shithub: femtolisp

ref: ccb3743d19272e051bbe4be8c080ef44376cfac5
dir: /3rd/brieflz/depacks.c/

View raw version
/*
 * BriefLZ - small fast Lempel-Ziv
 *
 * C safe depacker
 *
 * Copyright (c) 2002-2018 Joergen Ibsen
 *
 * This software is provided 'as-is', without any express or implied
 * warranty. In no event will the authors be held liable for any damages
 * arising from the use of this software.
 *
 * Permission is granted to anyone to use this software for any purpose,
 * including commercial applications, and to alter it and redistribute it
 * freely, subject to the following restrictions:
 *
 *   1. The origin of this software must not be misrepresented; you must
 *      not claim that you wrote the original software. If you use this
 *      software in a product, an acknowledgment in the product
 *      documentation would be appreciated but is not required.
 *
 *   2. Altered source versions must be plainly marked as such, and must
 *      not be misrepresented as being the original software.
 *
 *   3. This notice may not be removed or altered from any source
 *      distribution.
 */

#include "brieflz.h"

/* Internal data structure */
struct blz_state {
	const unsigned char *src;
	unsigned char *dst;
	unsigned long src_avail;
	unsigned long dst_avail;
	unsigned int tag;
	int bits_left;
};

#if !defined(BLZ_NO_LUT)
static const unsigned char blz_gamma_lookup[256][2] = {
	/* 00xxxxxx = 2 */
	{2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2},
	{2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2},
	{2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2},
	{2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2},
	{2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2},
	{2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2},
	{2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2},
	{2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2}, {2, 2},

	/* 0100xxxx = 4 */
	{4, 4}, {4, 4}, {4, 4}, {4, 4}, {4, 4}, {4, 4}, {4, 4}, {4, 4},
	{4, 4}, {4, 4}, {4, 4}, {4, 4}, {4, 4}, {4, 4}, {4, 4}, {4, 4},

	/* 010100xx = 8 */
	{8, 6}, {8, 6}, {8, 6}, {8, 6},

	/* 01010100 = 16  01010101 = 16+ 01010110 = 17  01010111 = 17+ */
	{16, 8}, {16, 0}, {17, 8}, {17, 0},

	/* 010110xx = 9 */
	{9, 6}, {9, 6}, {9, 6}, {9, 6},

	/* 01011100 = 18  01011101 = 18+ 01011110 = 19  01011111 = 19+ */
	{18, 8}, {18, 0}, {19, 8}, {19, 0},

	/* 0110xxxx = 5 */
	{5, 4}, {5, 4}, {5, 4}, {5, 4}, {5, 4}, {5, 4}, {5, 4}, {5, 4},
	{5, 4}, {5, 4}, {5, 4}, {5, 4}, {5, 4}, {5, 4}, {5, 4}, {5, 4},

	/* 011100xx = 10 */
	{10, 6}, {10, 6}, {10, 6}, {10, 6},

	/* 01110100 = 20  01110101 = 20+ 01110110 = 21  01110111 = 21+ */
	{20, 8}, {20, 0}, {21, 8}, {21, 0},

	/* 011110xx = 11 */
	{11, 6}, {11, 6}, {11, 6}, {11, 6},

	/* 01111100 = 22  01111101 = 22+ 01111110 = 23  01111111 = 23+ */
	{22, 8}, {22, 0}, {23, 8}, {23, 0},

	/* 10xxxxxx = 3 */
	{3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2},
	{3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2},
	{3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2},
	{3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2},
	{3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2},
	{3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2},
	{3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2},
	{3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2}, {3, 2},

	/* 1100xxxx = 6 */
	{6, 4}, {6, 4}, {6, 4}, {6, 4}, {6, 4}, {6, 4}, {6, 4}, {6, 4},
	{6, 4}, {6, 4}, {6, 4}, {6, 4}, {6, 4}, {6, 4}, {6, 4}, {6, 4},

	/* 110100xx = 12 */
	{12, 6}, {12, 6}, {12, 6}, {12, 6},

	/* 11010100 = 24  11010101 = 24+ 11010110 = 25  11010111 = 25+ */
	{24, 8}, {24, 0}, {25, 8}, {25, 0},

	/* 110110xx = 13 */
	{13, 6}, {13, 6}, {13, 6}, {13, 6},

	/* 11011100 = 26  11011101 = 26+ 11011110 = 27  11011111 = 27+ */
	{26, 8}, {26, 0}, {27, 8}, {27, 0},

	/* 1110xxxx = 7 */
	{7, 4}, {7, 4}, {7, 4}, {7, 4}, {7, 4}, {7, 4}, {7, 4}, {7, 4},
	{7, 4}, {7, 4}, {7, 4}, {7, 4}, {7, 4}, {7, 4}, {7, 4}, {7, 4},

	/* 111100xx = 14 */
	{14, 6}, {14, 6}, {14, 6}, {14, 6},

	/* 11110100 = 28  11110101 = 28+ 11110110 = 29  11110111 = 29+ */
	{28, 8}, {28, 0}, {29, 8}, {29, 0},

	/* 111110xx = 15 */
	{15, 6}, {15, 6}, {15, 6}, {15, 6},

	/* 11111100 = 30  11111101 = 30+ 11111110 = 31  11111111 = 31+ */
	{30, 8}, {30, 0}, {31, 8}, {31, 0}
};
#endif

static int
blz_getbit_safe(struct blz_state *bs, unsigned int *result)
{
	unsigned int bit;

	/* Check if tag is empty */
	if (!bs->bits_left--) {
		if (bs->src_avail < 2) {
			return 0;
		}
		bs->src_avail -= 2;

		/* Load next tag */
		bs->tag = (unsigned int) bs->src[0]
		       | ((unsigned int) bs->src[1] << 8);
		bs->src += 2;
		bs->bits_left = 15;
	}

	/* Shift bit out of tag */
	bit = (bs->tag & 0x8000) ? 1 : 0;
	bs->tag <<= 1;

	*result = bit;

	return 1;
}

static int
blz_getgamma_safe(struct blz_state *bs, unsigned long *result)
{
	unsigned int bit;
	unsigned long v = 1;

#if !defined(BLZ_NO_LUT)
	/* Decode up to 8 bits of gamma2 code using lookup if possible */
	if (bs->bits_left >= 8) {
		unsigned int top8 = (bs->tag >> 8) & 0x00FF;
		int shift;

		v = blz_gamma_lookup[top8][0];
		shift = (int) blz_gamma_lookup[top8][1];

		if (shift) {
			bs->tag <<= shift;
			bs->bits_left -= shift;

			*result = v;

			return 1;
		}

		bs->tag <<= 8;
		bs->bits_left -= 8;
	}
#endif

	/* Input gamma2-encoded bits */
	do {
		if (!blz_getbit_safe(bs, &bit)) {
			return 0;
		}

		if (v & 0x80000000UL) {
			return 0;
		}

		v = (v << 1) + bit;

		if (!blz_getbit_safe(bs, &bit)) {
			return 0;
		}
	} while (bit);

	*result = v;

	return 1;
}

unsigned long
blz_depack_safe(const void *src, unsigned long src_size,
                void *dst, unsigned long depacked_size)
{
	struct blz_state bs;
	unsigned long dst_size = 0;
	unsigned int bit;

	bs.src = (const unsigned char *) src;
	bs.src_avail = src_size;
	bs.dst = (unsigned char *) dst;
	bs.dst_avail = depacked_size;

	/* Initialise to one bit left in tag; that bit is zero (a literal) */
	bs.bits_left = 1;
	bs.tag = 0;

	/* Main decompression loop */
	while (dst_size < depacked_size) {
		if (!blz_getbit_safe(&bs, &bit)) {
			return BLZ_ERROR;
		}

		if (bit) {
			unsigned long len;
			unsigned long off;

			/* Input match length and offset */
			if (!blz_getgamma_safe(&bs, &len)) {
				return BLZ_ERROR;
			}
			if (!blz_getgamma_safe(&bs, &off)) {
				return BLZ_ERROR;
			}

			len += 2;
			off -= 2;

			if (off >= 0x00FFFFFFUL) {
				return BLZ_ERROR;
			}

			if (!bs.src_avail--) {
				return BLZ_ERROR;
			}

			off = (off << 8) + (unsigned long) *bs.src++ + 1;

			if (off > depacked_size - bs.dst_avail) {
				return BLZ_ERROR;
			}

			if (len > bs.dst_avail) {
				return BLZ_ERROR;
			}

			bs.dst_avail -= len;

			/* Copy match */
			{
				const unsigned char *p = bs.dst - off;
				unsigned long i;

				for (i = len; i > 0; --i) {
					*bs.dst++ = *p++;
				}
			}

			dst_size += len;
		}
		else {
			/* Copy literal */
			if (!bs.src_avail-- || !bs.dst_avail--) {
				return BLZ_ERROR;
			}
			*bs.dst++ = *bs.src++;

			dst_size++;
		}
	}

	/* Return decompressed size */
	return dst_size;
}

/* clang -g -O1 -fsanitize=fuzzer,address -DBLZ_FUZZING depacks.c */
#if defined(BLZ_FUZZING)
#include <limits.h>
#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>

extern int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
	if (size > ULONG_MAX / 2) { return 0; }
	void *depacked = MEM_MALLOC(4096);
	if (!depacked) { abort(); }
	blz_depack_safe(data, size, depacked, 4096);
	MEM_FREE(depacked);
	return 0;
}
#endif