aboutsummaryrefslogtreecommitdiff
path: root/src/liblzma/common/vli_decoder.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/liblzma/common/vli_decoder.c')
-rw-r--r--src/liblzma/common/vli_decoder.c68
1 files changed, 38 insertions, 30 deletions
diff --git a/src/liblzma/common/vli_decoder.c b/src/liblzma/common/vli_decoder.c
index 2b89c1a7..faff6ccb 100644
--- a/src/liblzma/common/vli_decoder.c
+++ b/src/liblzma/common/vli_decoder.c
@@ -3,7 +3,7 @@
/// \file vli_decoder.c
/// \brief Decodes variable-length integers
//
-// Copyright (C) 2007 Lasse Collin
+// Copyright (C) 2007-2008 Lasse Collin
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
@@ -25,45 +25,53 @@ lzma_vli_decode(lzma_vli *restrict vli, size_t *restrict vli_pos,
const uint8_t *restrict in, size_t *restrict in_pos,
size_t in_size)
{
- if (*vli > LZMA_VLI_VALUE_MAX || *vli_pos >= 9
- || (*vli >> (7 * *vli_pos)) != 0)
- return LZMA_PROG_ERROR;
+ // If we haven't been given vli_pos, work in single-call mode.
+ size_t vli_pos_internal = 0;
+ if (vli_pos == NULL)
+ vli_pos = &vli_pos_internal;
- if (*in_pos >= in_size)
- return LZMA_BUF_ERROR;
+ // Initialize *vli when starting to decode a new integer.
+ if (*vli_pos == 0)
+ *vli = 0;
- if (*vli_pos == 0) {
- *vli_pos = 1;
+ // Validate the arguments.
+ if (*vli_pos >= LZMA_VLI_BYTES_MAX || *in_pos >= in_size
+ || (*vli >> (*vli_pos * 7)) != 0)
+ return LZMA_PROG_ERROR;;
- if (in[*in_pos] <= 0x7F) {
- // Single-byte integer
- *vli = in[*in_pos];
- ++*in_pos;
- return LZMA_STREAM_END;
- }
-
- *vli = in[*in_pos] & 0x7F;
- ++*in_pos;
- }
-
- while (*in_pos < in_size) {
- // Read in the next byte.
+ do {
+ // Read the next byte.
*vli |= (lzma_vli)(in[*in_pos] & 0x7F) << (*vli_pos * 7);
++*vli_pos;
// Check if this is the last byte of a multibyte integer.
- if (in[*in_pos] & 0x80) {
- ++*in_pos;
- return LZMA_STREAM_END;
+ if (!(in[*in_pos] & 0x80)) {
+ // We don't allow using variable-length integers as
+ // padding i.e. the encoding must use the most the
+ // compact form.
+ if (in[(*in_pos)++] == 0x00 && *vli_pos > 1)
+ return LZMA_DATA_ERROR;
+
+ return vli_pos == &vli_pos_internal
+ ? LZMA_OK : LZMA_STREAM_END;
}
- // Limit variable-length representation to nine bytes.
- if (*vli_pos == 9)
+ ++*in_pos;
+
+ // There is at least one more byte coming. If we have already
+ // read maximum number of bytes, the integer is considered
+ // corrupt.
+ //
+ // If we need bigger integers in future, old versions liblzma
+ // will confusingly indicate the file being corrupt istead of
+ // unsupported. I suppose it's still better this way, because
+ // in the foreseeable future (writing this in 2008) the only
+ // reason why files would appear having over 63-bit integers
+ // is that the files are simply corrupt.
+ if (*vli_pos == LZMA_VLI_BYTES_MAX)
return LZMA_DATA_ERROR;
- // Increment input position only when the byte was accepted.
- ++*in_pos;
- }
+ } while (*in_pos < in_size);
- return LZMA_OK;
+ return vli_pos == &vli_pos_internal ? LZMA_DATA_ERROR : LZMA_OK;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 12:33:37 +0000