/src/xz/src/liblzma/common/vli_decoder.c
Line | Count | Source (jump to first uncovered line) |
1 | | /////////////////////////////////////////////////////////////////////////////// |
2 | | // |
3 | | /// \file vli_decoder.c |
4 | | /// \brief Decodes variable-length integers |
5 | | // |
6 | | // Author: Lasse Collin |
7 | | // |
8 | | // This file has been put into the public domain. |
9 | | // You can do whatever you want with this file. |
10 | | // |
11 | | /////////////////////////////////////////////////////////////////////////////// |
12 | | |
13 | | #include "common.h" |
14 | | |
15 | | |
16 | | extern LZMA_API(lzma_ret) |
17 | | lzma_vli_decode(lzma_vli *restrict vli, size_t *vli_pos, |
18 | | const uint8_t *restrict in, size_t *restrict in_pos, |
19 | | size_t in_size) |
20 | 1.19M | { |
21 | | // If we haven't been given vli_pos, work in single-call mode. |
22 | 1.19M | size_t vli_pos_internal = 0; |
23 | 1.19M | if (vli_pos == NULL) { |
24 | 1.14M | vli_pos = &vli_pos_internal; |
25 | 1.14M | *vli = 0; |
26 | | |
27 | | // If there's no input, use LZMA_DATA_ERROR. This way it is |
28 | | // easy to decode VLIs from buffers that have known size, |
29 | | // and get the correct error code in case the buffer is |
30 | | // too short. |
31 | 1.14M | if (*in_pos >= in_size) |
32 | 191 | return LZMA_DATA_ERROR; |
33 | | |
34 | 1.14M | } else { |
35 | | // Initialize *vli when starting to decode a new integer. |
36 | 51.9k | if (*vli_pos == 0) |
37 | 51.9k | *vli = 0; |
38 | | |
39 | | // Validate the arguments. |
40 | 51.9k | if (*vli_pos >= LZMA_VLI_BYTES_MAX |
41 | 51.9k | || (*vli >> (*vli_pos * 7)) != 0) |
42 | 51.9k | return LZMA_PROG_ERROR;; |
43 | | |
44 | 51.9k | if (*in_pos >= in_size) |
45 | 0 | return LZMA_BUF_ERROR; |
46 | 51.9k | } |
47 | | |
48 | 1.20M | do { |
49 | | // Read the next byte. Use a temporary variable so that we |
50 | | // can update *in_pos immediately. |
51 | 1.20M | const uint8_t byte = in[*in_pos]; |
52 | 1.20M | ++*in_pos; |
53 | | |
54 | | // Add the newly read byte to *vli. |
55 | 1.20M | *vli += (lzma_vli)(byte & 0x7F) << (*vli_pos * 7); |
56 | 1.20M | ++*vli_pos; |
57 | | |
58 | | // Check if this is the last byte of a multibyte integer. |
59 | 1.20M | if ((byte & 0x80) == 0) { |
60 | | // We don't allow using variable-length integers as |
61 | | // padding i.e. the encoding must use the most the |
62 | | // compact form. |
63 | 1.19M | if (byte == 0x00 && *vli_pos > 1) |
64 | 12 | return LZMA_DATA_ERROR; |
65 | | |
66 | 1.19M | return vli_pos == &vli_pos_internal |
67 | 1.19M | ? LZMA_OK : LZMA_STREAM_END; |
68 | 1.19M | } |
69 | | |
70 | | // There is at least one more byte coming. If we have already |
71 | | // read maximum number of bytes, the integer is considered |
72 | | // corrupt. |
73 | | // |
74 | | // If we need bigger integers in future, old versions liblzma |
75 | | // will confusingly indicate the file being corrupt instead of |
76 | | // unsupported. I suppose it's still better this way, because |
77 | | // in the foreseeable future (writing this in 2008) the only |
78 | | // reason why files would appear having over 63-bit integers |
79 | | // is that the files are simply corrupt. |
80 | 6.51k | if (*vli_pos == LZMA_VLI_BYTES_MAX) |
81 | 8 | return LZMA_DATA_ERROR; |
82 | | |
83 | 6.51k | } while (*in_pos < in_size); |
84 | | |
85 | 97 | return vli_pos == &vli_pos_internal ? LZMA_DATA_ERROR : LZMA_OK; |
86 | 1.19M | } |