1 /* vi: set sw=4 ts=4: */
2 /*
3 * gunzip implementation for busybox
4 *
5 * Based on GNU gzip v1.2.4 Copyright (C) 1992-1993 Jean-loup Gailly.
6 *
7 * Originally adjusted for busybox by Sven Rudolph <sr1@inf.tu-dresden.de>
8 * based on gzip sources
9 *
10 * Adjusted further by Erik Andersen <andersen@codepoet.org> to support
11 * files as well as stdin/stdout, and to generally behave itself wrt
12 * command line handling.
13 *
14 * General cleanup to better adhere to the style guide and make use of standard
15 * busybox functions by Glenn McGrath
16 *
17 * read_gz interface + associated hacking by Laurence Anderson
18 *
19 * Fixed huft_build() so decoding end-of-block code does not grab more bits
20 * than necessary (this is required by unzip applet), added inflate_cleanup()
21 * to free leaked bytebuffer memory (used in unzip.c), and some minor style
22 * guide cleanups by Ed Clark
23 *
24 * gzip (GNU zip) -- compress files with zip algorithm and 'compress' interface
25 * Copyright (C) 1992-1993 Jean-loup Gailly
26 * The unzip code was written and put in the public domain by Mark Adler.
27 * Portions of the lzw code are derived from the public domain 'compress'
28 * written by Spencer Thomas, Joe Orost, James Woods, Jim McKie, Steve Davies,
29 * Ken Turkowski, Dave Mack and Peter Jannesen.
30 *
31 * See the file algorithm.doc for the compression algorithms and file formats.
32 *
33 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
34 */
35 #include "libbb.h"
36 #include "bb_archive.h"
37
38 typedef struct huft_t {
39 unsigned char e; /* number of extra bits or operation */
40 unsigned char b; /* number of bits in this code or subcode */
41 union {
42 unsigned n; /* literal, length base, or distance base */
43 /* ^^^^^ was "unsigned short", but that results in larger code */
44 struct huft_t *t; /* pointer to next level of table */
45 } v;
46 } huft_t;
47
48 enum {
49 /* gunzip_window size--must be a power of two, and
50 * at least 32K for zip's deflate method */
51 GUNZIP_WSIZE = 0x8000,
52 /* If BMAX needs to be larger than 16, then h and x[] should be ulg. */
53 BMAX = 16, /* maximum bit length of any code (16 for explode) */
54 N_MAX = 288, /* maximum number of codes in any set */
55 };
56
57
58 /* This is somewhat complex-looking arrangement, but it allows
59 * to place decompressor state either in bss or in
60 * malloc'ed space simply by changing #defines below.
61 * Sizes on i386:
62 * text data bss dec hex
63 * 5256 0 108 5364 14f4 - bss
64 * 4915 0 0 4915 1333 - malloc
65 */
66 #define STATE_IN_BSS 0
67 #define STATE_IN_MALLOC 1
68
69
70 typedef struct state_t {
71 off_t gunzip_bytes_out; /* number of output bytes */
72 uint32_t gunzip_crc;
73
74 int gunzip_src_fd;
75 unsigned gunzip_outbuf_count; /* bytes in output buffer */
76
77 unsigned char *gunzip_window;
78
79 uint32_t *gunzip_crc_table;
80
81 /* bitbuffer */
82 unsigned gunzip_bb; /* bit buffer */
83 unsigned char gunzip_bk; /* bits in bit buffer */
84
85 /* input (compressed) data */
86 unsigned char *bytebuffer; /* buffer itself */
87 off_t to_read; /* compressed bytes to read (unzip only, -1 for gunzip) */
88 // unsigned bytebuffer_max; /* buffer size */
89 unsigned bytebuffer_offset; /* buffer position */
90 unsigned bytebuffer_size; /* how much data is there (size <= max) */
91
92 /* private data of inflate_codes() */
93 unsigned inflate_codes_ml; /* masks for bl and bd bits */
94 unsigned inflate_codes_md; /* masks for bl and bd bits */
95 unsigned inflate_codes_bb; /* bit buffer */
96 unsigned inflate_codes_k; /* number of bits in bit buffer */
97 unsigned inflate_codes_w; /* current gunzip_window position */
98 huft_t *inflate_codes_tl;
99 huft_t *inflate_codes_td;
100 unsigned inflate_codes_bl;
101 unsigned inflate_codes_bd;
102 unsigned inflate_codes_nn; /* length and index for copy */
103 unsigned inflate_codes_dd;
104
105 smallint resume_copy;
106
107 /* private data of inflate_get_next_window() */
108 smallint method; /* method == -1 for stored, -2 for codes */
109 smallint need_another_block;
110 smallint end_reached;
111
112 /* private data of inflate_stored() */
113 unsigned inflate_stored_n;
114 unsigned inflate_stored_b;
115 unsigned inflate_stored_k;
116 unsigned inflate_stored_w;
117
118 const char *error_msg;
119 jmp_buf error_jmp;
120 } state_t;
121 #define gunzip_bytes_out (S()gunzip_bytes_out )
122 #define gunzip_crc (S()gunzip_crc )
123 #define gunzip_src_fd (S()gunzip_src_fd )
124 #define gunzip_outbuf_count (S()gunzip_outbuf_count)
125 #define gunzip_window (S()gunzip_window )
126 #define gunzip_crc_table (S()gunzip_crc_table )
127 #define gunzip_bb (S()gunzip_bb )
128 #define gunzip_bk (S()gunzip_bk )
129 #define to_read (S()to_read )
130 // #define bytebuffer_max (S()bytebuffer_max )
131 // Both gunzip and unzip can use constant buffer size now (16k):
132 #define bytebuffer_max 0x4000
133 #define bytebuffer (S()bytebuffer )
134 #define bytebuffer_offset (S()bytebuffer_offset )
135 #define bytebuffer_size (S()bytebuffer_size )
136 #define inflate_codes_ml (S()inflate_codes_ml )
137 #define inflate_codes_md (S()inflate_codes_md )
138 #define inflate_codes_bb (S()inflate_codes_bb )
139 #define inflate_codes_k (S()inflate_codes_k )
140 #define inflate_codes_w (S()inflate_codes_w )
141 #define inflate_codes_tl (S()inflate_codes_tl )
142 #define inflate_codes_td (S()inflate_codes_td )
143 #define inflate_codes_bl (S()inflate_codes_bl )
144 #define inflate_codes_bd (S()inflate_codes_bd )
145 #define inflate_codes_nn (S()inflate_codes_nn )
146 #define inflate_codes_dd (S()inflate_codes_dd )
147 #define resume_copy (S()resume_copy )
148 #define method (S()method )
149 #define need_another_block (S()need_another_block )
150 #define end_reached (S()end_reached )
151 #define inflate_stored_n (S()inflate_stored_n )
152 #define inflate_stored_b (S()inflate_stored_b )
153 #define inflate_stored_k (S()inflate_stored_k )
154 #define inflate_stored_w (S()inflate_stored_w )
155 #define error_msg (S()error_msg )
156 #define error_jmp (S()error_jmp )
157
158 /* This is a generic part */
159 #if STATE_IN_BSS /* Use global data segment */
160 #define DECLARE_STATE /*nothing*/
161 #define ALLOC_STATE /*nothing*/
162 #define DEALLOC_STATE ((void)0)
163 #define S() state.
164 #define PASS_STATE /*nothing*/
165 #define PASS_STATE_ONLY /*nothing*/
166 #define STATE_PARAM /*nothing*/
167 #define STATE_PARAM_ONLY void
168 static state_t state;
169 #endif
170
171 #if STATE_IN_MALLOC /* Use malloc space */
172 #define DECLARE_STATE state_t *state
173 #define ALLOC_STATE (state = xzalloc(sizeof(*state)))
174 #define DEALLOC_STATE free(state)
175 #define S() state->
176 #define PASS_STATE state,
177 #define PASS_STATE_ONLY state
178 #define STATE_PARAM state_t *state,
179 #define STATE_PARAM_ONLY state_t *state
180 #endif
181
182
183 static const uint16_t mask_bits[] ALIGN2 = {
184 0x0000, 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff,
185 0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff
186 };
187
188 /* Put lengths/offsets and extra bits in a struct of arrays
189 * to make calls to huft_build() have one fewer parameter.
190 */
191 struct cp_ext {
192 uint16_t cp[31];
193 uint8_t ext[31];
194 };
195 /* Copy lengths and extra bits for literal codes 257..285 */
196 /* note: see note #13 above about the 258 in this list. */
197 static const struct cp_ext lit ALIGN2 = {
198 /*257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 */
199 /*0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 */
200 { 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31, 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0 },
201 { 0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 99, 99 } /* 99 == invalid */
202 };
203 /* Copy offsets and extra bits for distance codes 0..29 */
204 static const struct cp_ext dist ALIGN2 = {
205 /*0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 */
206 { 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577 },
207 { 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13 }
208 };
209
210 /* Tables for deflate from PKZIP's appnote.txt. */
211 /* Order of the bit length code lengths */
212 static const uint8_t border[] ALIGN1 = {
213 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15
214 };
215
216
217 /*
218 * Free the malloc'ed tables built by huft_build(), which makes a linked
219 * list of the tables it made, with the links in a dummy first entry of
220 * each table.
221 * t: table to free
222 */
223 #define BAD_HUFT(p) ((uintptr_t)(p) & 1)
224 #define ERR_RET ((huft_t*)(uintptr_t)1)
huft_free(huft_t * p)225 static void huft_free(huft_t *p)
226 {
227 huft_t *q;
228
229 /*
230 * If 'p' has the error bit set we have to clear it, otherwise we might run
231 * into a segmentation fault or an invalid pointer to free(p)
232 */
233 //if (BAD_HUFT(p)) // commented out, since bit clearing has effect only if condition is true
234 p = (huft_t*)((uintptr_t)p & ~(uintptr_t)ERR_RET);
235
236 /* Go through linked list, freeing from the malloced (t[-1]) address. */
237 while (p) {
238 q = (--p)->v.t;
239 free(p);
240 p = q;
241 }
242 }
243
huft_free_all(STATE_PARAM_ONLY)244 static void huft_free_all(STATE_PARAM_ONLY)
245 {
246 huft_free(inflate_codes_tl);
247 huft_free(inflate_codes_td);
248 inflate_codes_tl = NULL;
249 inflate_codes_td = NULL;
250 }
251
252 static void abort_unzip(STATE_PARAM_ONLY) NORETURN;
abort_unzip(STATE_PARAM_ONLY)253 static void abort_unzip(STATE_PARAM_ONLY)
254 {
255 huft_free_all(PASS_STATE_ONLY);
256 longjmp(error_jmp, 1);
257 }
258
fill_bitbuffer(STATE_PARAM unsigned bitbuffer,unsigned * current,const unsigned required)259 static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current, const unsigned required)
260 {
261 while (*current < required) {
262 if (bytebuffer_offset >= bytebuffer_size) {
263 unsigned sz = bytebuffer_max - 4;
264 if (to_read >= 0 && to_read < sz) /* unzip only */
265 sz = to_read;
266 /* Leave the first 4 bytes empty so we can always unwind the bitbuffer
267 * to the front of the bytebuffer */
268 bytebuffer_size = safe_read(gunzip_src_fd, &bytebuffer[4], sz);
269 if ((int)bytebuffer_size < 1) {
270 error_msg = "unexpected end of file";
271 abort_unzip(PASS_STATE_ONLY);
272 }
273 if (to_read >= 0) /* unzip only */
274 to_read -= bytebuffer_size;
275 bytebuffer_size += 4;
276 bytebuffer_offset = 4;
277 }
278 bitbuffer |= ((unsigned) bytebuffer[bytebuffer_offset]) << *current;
279 bytebuffer_offset++;
280 *current += 8;
281 }
282 return bitbuffer;
283 }
284
285
286 /* Given a list of code lengths and a maximum table size, make a set of
287 * tables to decode that set of codes.
288 *
289 * b: code lengths in bits (all assumed <= BMAX)
290 * n: number of codes (assumed <= N_MAX)
291 * s: number of simple-valued codes (0..s-1)
292 * cp_ext->cp,ext: list of base values/extra bits for non-simple codes
293 * m: maximum lookup bits, returns actual
294 * result: starting table
295 *
296 * On error, returns a value with lowest-bit set on error.
297 * It can be just the value of 0x1,
298 * or a valid pointer to a Huffman table, ORed with 0x1 if incompete table
299 * is given: "fixed inflate" decoder feeds us such data.
300 */
huft_build(const unsigned * b,const unsigned n,const unsigned s,const struct cp_ext * cp_ext,unsigned * m)301 static huft_t* huft_build(const unsigned *b, const unsigned n,
302 const unsigned s, const struct cp_ext *cp_ext,
303 unsigned *m)
304 {
305 unsigned a; /* counter for codes of length k */
306 unsigned c[BMAX + 1]; /* bit length count table */
307 unsigned eob_len; /* length of end-of-block code (value 256) */
308 unsigned f; /* i repeats in table every f entries */
309 int g; /* maximum code length */
310 int htl; /* table level */
311 unsigned i; /* counter, current code */
312 unsigned j; /* counter */
313 int k; /* number of bits in current code */
314 const unsigned *p; /* pointer into c[], b[], or v[] */
315 huft_t *q; /* points to current table */
316 huft_t r; /* table entry for structure assignment */
317 huft_t *u[BMAX]; /* table stack */
318 unsigned v[N_MAX + 1]; /* values in order of bit length. last v[] is never used */
319 int ws[BMAX + 1]; /* bits decoded stack */
320 int w; /* bits decoded */
321 unsigned x[BMAX + 1]; /* bit offsets, then code stack */
322 unsigned *xp; /* pointer into x */
323 int y; /* number of dummy codes added */
324 unsigned z; /* number of entries in current table */
325 huft_t *result;
326 huft_t **t;
327
328 /* Length of EOB code, if any */
329 eob_len = n > 256 ? b[256] : BMAX;
330
331 /* Generate counts for each bit length */
332 memset(c, 0, sizeof(c));
333 p = b;
334 i = n;
335 do {
336 c[*p]++; /* assume all entries <= BMAX */
337 p++; /* can't combine with above line (Solaris bug) */
338 } while (--i);
339 if (c[0] == n) { /* null input - all zero length codes */
340 q = xzalloc(3 * sizeof(*q));
341 //q[0].v.t = NULL;
342 q[1].e = 99; /* invalid code marker */
343 q[1].b = 1;
344 q[2].e = 99; /* invalid code marker */
345 q[2].b = 1;
346 *m = 1;
347 return q + 1;
348 }
349
350 /* Find minimum and maximum length, bound *m by those */
351 for (j = 1; (j <= BMAX) && (c[j] == 0); j++)
352 continue;
353 k = j; /* minimum code length */
354 for (i = BMAX; (c[i] == 0) && i; i--)
355 continue;
356 g = i; /* maximum code length */
357 *m = (*m < j) ? j : ((*m > i) ? i : *m);
358
359 /* Adjust last length count to fill out codes, if needed */
360 for (y = 1 << j; j < i; j++, y <<= 1) {
361 y -= c[j];
362 if (y < 0)
363 return ERR_RET; /* bad input: more codes than bits */
364 }
365 y -= c[i];
366 if (y < 0)
367 return ERR_RET;
368 c[i] += y;
369
370 /* Generate starting offsets into the value table for each length */
371 x[1] = j = 0;
372 p = c + 1;
373 xp = x + 2;
374 while (--i) { /* note that i == g from above */
375 j += *p++;
376 *xp++ = j;
377 }
378
379 /* Make a table of values in order of bit lengths.
380 * To detect bad input, unused v[i]'s are set to invalid value UINT_MAX.
381 * In particular, last v[i] is never filled and must not be accessed.
382 */
383 memset(v, 0xff, sizeof(v));
384 p = b;
385 i = 0;
386 do {
387 j = *p++;
388 if (j != 0) {
389 v[x[j]++] = i;
390 }
391 } while (++i < n);
392
393 /* Generate the Huffman codes and for each, make the table entries */
394 result = ERR_RET;
395 t = &result;
396 x[0] = i = 0; /* first Huffman code is zero */
397 p = v; /* grab values in bit order */
398 htl = -1; /* no tables yet--level -1 */
399 w = ws[0] = 0; /* bits decoded */
400 u[0] = NULL; /* just to keep compilers happy */
401 q = NULL; /* ditto */
402 z = 0; /* ditto */
403
404 /* go through the bit lengths (k already is bits in shortest code) */
405 for (; k <= g; k++) {
406 a = c[k];
407 while (a--) {
408 /* here i is the Huffman code of length k bits for value *p */
409 /* make tables up to required level */
410 while (k > ws[htl + 1]) {
411 w = ws[++htl];
412
413 /* compute minimum size table less than or equal to *m bits */
414 z = g - w;
415 z = z > *m ? *m : z; /* upper limit on table size */
416 j = k - w;
417 f = 1 << j;
418 if (f > a + 1) { /* try a k-w bit table */
419 /* too few codes for k-w bit table */
420 f -= a + 1; /* deduct codes from patterns left */
421 xp = c + k;
422 while (++j < z) { /* try smaller tables up to z bits */
423 f <<= 1;
424 if (f <= *++xp) {
425 break; /* enough codes to use up j bits */
426 }
427 f -= *xp; /* else deduct codes from patterns */
428 }
429 }
430 j = (w + j > eob_len && w < eob_len) ? eob_len - w : j; /* make EOB code end at table */
431 z = 1 << j; /* table entries for j-bit table */
432 ws[htl+1] = w + j; /* set bits decoded in stack */
433
434 /* allocate and link in new table */
435 q = xzalloc((z + 1) * sizeof(huft_t));
436 *t = q + 1; /* link to list for huft_free() */
437 t = &(q->v.t);
438 u[htl] = ++q; /* table starts after link */
439
440 /* connect to last table, if there is one */
441 if (htl) {
442 x[htl] = i; /* save pattern for backing up */
443 r.b = (unsigned char) (w - ws[htl - 1]); /* bits to dump before this table */
444 r.e = (unsigned char) (16 + j); /* bits in this table */
445 r.v.t = q; /* pointer to this table */
446 j = (i & ((1 << w) - 1)) >> ws[htl - 1];
447 u[htl - 1][j] = r; /* connect to last table */
448 }
449 }
450
451 /* set up table entry in r */
452 r.b = (unsigned char) (k - w);
453 if (/*p >= v + n || -- redundant, caught by the second check: */
454 *p == UINT_MAX /* do we access uninited v[i]? (see memset(v))*/
455 ) {
456 r.e = 99; /* out of values--invalid code */
457 } else if (*p < s) {
458 r.e = (unsigned char) (*p < 256 ? 16 : 15); /* 256 is EOB code */
459 r.v.n = (unsigned short) (*p++); /* simple code is just the value */
460 } else {
461 r.e = (unsigned char) cp_ext->ext[*p - s]; /* non-simple--look up in lists */
462 r.v.n = cp_ext->cp[*p++ - s];
463 }
464
465 /* fill code-like entries with r */
466 f = 1 << (k - w);
467 for (j = i >> w; j < z; j += f) {
468 q[j] = r;
469 }
470
471 /* backwards increment the k-bit code i */
472 for (j = 1 << (k - 1); i & j; j >>= 1) {
473 i ^= j;
474 }
475 i ^= j;
476
477 /* backup over finished tables */
478 while ((i & ((1 << w) - 1)) != x[htl]) {
479 w = ws[--htl];
480 }
481 }
482 }
483
484 /* return actual size of base table */
485 *m = ws[1];
486
487 if (y != 0 && g != 1) /* we were given an incomplete table */
488 /* return "result" ORed with 1 */
489 return (void*)((uintptr_t)result | 1);
490
491 return result;
492 }
493
494
495 /*
496 * inflate (decompress) the codes in a deflated (compressed) block.
497 * Return an error code or zero if it all goes ok.
498 *
499 * tl, td: literal/length and distance decoder tables
500 * bl, bd: number of bits decoded by tl[] and td[]
501 */
502 /* called once from inflate_block */
503
504 /* map formerly local static variables to globals */
505 #define ml inflate_codes_ml
506 #define md inflate_codes_md
507 #define bb inflate_codes_bb
508 #define k inflate_codes_k
509 #define w inflate_codes_w
510 #define tl inflate_codes_tl
511 #define td inflate_codes_td
512 #define bl inflate_codes_bl
513 #define bd inflate_codes_bd
514 #define nn inflate_codes_nn
515 #define dd inflate_codes_dd
inflate_codes_setup(STATE_PARAM unsigned my_bl,unsigned my_bd)516 static void inflate_codes_setup(STATE_PARAM unsigned my_bl, unsigned my_bd)
517 {
518 bl = my_bl;
519 bd = my_bd;
520 /* make local copies of globals */
521 bb = gunzip_bb; /* initialize bit buffer */
522 k = gunzip_bk;
523 w = gunzip_outbuf_count; /* initialize gunzip_window position */
524 /* inflate the coded data */
525 ml = mask_bits[bl]; /* precompute masks for speed */
526 md = mask_bits[bd];
527 }
528 /* called once from inflate_get_next_window */
inflate_codes(STATE_PARAM_ONLY)529 static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
530 {
531 unsigned e; /* table entry flag/number of extra bits */
532 huft_t *t; /* pointer to table entry */
533
534 if (resume_copy)
535 goto do_copy;
536
537 while (1) { /* do until end of block */
538 bb = fill_bitbuffer(PASS_STATE bb, &k, bl);
539 t = tl + ((unsigned) bb & ml);
540 e = t->e;
541 if (e > 16)
542 do {
543 if (e == 99) {
544 abort_unzip(PASS_STATE_ONLY);
545 }
546 bb >>= t->b;
547 k -= t->b;
548 e -= 16;
549 bb = fill_bitbuffer(PASS_STATE bb, &k, e);
550 t = t->v.t + ((unsigned) bb & mask_bits[e]);
551 e = t->e;
552 } while (e > 16);
553 bb >>= t->b;
554 k -= t->b;
555 if (e == 16) { /* then it's a literal */
556 gunzip_window[w++] = (unsigned char) t->v.n;
557 if (w == GUNZIP_WSIZE) {
558 gunzip_outbuf_count = w;
559 //flush_gunzip_window();
560 w = 0;
561 return 1; // We have a block to read
562 }
563 } else { /* it's an EOB or a length */
564 /* exit if end of block */
565 if (e == 15) {
566 break;
567 }
568
569 /* get length of block to copy */
570 bb = fill_bitbuffer(PASS_STATE bb, &k, e);
571 nn = t->v.n + ((unsigned) bb & mask_bits[e]);
572 bb >>= e;
573 k -= e;
574
575 /* decode distance of block to copy */
576 bb = fill_bitbuffer(PASS_STATE bb, &k, bd);
577 t = td + ((unsigned) bb & md);
578 e = t->e;
579 if (e > 16)
580 do {
581 if (e == 99) {
582 abort_unzip(PASS_STATE_ONLY);
583 }
584 bb >>= t->b;
585 k -= t->b;
586 e -= 16;
587 bb = fill_bitbuffer(PASS_STATE bb, &k, e);
588 t = t->v.t + ((unsigned) bb & mask_bits[e]);
589 e = t->e;
590 } while (e > 16);
591 bb >>= t->b;
592 k -= t->b;
593 bb = fill_bitbuffer(PASS_STATE bb, &k, e);
594 dd = w - t->v.n - ((unsigned) bb & mask_bits[e]);
595 bb >>= e;
596 k -= e;
597
598 /* do the copy */
599 do_copy:
600 do {
601 /* Was: nn -= (e = (e = GUNZIP_WSIZE - ((dd &= GUNZIP_WSIZE - 1) > w ? dd : w)) > nn ? nn : e); */
602 /* Who wrote THAT?? rewritten as: */
603 unsigned delta;
604
605 dd &= GUNZIP_WSIZE - 1;
606 e = GUNZIP_WSIZE - (dd > w ? dd : w);
607 delta = w > dd ? w - dd : dd - w;
608 if (e > nn) e = nn;
609 nn -= e;
610
611 /* copy to new buffer to prevent possible overwrite */
612 if (delta >= e) {
613 memcpy(gunzip_window + w, gunzip_window + dd, e);
614 w += e;
615 dd += e;
616 } else {
617 /* do it slow to avoid memcpy() overlap */
618 /* !NOMEMCPY */
619 do {
620 gunzip_window[w++] = gunzip_window[dd++];
621 } while (--e);
622 }
623 if (w == GUNZIP_WSIZE) {
624 gunzip_outbuf_count = w;
625 resume_copy = (nn != 0);
626 //flush_gunzip_window();
627 w = 0;
628 return 1;
629 }
630 } while (nn);
631 resume_copy = 0;
632 }
633 }
634
635 /* restore the globals from the locals */
636 gunzip_outbuf_count = w; /* restore global gunzip_window pointer */
637 gunzip_bb = bb; /* restore global bit buffer */
638 gunzip_bk = k;
639
640 /* normally just after call to inflate_codes, but save code by putting it here */
641 /* free the decoding tables (tl and td), return */
642 huft_free_all(PASS_STATE_ONLY);
643
644 /* done */
645 return 0;
646 }
647 #undef ml
648 #undef md
649 #undef bb
650 #undef k
651 #undef w
652 #undef tl
653 #undef td
654 #undef bl
655 #undef bd
656 #undef nn
657 #undef dd
658
659
660 /* called once from inflate_block */
inflate_stored_setup(STATE_PARAM int my_n,int my_b,int my_k)661 static void inflate_stored_setup(STATE_PARAM int my_n, int my_b, int my_k)
662 {
663 inflate_stored_n = my_n;
664 inflate_stored_b = my_b;
665 inflate_stored_k = my_k;
666 /* initialize gunzip_window position */
667 inflate_stored_w = gunzip_outbuf_count;
668 }
669 /* called once from inflate_get_next_window */
inflate_stored(STATE_PARAM_ONLY)670 static int inflate_stored(STATE_PARAM_ONLY)
671 {
672 /* read and output the compressed data */
673 while (inflate_stored_n--) {
674 inflate_stored_b = fill_bitbuffer(PASS_STATE inflate_stored_b, &inflate_stored_k, 8);
675 gunzip_window[inflate_stored_w++] = (unsigned char) inflate_stored_b;
676 if (inflate_stored_w == GUNZIP_WSIZE) {
677 gunzip_outbuf_count = inflate_stored_w;
678 //flush_gunzip_window();
679 inflate_stored_w = 0;
680 inflate_stored_b >>= 8;
681 inflate_stored_k -= 8;
682 return 1; /* We have a block */
683 }
684 inflate_stored_b >>= 8;
685 inflate_stored_k -= 8;
686 }
687
688 /* restore the globals from the locals */
689 gunzip_outbuf_count = inflate_stored_w; /* restore global gunzip_window pointer */
690 gunzip_bb = inflate_stored_b; /* restore global bit buffer */
691 gunzip_bk = inflate_stored_k;
692 return 0; /* Finished */
693 }
694
695
696 /*
697 * decompress an inflated block
698 * e: last block flag
699 *
700 * GLOBAL VARIABLES: bb, kk,
701 */
702 /* Return values: -1 = inflate_stored, -2 = inflate_codes */
703 /* One callsite in inflate_get_next_window */
inflate_block(STATE_PARAM smallint * e)704 static int inflate_block(STATE_PARAM smallint *e)
705 {
706 unsigned ll[286 + 30]; /* literal/length and distance code lengths */
707 unsigned t; /* block type */
708 unsigned b; /* bit buffer */
709 unsigned k; /* number of bits in bit buffer */
710
711 /* make local bit buffer */
712
713 b = gunzip_bb;
714 k = gunzip_bk;
715
716 /* read in last block bit */
717 b = fill_bitbuffer(PASS_STATE b, &k, 1);
718 *e = b & 1;
719 b >>= 1;
720 k -= 1;
721
722 /* read in block type */
723 b = fill_bitbuffer(PASS_STATE b, &k, 2);
724 t = (unsigned) b & 3;
725 b >>= 2;
726 k -= 2;
727
728 /* restore the global bit buffer */
729 gunzip_bb = b;
730 gunzip_bk = k;
731
732 /* Do we see block type 1 often? Yes!
733 * TODO: fix performance problem (see below) */
734 //bb_error_msg("blktype %d", t);
735
736 /* inflate that block type */
737 switch (t) {
738 case 0: /* Inflate stored */
739 {
740 unsigned n; /* number of bytes in block */
741 unsigned b_stored; /* bit buffer */
742 unsigned k_stored; /* number of bits in bit buffer */
743
744 /* make local copies of globals */
745 b_stored = gunzip_bb; /* initialize bit buffer */
746 k_stored = gunzip_bk;
747
748 /* go to byte boundary */
749 n = k_stored & 7;
750 b_stored >>= n;
751 k_stored -= n;
752
753 /* get the length and its complement */
754 b_stored = fill_bitbuffer(PASS_STATE b_stored, &k_stored, 16);
755 n = ((unsigned) b_stored & 0xffff);
756 b_stored >>= 16;
757 k_stored -= 16;
758
759 b_stored = fill_bitbuffer(PASS_STATE b_stored, &k_stored, 16);
760 if (n != (unsigned) ((~b_stored) & 0xffff)) {
761 abort_unzip(PASS_STATE_ONLY); /* error in compressed data */
762 }
763 b_stored >>= 16;
764 k_stored -= 16;
765
766 inflate_stored_setup(PASS_STATE n, b_stored, k_stored);
767
768 return -1;
769 }
770 case 1:
771 /* Inflate fixed
772 * decompress an inflated type 1 (fixed Huffman codes) block. We should
773 * either replace this with a custom decoder, or at least precompute the
774 * Huffman tables. TODO */
775 {
776 int i; /* temporary variable */
777 unsigned bl; /* lookup bits for tl */
778 unsigned bd; /* lookup bits for td */
779 /* gcc 4.2.1 is too dumb to reuse stackspace. Moved up... */
780 //unsigned ll[288]; /* length list for huft_build */
781
782 /* set up literal table */
783 for (i = 0; i < 144; i++)
784 ll[i] = 8;
785 for (; i < 256; i++)
786 ll[i] = 9;
787 for (; i < 280; i++)
788 ll[i] = 7;
789 for (; i < 288; i++) /* make a complete, but wrong code set */
790 ll[i] = 8;
791 bl = 7;
792 inflate_codes_tl = huft_build(ll, 288, 257, &lit, &bl);
793 /* ^^^ never returns error here - we use known data */
794
795 /* set up distance table */
796 for (i = 0; i < 30; i++) /* make an incomplete code set */
797 ll[i] = 5;
798 bd = 5;
799 inflate_codes_td = huft_build(ll, 30, 0, &dist, &bd);
800 /* ^^^ does return error here! (lsb bit is set) - we gave it incomplete code set */
801 /* clearing error bit: */
802 inflate_codes_td = (void*)((uintptr_t)inflate_codes_td & ~(uintptr_t)1);
803
804 /* set up data for inflate_codes() */
805 inflate_codes_setup(PASS_STATE bl, bd);
806
807 /* huft_free code moved into inflate_codes */
808
809 return -2;
810 }
811 case 2: /* Inflate dynamic */
812 {
813 enum { dbits = 6 }; /* bits in base distance lookup table */
814 enum { lbits = 9 }; /* bits in base literal/length lookup table */
815
816 huft_t *td; /* distance code table */
817 unsigned i; /* temporary variables */
818 unsigned j;
819 unsigned l; /* last length */
820 unsigned m; /* mask for bit lengths table */
821 unsigned n; /* number of lengths to get */
822 unsigned bl; /* lookup bits for tl */
823 unsigned bd; /* lookup bits for td */
824 unsigned nb; /* number of bit length codes */
825 unsigned nl; /* number of literal/length codes */
826 unsigned nd; /* number of distance codes */
827
828 //unsigned ll[286 + 30];/* literal/length and distance code lengths */
829 unsigned b_dynamic; /* bit buffer */
830 unsigned k_dynamic; /* number of bits in bit buffer */
831
832 /* make local bit buffer */
833 b_dynamic = gunzip_bb;
834 k_dynamic = gunzip_bk;
835
836 /* read in table lengths */
837 b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 5);
838 nl = 257 + ((unsigned) b_dynamic & 0x1f); /* number of literal/length codes */
839
840 b_dynamic >>= 5;
841 k_dynamic -= 5;
842 b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 5);
843 nd = 1 + ((unsigned) b_dynamic & 0x1f); /* number of distance codes */
844
845 b_dynamic >>= 5;
846 k_dynamic -= 5;
847 b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 4);
848 nb = 4 + ((unsigned) b_dynamic & 0xf); /* number of bit length codes */
849
850 b_dynamic >>= 4;
851 k_dynamic -= 4;
852 if (nl > 286 || nd > 30) {
853 abort_unzip(PASS_STATE_ONLY); /* bad lengths */
854 }
855
856 /* read in bit-length-code lengths */
857 for (j = 0; j < nb; j++) {
858 b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 3);
859 ll[border[j]] = (unsigned) b_dynamic & 7;
860 b_dynamic >>= 3;
861 k_dynamic -= 3;
862 }
863 for (; j < 19; j++)
864 ll[border[j]] = 0;
865
866 /* build decoding table for trees - single level, 7 bit lookup */
867 bl = 7;
868 inflate_codes_tl = huft_build(ll, 19, 19, NULL, &bl);
869 if (BAD_HUFT(inflate_codes_tl)) {
870 abort_unzip(PASS_STATE_ONLY); /* incomplete code set */
871 }
872
873 /* read in literal and distance code lengths */
874 n = nl + nd;
875 m = mask_bits[bl];
876 i = l = 0;
877 while ((unsigned) i < n) {
878 b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, (unsigned)bl);
879 td = inflate_codes_tl + ((unsigned) b_dynamic & m);
880 j = td->b;
881 b_dynamic >>= j;
882 k_dynamic -= j;
883 j = td->v.n;
884 if (j < 16) { /* length of code in bits (0..15) */
885 ll[i++] = l = j; /* save last length in l */
886 } else if (j == 16) { /* repeat last length 3 to 6 times */
887 b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 2);
888 j = 3 + ((unsigned) b_dynamic & 3);
889 b_dynamic >>= 2;
890 k_dynamic -= 2;
891 if ((unsigned) i + j > n) {
892 abort_unzip(PASS_STATE_ONLY); //return 1;
893 }
894 while (j--) {
895 ll[i++] = l;
896 }
897 } else if (j == 17) { /* 3 to 10 zero length codes */
898 b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 3);
899 j = 3 + ((unsigned) b_dynamic & 7);
900 b_dynamic >>= 3;
901 k_dynamic -= 3;
902 if ((unsigned) i + j > n) {
903 abort_unzip(PASS_STATE_ONLY); //return 1;
904 }
905 while (j--) {
906 ll[i++] = 0;
907 }
908 l = 0;
909 } else { /* j == 18: 11 to 138 zero length codes */
910 b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 7);
911 j = 11 + ((unsigned) b_dynamic & 0x7f);
912 b_dynamic >>= 7;
913 k_dynamic -= 7;
914 if ((unsigned) i + j > n) {
915 abort_unzip(PASS_STATE_ONLY); //return 1;
916 }
917 while (j--) {
918 ll[i++] = 0;
919 }
920 l = 0;
921 }
922 }
923
924 /* free decoding table for trees */
925 huft_free(inflate_codes_tl);
926
927 /* restore the global bit buffer */
928 gunzip_bb = b_dynamic;
929 gunzip_bk = k_dynamic;
930
931 /* build the decoding tables for literal/length and distance codes */
932 bl = lbits;
933 inflate_codes_tl = huft_build(ll, nl, 257, &lit, &bl);
934 if (BAD_HUFT(inflate_codes_tl)) {
935 abort_unzip(PASS_STATE_ONLY);
936 }
937 bd = dbits;
938 inflate_codes_td = huft_build(ll + nl, nd, 0, &dist, &bd);
939 if (BAD_HUFT(inflate_codes_td)) {
940 abort_unzip(PASS_STATE_ONLY);
941 }
942
943 /* set up data for inflate_codes() */
944 inflate_codes_setup(PASS_STATE bl, bd);
945
946 /* huft_free code moved into inflate_codes */
947
948 return -2;
949 }
950 default:
951 abort_unzip(PASS_STATE_ONLY);
952 }
953 }
954
955 /* Two callsites, both in inflate_get_next_window */
calculate_gunzip_crc(STATE_PARAM_ONLY)956 static void calculate_gunzip_crc(STATE_PARAM_ONLY)
957 {
958 gunzip_crc = crc32_block_endian0(gunzip_crc, gunzip_window, gunzip_outbuf_count, gunzip_crc_table);
959 gunzip_bytes_out += gunzip_outbuf_count;
960 }
961
962 /* One callsite in inflate_unzip_internal */
inflate_get_next_window(STATE_PARAM_ONLY)963 static int inflate_get_next_window(STATE_PARAM_ONLY)
964 {
965 gunzip_outbuf_count = 0;
966
967 while (1) {
968 int ret;
969
970 if (need_another_block) {
971 if (end_reached) {
972 calculate_gunzip_crc(PASS_STATE_ONLY);
973 end_reached = 0;
974 /* NB: need_another_block is still set */
975 return 0; /* Last block */
976 }
977 method = inflate_block(PASS_STATE &end_reached);
978 need_another_block = 0;
979 }
980
981 switch (method) {
982 case -1:
983 ret = inflate_stored(PASS_STATE_ONLY);
984 break;
985 case -2:
986 ret = inflate_codes(PASS_STATE_ONLY);
987 break;
988 default: /* cannot happen */
989 abort_unzip(PASS_STATE_ONLY);
990 }
991
992 if (ret == 1) {
993 calculate_gunzip_crc(PASS_STATE_ONLY);
994 return 1; /* more data left */
995 }
996 need_another_block = 1; /* end of that block */
997 }
998 /* Doesnt get here */
999 }
1000
1001
1002 /* Called from unpack_gz_stream() and inflate_unzip() */
IF_DESKTOP(long long)1003 static IF_DESKTOP(long long) int
1004 inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
1005 {
1006 IF_DESKTOP(long long) int n = 0;
1007 ssize_t nwrote;
1008
1009 /* Allocate all global buffers (for DYN_ALLOC option) */
1010 gunzip_window = xmalloc(GUNZIP_WSIZE);
1011 gunzip_outbuf_count = 0;
1012 gunzip_bytes_out = 0;
1013 gunzip_src_fd = xstate->src_fd;
1014
1015 /* (re) initialize state */
1016 method = -1;
1017 need_another_block = 1;
1018 resume_copy = 0;
1019 gunzip_bk = 0;
1020 gunzip_bb = 0;
1021
1022 /* Create the crc table */
1023 gunzip_crc_table = crc32_new_table_le();
1024 gunzip_crc = ~0;
1025
1026 error_msg = "corrupted data";
1027 if (setjmp(error_jmp)) {
1028 /* Error from deep inside zip machinery */
1029 bb_simple_error_msg(error_msg);
1030 n = -1;
1031 goto ret;
1032 }
1033
1034 while (1) {
1035 int r = inflate_get_next_window(PASS_STATE_ONLY);
1036 nwrote = transformer_write(xstate, gunzip_window, gunzip_outbuf_count);
1037 if (nwrote == (ssize_t)-1) {
1038 n = -1;
1039 goto ret;
1040 }
1041 IF_DESKTOP(n += nwrote;)
1042 if (r == 0) break;
1043 }
1044
1045 /* Store unused bytes in a global buffer so calling applets can access it */
1046 if (gunzip_bk >= 8) {
1047 /* Undo too much lookahead. The next read will be byte aligned
1048 * so we can discard unused bits in the last meaningful byte. */
1049 bytebuffer_offset--;
1050 bytebuffer[bytebuffer_offset] = gunzip_bb & 0xff;
1051 gunzip_bb >>= 8;
1052 gunzip_bk -= 8;
1053 }
1054 ret:
1055 /* Cleanup */
1056 free(gunzip_window);
1057 free(gunzip_crc_table);
1058 return n;
1059 }
1060
1061
1062 /* External entry points */
1063
1064 /* For unzip */
1065
IF_DESKTOP(long long)1066 IF_DESKTOP(long long) int FAST_FUNC
1067 inflate_unzip(transformer_state_t *xstate)
1068 {
1069 IF_DESKTOP(long long) int n;
1070 DECLARE_STATE;
1071
1072 ALLOC_STATE;
1073
1074 to_read = xstate->bytes_in;
1075 // bytebuffer_max = 0x8000;
1076 bytebuffer_offset = 4;
1077 bytebuffer = xmalloc(bytebuffer_max);
1078 n = inflate_unzip_internal(PASS_STATE xstate);
1079 free(bytebuffer);
1080
1081 xstate->crc32 = gunzip_crc;
1082 xstate->bytes_out = gunzip_bytes_out;
1083 DEALLOC_STATE;
1084 return n;
1085 }
1086
1087
1088 /* For gunzip */
1089
1090 /* helpers first */
1091
1092 /* Top up the input buffer with at least n bytes. */
top_up(STATE_PARAM unsigned n)1093 static int top_up(STATE_PARAM unsigned n)
1094 {
1095 int count = bytebuffer_size - bytebuffer_offset;
1096
1097 if (count < (int)n) {
1098 memmove(bytebuffer, &bytebuffer[bytebuffer_offset], count);
1099 bytebuffer_offset = 0;
1100 bytebuffer_size = full_read(gunzip_src_fd, &bytebuffer[count], bytebuffer_max - count);
1101 if ((int)bytebuffer_size < 0) {
1102 bb_simple_error_msg(bb_msg_read_error);
1103 return 0;
1104 }
1105 bytebuffer_size += count;
1106 if (bytebuffer_size < n)
1107 return 0;
1108 }
1109 return 1;
1110 }
1111
buffer_read_le_u16(STATE_PARAM_ONLY)1112 static uint16_t buffer_read_le_u16(STATE_PARAM_ONLY)
1113 {
1114 uint16_t res;
1115 #if BB_LITTLE_ENDIAN
1116 move_from_unaligned16(res, &bytebuffer[bytebuffer_offset]);
1117 #else
1118 res = bytebuffer[bytebuffer_offset];
1119 res |= bytebuffer[bytebuffer_offset + 1] << 8;
1120 #endif
1121 bytebuffer_offset += 2;
1122 return res;
1123 }
1124
buffer_read_le_u32(STATE_PARAM_ONLY)1125 static uint32_t buffer_read_le_u32(STATE_PARAM_ONLY)
1126 {
1127 uint32_t res;
1128 #if BB_LITTLE_ENDIAN
1129 move_from_unaligned32(res, &bytebuffer[bytebuffer_offset]);
1130 #else
1131 res = bytebuffer[bytebuffer_offset];
1132 res |= bytebuffer[bytebuffer_offset + 1] << 8;
1133 res |= bytebuffer[bytebuffer_offset + 2] << 16;
1134 res |= bytebuffer[bytebuffer_offset + 3] << 24;
1135 #endif
1136 bytebuffer_offset += 4;
1137 return res;
1138 }
1139
check_header_gzip(STATE_PARAM transformer_state_t * xstate)1140 static int check_header_gzip(STATE_PARAM transformer_state_t *xstate)
1141 {
1142 union {
1143 unsigned char raw[8];
1144 struct {
1145 uint8_t gz_method;
1146 uint8_t flags;
1147 uint32_t mtime;
1148 uint8_t xtra_flags_UNUSED;
1149 uint8_t os_flags_UNUSED;
1150 } PACKED formatted;
1151 } header;
1152
1153 BUILD_BUG_ON(sizeof(header) != 8);
1154
1155 /*
1156 * Rewind bytebuffer. We use the beginning because the header has 8
1157 * bytes, leaving enough for unwinding afterwards.
1158 */
1159 bytebuffer_size -= bytebuffer_offset;
1160 memmove(bytebuffer, &bytebuffer[bytebuffer_offset], bytebuffer_size);
1161 bytebuffer_offset = 0;
1162
1163 if (!top_up(PASS_STATE 8))
1164 return 0;
1165 memcpy(header.raw, &bytebuffer[bytebuffer_offset], 8);
1166 bytebuffer_offset += 8;
1167
1168 /* Check the compression method */
1169 if (header.formatted.gz_method != 8) {
1170 return 0;
1171 }
1172
1173 if (header.formatted.flags & 0x04) {
1174 /* bit 2 set: extra field present */
1175 unsigned extra_short;
1176
1177 if (!top_up(PASS_STATE 2))
1178 return 0;
1179 extra_short = buffer_read_le_u16(PASS_STATE_ONLY);
1180 if (!top_up(PASS_STATE extra_short))
1181 return 0;
1182 /* Ignore extra field */
1183 bytebuffer_offset += extra_short;
1184 }
1185
1186 /* Discard original name and file comment if any */
1187 /* bit 3 set: original file name present */
1188 /* bit 4 set: file comment present */
1189 if (header.formatted.flags & 0x18) {
1190 while (1) {
1191 do {
1192 if (!top_up(PASS_STATE 1))
1193 return 0;
1194 } while (bytebuffer[bytebuffer_offset++] != 0);
1195 if ((header.formatted.flags & 0x18) != 0x18)
1196 break;
1197 header.formatted.flags &= ~0x18;
1198 }
1199 }
1200
1201 xstate->mtime = SWAP_LE32(header.formatted.mtime);
1202
1203 /* Read the header checksum */
1204 if (header.formatted.flags & 0x02) {
1205 if (!top_up(PASS_STATE 2))
1206 return 0;
1207 bytebuffer_offset += 2;
1208 }
1209 return 1;
1210 }
1211
IF_DESKTOP(long long)1212 IF_DESKTOP(long long) int FAST_FUNC
1213 unpack_gz_stream(transformer_state_t *xstate)
1214 {
1215 uint32_t v32;
1216 IF_DESKTOP(long long) int total, n;
1217 DECLARE_STATE;
1218
1219 #if !ENABLE_FEATURE_SEAMLESS_Z
1220 if (check_signature16(xstate, GZIP_MAGIC))
1221 return -1;
1222 #else
1223 if (!xstate->signature_skipped) {
1224 uint16_t magic2;
1225
1226 if (full_read(xstate->src_fd, &magic2, 2) != 2) {
1227 bad_magic:
1228 bb_simple_error_msg("invalid magic");
1229 return -1;
1230 }
1231 if (magic2 == COMPRESS_MAGIC) {
1232 xstate->signature_skipped = 2;
1233 return unpack_Z_stream(xstate);
1234 }
1235 if (magic2 != GZIP_MAGIC)
1236 goto bad_magic;
1237 }
1238 #endif
1239
1240 total = 0;
1241
1242 ALLOC_STATE;
1243 to_read = -1;
1244 // bytebuffer_max = 0x8000;
1245 bytebuffer = xmalloc(bytebuffer_max);
1246 gunzip_src_fd = xstate->src_fd;
1247
1248 again:
1249 if (!check_header_gzip(PASS_STATE xstate)) {
1250 bb_simple_error_msg("corrupted data");
1251 total = -1;
1252 goto ret;
1253 }
1254
1255 n = inflate_unzip_internal(PASS_STATE xstate);
1256 if (n < 0) {
1257 total = -1;
1258 goto ret;
1259 }
1260 total += n;
1261
1262 if (!top_up(PASS_STATE 8)) {
1263 bb_simple_error_msg("corrupted data");
1264 total = -1;
1265 goto ret;
1266 }
1267
1268 /* Validate decompression - crc */
1269 v32 = buffer_read_le_u32(PASS_STATE_ONLY);
1270 if ((~gunzip_crc) != v32) {
1271 bb_simple_error_msg("crc error");
1272 total = -1;
1273 goto ret;
1274 }
1275
1276 /* Validate decompression - size */
1277 v32 = buffer_read_le_u32(PASS_STATE_ONLY);
1278 if ((uint32_t)gunzip_bytes_out != v32) {
1279 bb_simple_error_msg("incorrect length");
1280 total = -1;
1281 }
1282
1283 if (!top_up(PASS_STATE 2))
1284 goto ret; /* EOF */
1285
1286 if (bytebuffer[bytebuffer_offset] == 0x1f
1287 && bytebuffer[bytebuffer_offset + 1] == 0x8b
1288 ) {
1289 bytebuffer_offset += 2;
1290 goto again;
1291 }
1292 /* GNU gzip says: */
1293 /*bb_error_msg("decompression OK, trailing garbage ignored");*/
1294
1295 ret:
1296 free(bytebuffer);
1297 DEALLOC_STATE;
1298 return total;
1299 }
1300