalid or over 63 bits, or if the header is too small
23		// to contain the claimed information.
24
25		// Catch unexpected NULL pointers.
26	3.84k	if (block == NULL \|\| block->filters == NULL \|\| in == NULL)
27	0	return LZMA_PROG_ERROR;
28
29		// Initialize the filter options array. This way the caller can
30		// safely free() the options even if an error occurs in this function.
31	23.0k	for (size_t i = 0; i <= LZMA_FILTERS_MAX; ++i) {
32	19.2k	block->filters[i].id = LZMA_VLI_UNKNOWN;
33	19.2k	block->filters[i].options = NULL;
34	19.2k	}
35
36		// Versions 0 and 1 are supported. If a newer version was specified,
37		// we need to downgrade it.
38	3.84k	if (block->version > 1)
39	0	block->version = 1;
40
41		// This isn't a Block Header option, but since the decompressor will
42		// read it if version >= 1, it's better to initialize it here than
43		// to expect the caller to do it since in almost all cases this
44		// should be false.
45	3.84k	block->ignore_check = false;
46
47		// Validate Block Header Size and Check type. The caller must have
48		// already set these, so it is a programming error if this test fails.
49	3.84k	if (lzma_block_header_size_decode(in[0]) != block->header_size
50	3.84k	\|\| (unsigned int)(block->check) > LZMA_CHECK_ID_MAX)
51	0	return LZMA_PROG_ERROR;
52
53		// Exclude the CRC32 field.
54	3.84k	const size_t in_size = block->header_size - 4;
55
56		// Verify CRC32
57	3.84k	if (lzma_crc32(in, in_size, 0) != read32le(in + in_size)) {
58		#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
59		return LZMA_DATA_ERROR;
60		#endif
61	3.84k	}
62
63		// Check for unsupported flags.
64	3.84k	if (in[1] & 0x3C)
65	4	return LZMA_OPTIONS_ERROR;
66
67		// Start after the Block Header Size and Block Flags fields.
68	3.83k	size_t in_pos = 2;
69
70		// Compressed Size
71	3.83k	if (in[1] & 0x40) {
72	25	return_if_error(lzma_vli_decode(&block->compressed_size,
73	25	NULL, in, &in_pos, in_size));
74
75		// Validate Compressed Size. This checks that it isn't zero
76		// and that the total size of the Block is a valid VLI.
77	23	if (lzma_block_unpadded_size(block) == 0)
78	3	return LZMA_DATA_ERROR;
79	3.81k	} else {
80	3.81k	block->compressed_size = LZMA_VLI_UNKNOWN;
81	3.81k	}
82
83		// Uncompressed Size
84	3.83k	if (in[1] & 0x80)
85	18	return_if_error(lzma_vli_decode(&block->uncompressed_size,
86	3.83k	NULL, in, &in_pos, in_size));
87	3.81k	else
88	3.81k	block->uncompressed_size = LZMA_VLI_UNKNOWN;
89
90		// Filter Flags
91	3.82k	const size_t filter_count = (in[1] & 3U) + 1;
92	10.5k	for (size_t i = 0; i < filter_count; ++i) {
93	6.82k	const lzma_ret ret = lzma_filter_flags_decode(
94	6.82k	&block->filters[i], allocator,
95	6.82k	in, &in_pos, in_size);
96	6.82k	if (ret != LZMA_OK) {
97	129	lzma_filters_free(block->filters, allocator);
98	129	return ret;
99	129	}
100	6.82k	}
101
102		// Padding
103	216k	while (in_pos < in_size) {
104	212k	if (in[in_pos++] != 0x00) {
105	29	lzma_filters_free(block->filters, allocator);
106
107		// Possibly some new field present so use
108		// LZMA_OPTIONS_ERROR instead of LZMA_DATA_ERROR.
109	29	return LZMA_OPTIONS_ERROR;
110	29	}
111	212k	}
112
113	3.67k	return LZMA_OK;
114	3.70k	}

Coverage Report

Created: 2025-11-16 07:22