1 /*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * Copyright (c) 2011 Andres Mejia
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include "archive_platform.h"
28
29 #ifdef HAVE_ERRNO_H
30 #include <errno.h>
31 #endif
32 #include <time.h>
33 #include <limits.h>
34 #ifdef HAVE_ZLIB_H
35 #include <zlib.h> /* crc32 */
36 #endif
37
38 #include "archive.h"
39 #ifndef HAVE_ZLIB_H
40 #include "archive_crc32.h"
41 #endif
42 #include "archive_endian.h"
43 #include "archive_entry.h"
44 #include "archive_entry_locale.h"
45 #include "archive_ppmd7_private.h"
46 #include "archive_private.h"
47 #include "archive_read_private.h"
48
49 /* RAR signature, also known as the mark header */
50 #define RAR_SIGNATURE "\x52\x61\x72\x21\x1A\x07\x00"
51
52 /* Header types */
53 #define MARK_HEAD 0x72
54 #define MAIN_HEAD 0x73
55 #define FILE_HEAD 0x74
56 #define COMM_HEAD 0x75
57 #define AV_HEAD 0x76
58 #define SUB_HEAD 0x77
59 #define PROTECT_HEAD 0x78
60 #define SIGN_HEAD 0x79
61 #define NEWSUB_HEAD 0x7a
62 #define ENDARC_HEAD 0x7b
63
64 /* Main Header Flags */
65 #define MHD_VOLUME 0x0001
66 #define MHD_COMMENT 0x0002
67 #define MHD_LOCK 0x0004
68 #define MHD_SOLID 0x0008
69 #define MHD_NEWNUMBERING 0x0010
70 #define MHD_AV 0x0020
71 #define MHD_PROTECT 0x0040
72 #define MHD_PASSWORD 0x0080
73 #define MHD_FIRSTVOLUME 0x0100
74 #define MHD_ENCRYPTVER 0x0200
75
76 /* Flags common to all headers */
77 #define HD_MARKDELETION 0x4000
78 #define HD_ADD_SIZE_PRESENT 0x8000
79
80 /* File Header Flags */
81 #define FHD_SPLIT_BEFORE 0x0001
82 #define FHD_SPLIT_AFTER 0x0002
83 #define FHD_PASSWORD 0x0004
84 #define FHD_COMMENT 0x0008
85 #define FHD_SOLID 0x0010
86 #define FHD_LARGE 0x0100
87 #define FHD_UNICODE 0x0200
88 #define FHD_SALT 0x0400
89 #define FHD_VERSION 0x0800
90 #define FHD_EXTTIME 0x1000
91 #define FHD_EXTFLAGS 0x2000
92
93 /* File dictionary sizes */
94 #define DICTIONARY_SIZE_64 0x00
95 #define DICTIONARY_SIZE_128 0x20
96 #define DICTIONARY_SIZE_256 0x40
97 #define DICTIONARY_SIZE_512 0x60
98 #define DICTIONARY_SIZE_1024 0x80
99 #define DICTIONARY_SIZE_2048 0xA0
100 #define DICTIONARY_SIZE_4096 0xC0
101 #define FILE_IS_DIRECTORY 0xE0
102 #define DICTIONARY_MASK FILE_IS_DIRECTORY
103
104 /* OS Flags */
105 #define OS_MSDOS 0
106 #define OS_OS2 1
107 #define OS_WIN32 2
108 #define OS_UNIX 3
109 #define OS_MAC_OS 4
110 #define OS_BEOS 5
111
112 /* Compression Methods */
113 #define COMPRESS_METHOD_STORE 0x30
114 /* LZSS */
115 #define COMPRESS_METHOD_FASTEST 0x31
116 #define COMPRESS_METHOD_FAST 0x32
117 #define COMPRESS_METHOD_NORMAL 0x33
118 /* PPMd Variant H */
119 #define COMPRESS_METHOD_GOOD 0x34
120 #define COMPRESS_METHOD_BEST 0x35
121
122 #define CRC_POLYNOMIAL 0xEDB88320
123
124 #define NS_UNIT 10000000
125
126 #define DICTIONARY_MAX_SIZE 0x400000
127
128 #define MAINCODE_SIZE 299
129 #define OFFSETCODE_SIZE 60
130 #define LOWOFFSETCODE_SIZE 17
131 #define LENGTHCODE_SIZE 28
132 #define HUFFMAN_TABLE_SIZE \
133 MAINCODE_SIZE + OFFSETCODE_SIZE + LOWOFFSETCODE_SIZE + LENGTHCODE_SIZE
134
135 #define MAX_SYMBOL_LENGTH 0xF
136 #define MAX_SYMBOLS 20
137
138 /* Virtual Machine Properties */
139 #define VM_MEMORY_SIZE 0x40000
140 #define VM_MEMORY_MASK (VM_MEMORY_SIZE - 1)
141 #define PROGRAM_WORK_SIZE 0x3C000
142 #define PROGRAM_GLOBAL_SIZE 0x2000
143 #define PROGRAM_SYSTEM_GLOBAL_ADDRESS PROGRAM_WORK_SIZE
144 #define PROGRAM_SYSTEM_GLOBAL_SIZE 0x40
145 #define PROGRAM_USER_GLOBAL_ADDRESS (PROGRAM_SYSTEM_GLOBAL_ADDRESS + PROGRAM_SYSTEM_GLOBAL_SIZE)
146 #define PROGRAM_USER_GLOBAL_SIZE (PROGRAM_GLOBAL_SIZE - PROGRAM_SYSTEM_GLOBAL_SIZE)
147
148 /*
149 * Considering L1,L2 cache miss and a calling of write system-call,
150 * the best size of the output buffer(uncompressed buffer) is 128K.
151 * If the structure of extracting process is changed, this value
152 * might be researched again.
153 */
154 #define UNP_BUFFER_SIZE (128 * 1024)
155
156 /* Define this here for non-Windows platforms */
157 #if !((defined(__WIN32__) || defined(_WIN32) || defined(__WIN32)) && !defined(__CYGWIN__))
158 #define FILE_ATTRIBUTE_DIRECTORY 0x10
159 #endif
160
161 #undef minimum
162 #define minimum(a, b) ((a)<(b)?(a):(b))
163
164 /* Stack overflow check */
165 #define MAX_COMPRESS_DEPTH 1024
166
167 /* Fields common to all headers */
168 struct rar_header
169 {
170 char crc[2];
171 char type;
172 char flags[2];
173 char size[2];
174 };
175
176 /* Fields common to all file headers */
177 struct rar_file_header
178 {
179 char pack_size[4];
180 char unp_size[4];
181 char host_os;
182 char file_crc[4];
183 char file_time[4];
184 char unp_ver;
185 char method;
186 char name_size[2];
187 char file_attr[4];
188 };
189
190 struct huffman_tree_node
191 {
192 int branches[2];
193 };
194
195 struct huffman_table_entry
196 {
197 unsigned int length;
198 int value;
199 };
200
201 struct huffman_code
202 {
203 struct huffman_tree_node *tree;
204 int numentries;
205 int numallocatedentries;
206 int minlength;
207 int maxlength;
208 int tablesize;
209 struct huffman_table_entry *table;
210 };
211
212 struct lzss
213 {
214 unsigned char *window;
215 int mask;
216 int64_t position;
217 };
218
219 struct data_block_offsets
220 {
221 int64_t header_size;
222 int64_t start_offset;
223 int64_t end_offset;
224 };
225
226 struct rar_program_code
227 {
228 uint8_t *staticdata;
229 uint32_t staticdatalen;
230 uint8_t *globalbackup;
231 uint32_t globalbackuplen;
232 uint64_t fingerprint;
233 uint32_t usagecount;
234 uint32_t oldfilterlength;
235 struct rar_program_code *next;
236 };
237
238 struct rar_filter
239 {
240 struct rar_program_code *prog;
241 uint32_t initialregisters[8];
242 uint8_t *globaldata;
243 uint32_t globaldatalen;
244 size_t blockstartpos;
245 uint32_t blocklength;
246 uint32_t filteredblockaddress;
247 uint32_t filteredblocklength;
248 struct rar_filter *next;
249 };
250
251 struct memory_bit_reader
252 {
253 const uint8_t *bytes;
254 size_t length;
255 size_t offset;
256 uint64_t bits;
257 int available;
258 int at_eof;
259 };
260
261 struct rar_virtual_machine
262 {
263 uint32_t registers[8];
264 uint8_t memory[VM_MEMORY_SIZE + sizeof(uint32_t)];
265 };
266
267 struct rar_filters
268 {
269 struct rar_virtual_machine *vm;
270 struct rar_program_code *progs;
271 struct rar_filter *stack;
272 int64_t filterstart;
273 uint32_t lastfilternum;
274 int64_t lastend;
275 uint8_t *bytes;
276 size_t bytes_ready;
277 };
278
279 struct audio_state
280 {
281 int8_t weight[5];
282 int16_t delta[4];
283 int8_t lastdelta;
284 int error[11];
285 int count;
286 uint8_t lastbyte;
287 };
288
289 struct rar
290 {
291 /* Entries from main RAR header */
292 unsigned main_flags;
293 unsigned long file_crc;
294 char reserved1[2];
295 char reserved2[4];
296 char encryptver;
297
298 /* File header entries */
299 char compression_method;
300 unsigned file_flags;
301 int64_t packed_size;
302 int64_t unp_size;
303 time_t mtime;
304 long mnsec;
305 mode_t mode;
306 char *filename;
307 char *filename_save;
308 size_t filename_save_size;
309 size_t filename_allocated;
310
311 /* File header optional entries */
312 char salt[8];
313 time_t atime;
314 long ansec;
315 time_t ctime;
316 long cnsec;
317 time_t arctime;
318 long arcnsec;
319
320 /* Fields to help with tracking decompression of files. */
321 int64_t bytes_unconsumed;
322 int64_t bytes_remaining;
323 int64_t bytes_uncopied;
324 int64_t offset;
325 int64_t offset_outgoing;
326 int64_t offset_seek;
327 char valid;
328 unsigned int unp_offset;
329 unsigned int unp_buffer_size;
330 unsigned char *unp_buffer;
331 unsigned int dictionary_size;
332 char start_new_block;
333 char entry_eof;
334 unsigned long crc_calculated;
335 int found_first_header;
336 char has_endarc_header;
337 struct data_block_offsets *dbo;
338 unsigned int cursor;
339 unsigned int nodes;
340 char filename_must_match;
341
342 /* LZSS members */
343 struct huffman_code maincode;
344 struct huffman_code offsetcode;
345 struct huffman_code lowoffsetcode;
346 struct huffman_code lengthcode;
347 unsigned char lengthtable[HUFFMAN_TABLE_SIZE];
348 struct lzss lzss;
349 unsigned int lastlength;
350 unsigned int lastoffset;
351 unsigned int oldoffset[4];
352 unsigned int lastlowoffset;
353 unsigned int numlowoffsetrepeats;
354 char start_new_table;
355
356 /* Filters */
357 struct rar_filters filters;
358
359 /* PPMd Variant H members */
360 char ppmd_valid;
361 char ppmd_eod;
362 char is_ppmd_block;
363 int ppmd_escape;
364 CPpmd7 ppmd7_context;
365 CPpmd7z_RangeDec range_dec;
366 IByteIn bytein;
367
368 /*
369 * String conversion object.
370 */
371 int init_default_conversion;
372 struct archive_string_conv *sconv_default;
373 struct archive_string_conv *opt_sconv;
374 struct archive_string_conv *sconv_utf8;
375 struct archive_string_conv *sconv_utf16be;
376
377 /*
378 * Bit stream reader.
379 */
380 struct rar_br {
381 #define CACHE_TYPE uint64_t
382 #define CACHE_BITS (8 * sizeof(CACHE_TYPE))
383 /* Cache buffer. */
384 CACHE_TYPE cache_buffer;
385 /* Indicates how many bits avail in cache_buffer. */
386 int cache_avail;
387 ssize_t avail_in;
388 const unsigned char *next_in;
389 } br;
390
391 /*
392 * Custom field to denote that this archive contains encrypted entries
393 */
394 int has_encrypted_entries;
395 };
396
397 static int archive_read_support_format_rar_capabilities(struct archive_read *);
398 static int archive_read_format_rar_has_encrypted_entries(struct archive_read *);
399 static int archive_read_format_rar_bid(struct archive_read *, int);
400 static int archive_read_format_rar_options(struct archive_read *,
401 const char *, const char *);
402 static int archive_read_format_rar_read_header(struct archive_read *,
403 struct archive_entry *);
404 static int archive_read_format_rar_read_data(struct archive_read *,
405 const void **, size_t *, int64_t *);
406 static int archive_read_format_rar_read_data_skip(struct archive_read *a);
407 static int64_t archive_read_format_rar_seek_data(struct archive_read *, int64_t,
408 int);
409 static int archive_read_format_rar_cleanup(struct archive_read *);
410
411 /* Support functions */
412 static int read_header(struct archive_read *, struct archive_entry *, char);
413 static time_t get_time(int);
414 static int read_exttime(const char *, struct rar *, const char *);
415 static int read_symlink_stored(struct archive_read *, struct archive_entry *,
416 struct archive_string_conv *);
417 static int read_data_stored(struct archive_read *, const void **, size_t *,
418 int64_t *);
419 static int read_data_compressed(struct archive_read *, const void **, size_t *,
420 int64_t *, size_t);
421 static int rar_br_preparation(struct archive_read *, struct rar_br *);
422 static int parse_codes(struct archive_read *);
423 static void free_codes(struct archive_read *);
424 static int read_next_symbol(struct archive_read *, struct huffman_code *);
425 static int create_code(struct archive_read *, struct huffman_code *,
426 unsigned char *, int, char);
427 static int add_value(struct archive_read *, struct huffman_code *, int, int,
428 int);
429 static int new_node(struct huffman_code *);
430 static int make_table(struct archive_read *, struct huffman_code *);
431 static int make_table_recurse(struct archive_read *, struct huffman_code *, int,
432 struct huffman_table_entry *, int, int);
433 static int expand(struct archive_read *, int64_t *);
434 static int copy_from_lzss_window_to_unp(struct archive_read *, const void **,
435 int64_t, int);
436 static const void *rar_read_ahead(struct archive_read *, size_t, ssize_t *);
437 static int parse_filter(struct archive_read *, const uint8_t *, uint16_t,
438 uint8_t);
439 static int run_filters(struct archive_read *);
440 static void clear_filters(struct rar_filters *);
441 static struct rar_filter *create_filter(struct rar_program_code *,
442 const uint8_t *, uint32_t,
443 uint32_t[8], size_t, uint32_t);
444 static void delete_filter(struct rar_filter *filter);
445 static struct rar_program_code *compile_program(const uint8_t *, size_t);
446 static void delete_program_code(struct rar_program_code *prog);
447 static uint32_t membr_next_rarvm_number(struct memory_bit_reader *br);
448 static inline uint32_t membr_bits(struct memory_bit_reader *br, int bits);
449 static int membr_fill(struct memory_bit_reader *br, int bits);
450 static int read_filter(struct archive_read *, int64_t *);
451 static int rar_decode_byte(struct archive_read*, uint8_t *);
452 static int execute_filter(struct archive_read*, struct rar_filter *,
453 struct rar_virtual_machine *, size_t);
454 static int copy_from_lzss_window(struct archive_read *, void *, int64_t, int);
455 static inline void vm_write_32(struct rar_virtual_machine*, size_t, uint32_t);
456 static inline uint32_t vm_read_32(struct rar_virtual_machine*, size_t);
457
458 /*
459 * Bit stream reader.
460 */
461 /* Check that the cache buffer has enough bits. */
462 #define rar_br_has(br, n) ((br)->cache_avail >= n)
463 /* Get compressed data by bit. */
464 #define rar_br_bits(br, n) \
465 (((uint32_t)((br)->cache_buffer >> \
466 ((br)->cache_avail - (n)))) & cache_masks[n])
467 #define rar_br_bits_forced(br, n) \
468 (((uint32_t)((br)->cache_buffer << \
469 ((n) - (br)->cache_avail))) & cache_masks[n])
470 /* Read ahead to make sure the cache buffer has enough compressed data we
471 * will use.
472 * True : completed, there is enough data in the cache buffer.
473 * False : there is no data in the stream. */
474 #define rar_br_read_ahead(a, br, n) \
475 ((rar_br_has(br, (n)) || rar_br_fillup(a, br)) || rar_br_has(br, (n)))
476 /* Notify how many bits we consumed. */
477 #define rar_br_consume(br, n) ((br)->cache_avail -= (n))
478 #define rar_br_consume_unalined_bits(br) ((br)->cache_avail &= ~7)
479
480 static const uint32_t cache_masks[] = {
481 0x00000000, 0x00000001, 0x00000003, 0x00000007,
482 0x0000000F, 0x0000001F, 0x0000003F, 0x0000007F,
483 0x000000FF, 0x000001FF, 0x000003FF, 0x000007FF,
484 0x00000FFF, 0x00001FFF, 0x00003FFF, 0x00007FFF,
485 0x0000FFFF, 0x0001FFFF, 0x0003FFFF, 0x0007FFFF,
486 0x000FFFFF, 0x001FFFFF, 0x003FFFFF, 0x007FFFFF,
487 0x00FFFFFF, 0x01FFFFFF, 0x03FFFFFF, 0x07FFFFFF,
488 0x0FFFFFFF, 0x1FFFFFFF, 0x3FFFFFFF, 0x7FFFFFFF,
489 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
490 };
491
492 /*
493 * Shift away used bits in the cache data and fill it up with following bits.
494 * Call this when cache buffer does not have enough bits you need.
495 *
496 * Returns 1 if the cache buffer is full.
497 * Returns 0 if the cache buffer is not full; input buffer is empty.
498 */
499 static int
rar_br_fillup(struct archive_read * a,struct rar_br * br)500 rar_br_fillup(struct archive_read *a, struct rar_br *br)
501 {
502 struct rar *rar = (struct rar *)(a->format->data);
503 int n = CACHE_BITS - br->cache_avail;
504
505 for (;;) {
506 switch (n >> 3) {
507 case 8:
508 if (br->avail_in >= 8) {
509 br->cache_buffer =
510 ((uint64_t)br->next_in[0]) << 56 |
511 ((uint64_t)br->next_in[1]) << 48 |
512 ((uint64_t)br->next_in[2]) << 40 |
513 ((uint64_t)br->next_in[3]) << 32 |
514 ((uint32_t)br->next_in[4]) << 24 |
515 ((uint32_t)br->next_in[5]) << 16 |
516 ((uint32_t)br->next_in[6]) << 8 |
517 (uint32_t)br->next_in[7];
518 br->next_in += 8;
519 br->avail_in -= 8;
520 br->cache_avail += 8 * 8;
521 rar->bytes_unconsumed += 8;
522 rar->bytes_remaining -= 8;
523 return (1);
524 }
525 break;
526 case 7:
527 if (br->avail_in >= 7) {
528 br->cache_buffer =
529 (br->cache_buffer << 56) |
530 ((uint64_t)br->next_in[0]) << 48 |
531 ((uint64_t)br->next_in[1]) << 40 |
532 ((uint64_t)br->next_in[2]) << 32 |
533 ((uint32_t)br->next_in[3]) << 24 |
534 ((uint32_t)br->next_in[4]) << 16 |
535 ((uint32_t)br->next_in[5]) << 8 |
536 (uint32_t)br->next_in[6];
537 br->next_in += 7;
538 br->avail_in -= 7;
539 br->cache_avail += 7 * 8;
540 rar->bytes_unconsumed += 7;
541 rar->bytes_remaining -= 7;
542 return (1);
543 }
544 break;
545 case 6:
546 if (br->avail_in >= 6) {
547 br->cache_buffer =
548 (br->cache_buffer << 48) |
549 ((uint64_t)br->next_in[0]) << 40 |
550 ((uint64_t)br->next_in[1]) << 32 |
551 ((uint32_t)br->next_in[2]) << 24 |
552 ((uint32_t)br->next_in[3]) << 16 |
553 ((uint32_t)br->next_in[4]) << 8 |
554 (uint32_t)br->next_in[5];
555 br->next_in += 6;
556 br->avail_in -= 6;
557 br->cache_avail += 6 * 8;
558 rar->bytes_unconsumed += 6;
559 rar->bytes_remaining -= 6;
560 return (1);
561 }
562 break;
563 case 0:
564 /* We have enough compressed data in
565 * the cache buffer.*/
566 return (1);
567 default:
568 break;
569 }
570 if (br->avail_in <= 0) {
571
572 if (rar->bytes_unconsumed > 0) {
573 /* Consume as much as the decompressor
574 * actually used. */
575 __archive_read_consume(a, rar->bytes_unconsumed);
576 rar->bytes_unconsumed = 0;
577 }
578 br->next_in = rar_read_ahead(a, 1, &(br->avail_in));
579 if (br->next_in == NULL)
580 return (0);
581 if (br->avail_in == 0)
582 return (0);
583 }
584 br->cache_buffer =
585 (br->cache_buffer << 8) | *br->next_in++;
586 br->avail_in--;
587 br->cache_avail += 8;
588 n -= 8;
589 rar->bytes_unconsumed++;
590 rar->bytes_remaining--;
591 }
592 }
593
594 static int
rar_br_preparation(struct archive_read * a,struct rar_br * br)595 rar_br_preparation(struct archive_read *a, struct rar_br *br)
596 {
597 struct rar *rar = (struct rar *)(a->format->data);
598
599 if (rar->bytes_remaining > 0) {
600 br->next_in = rar_read_ahead(a, 1, &(br->avail_in));
601 if (br->next_in == NULL) {
602 archive_set_error(&a->archive,
603 ARCHIVE_ERRNO_FILE_FORMAT,
604 "Truncated RAR file data");
605 return (ARCHIVE_FATAL);
606 }
607 if (br->cache_avail == 0)
608 (void)rar_br_fillup(a, br);
609 }
610 return (ARCHIVE_OK);
611 }
612
613 /* Find last bit set */
614 static inline int
rar_fls(unsigned int word)615 rar_fls(unsigned int word)
616 {
617 word |= (word >> 1);
618 word |= (word >> 2);
619 word |= (word >> 4);
620 word |= (word >> 8);
621 word |= (word >> 16);
622 return word - (word >> 1);
623 }
624
625 /* LZSS functions */
626 static inline int64_t
lzss_position(struct lzss * lzss)627 lzss_position(struct lzss *lzss)
628 {
629 return lzss->position;
630 }
631
632 static inline int
lzss_mask(struct lzss * lzss)633 lzss_mask(struct lzss *lzss)
634 {
635 return lzss->mask;
636 }
637
638 static inline int
lzss_size(struct lzss * lzss)639 lzss_size(struct lzss *lzss)
640 {
641 return lzss->mask + 1;
642 }
643
644 static inline int
lzss_offset_for_position(struct lzss * lzss,int64_t pos)645 lzss_offset_for_position(struct lzss *lzss, int64_t pos)
646 {
647 return (int)(pos & lzss->mask);
648 }
649
650 static inline unsigned char *
lzss_pointer_for_position(struct lzss * lzss,int64_t pos)651 lzss_pointer_for_position(struct lzss *lzss, int64_t pos)
652 {
653 return &lzss->window[lzss_offset_for_position(lzss, pos)];
654 }
655
656 static inline int
lzss_current_offset(struct lzss * lzss)657 lzss_current_offset(struct lzss *lzss)
658 {
659 return lzss_offset_for_position(lzss, lzss->position);
660 }
661
662 static inline uint8_t *
lzss_current_pointer(struct lzss * lzss)663 lzss_current_pointer(struct lzss *lzss)
664 {
665 return lzss_pointer_for_position(lzss, lzss->position);
666 }
667
668 static inline void
lzss_emit_literal(struct rar * rar,uint8_t literal)669 lzss_emit_literal(struct rar *rar, uint8_t literal)
670 {
671 *lzss_current_pointer(&rar->lzss) = literal;
672 rar->lzss.position++;
673 }
674
675 static inline void
lzss_emit_match(struct rar * rar,int offset,int length)676 lzss_emit_match(struct rar *rar, int offset, int length)
677 {
678 int dstoffs = lzss_current_offset(&rar->lzss);
679 int srcoffs = (dstoffs - offset) & lzss_mask(&rar->lzss);
680 int l, li, remaining;
681 unsigned char *d, *s;
682
683 remaining = length;
684 while (remaining > 0) {
685 l = remaining;
686 if (dstoffs > srcoffs) {
687 if (l > lzss_size(&rar->lzss) - dstoffs)
688 l = lzss_size(&rar->lzss) - dstoffs;
689 } else {
690 if (l > lzss_size(&rar->lzss) - srcoffs)
691 l = lzss_size(&rar->lzss) - srcoffs;
692 }
693 d = &(rar->lzss.window[dstoffs]);
694 s = &(rar->lzss.window[srcoffs]);
695 if ((dstoffs + l < srcoffs) || (srcoffs + l < dstoffs))
696 memcpy(d, s, l);
697 else {
698 for (li = 0; li < l; li++)
699 d[li] = s[li];
700 }
701 remaining -= l;
702 dstoffs = (dstoffs + l) & lzss_mask(&(rar->lzss));
703 srcoffs = (srcoffs + l) & lzss_mask(&(rar->lzss));
704 }
705 rar->lzss.position += length;
706 }
707
708 static Byte
ppmd_read(void * p)709 ppmd_read(void *p)
710 {
711 struct archive_read *a = ((IByteIn*)p)->a;
712 struct rar *rar = (struct rar *)(a->format->data);
713 struct rar_br *br = &(rar->br);
714 Byte b;
715 if (!rar_br_read_ahead(a, br, 8))
716 {
717 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
718 "Truncated RAR file data");
719 rar->valid = 0;
720 return 0;
721 }
722 b = rar_br_bits(br, 8);
723 rar_br_consume(br, 8);
724 return b;
725 }
726
727 int
archive_read_support_format_rar(struct archive * _a)728 archive_read_support_format_rar(struct archive *_a)
729 {
730 struct archive_read *a = (struct archive_read *)_a;
731 struct rar *rar;
732 int r;
733
734 archive_check_magic(_a, ARCHIVE_READ_MAGIC, ARCHIVE_STATE_NEW,
735 "archive_read_support_format_rar");
736
737 rar = (struct rar *)calloc(1, sizeof(*rar));
738 if (rar == NULL)
739 {
740 archive_set_error(&a->archive, ENOMEM, "Can't allocate rar data");
741 return (ARCHIVE_FATAL);
742 }
743
744 /*
745 * Until enough data has been read, we cannot tell about
746 * any encrypted entries yet.
747 */
748 rar->has_encrypted_entries = ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
749
750 r = __archive_read_register_format(a,
751 rar,
752 "rar",
753 archive_read_format_rar_bid,
754 archive_read_format_rar_options,
755 archive_read_format_rar_read_header,
756 archive_read_format_rar_read_data,
757 archive_read_format_rar_read_data_skip,
758 archive_read_format_rar_seek_data,
759 archive_read_format_rar_cleanup,
760 archive_read_support_format_rar_capabilities,
761 archive_read_format_rar_has_encrypted_entries);
762
763 if (r != ARCHIVE_OK)
764 free(rar);
765 return (r);
766 }
767
768 static int
archive_read_support_format_rar_capabilities(struct archive_read * a)769 archive_read_support_format_rar_capabilities(struct archive_read * a)
770 {
771 (void)a; /* UNUSED */
772 return (ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA
773 | ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA);
774 }
775
776 static int
archive_read_format_rar_has_encrypted_entries(struct archive_read * _a)777 archive_read_format_rar_has_encrypted_entries(struct archive_read *_a)
778 {
779 if (_a && _a->format) {
780 struct rar * rar = (struct rar *)_a->format->data;
781 if (rar) {
782 return rar->has_encrypted_entries;
783 }
784 }
785 return ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
786 }
787
788
789 static int
archive_read_format_rar_bid(struct archive_read * a,int best_bid)790 archive_read_format_rar_bid(struct archive_read *a, int best_bid)
791 {
792 const char *p;
793
794 /* If there's already a bid > 30, we'll never win. */
795 if (best_bid > 30)
796 return (-1);
797
798 if ((p = __archive_read_ahead(a, 7, NULL)) == NULL)
799 return (-1);
800
801 if (memcmp(p, RAR_SIGNATURE, 7) == 0)
802 return (30);
803
804 if ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0) {
805 /* This is a PE file */
806 ssize_t offset = 0x10000;
807 ssize_t window = 4096;
808 ssize_t bytes_avail;
809 while (offset + window <= (1024 * 128)) {
810 const char *buff = __archive_read_ahead(a, offset + window, &bytes_avail);
811 if (buff == NULL) {
812 /* Remaining bytes are less than window. */
813 window >>= 1;
814 if (window < 0x40)
815 return (0);
816 continue;
817 }
818 p = buff + offset;
819 while (p + 7 < buff + bytes_avail) {
820 if (memcmp(p, RAR_SIGNATURE, 7) == 0)
821 return (30);
822 p += 0x10;
823 }
824 offset = p - buff;
825 }
826 }
827 return (0);
828 }
829
830 static int
skip_sfx(struct archive_read * a)831 skip_sfx(struct archive_read *a)
832 {
833 const void *h;
834 const char *p, *q;
835 size_t skip, total;
836 ssize_t bytes, window;
837
838 total = 0;
839 window = 4096;
840 while (total + window <= (1024 * 128)) {
841 h = __archive_read_ahead(a, window, &bytes);
842 if (h == NULL) {
843 /* Remaining bytes are less than window. */
844 window >>= 1;
845 if (window < 0x40)
846 goto fatal;
847 continue;
848 }
849 if (bytes < 0x40)
850 goto fatal;
851 p = h;
852 q = p + bytes;
853
854 /*
855 * Scan ahead until we find something that looks
856 * like the RAR header.
857 */
858 while (p + 7 < q) {
859 if (memcmp(p, RAR_SIGNATURE, 7) == 0) {
860 skip = p - (const char *)h;
861 __archive_read_consume(a, skip);
862 return (ARCHIVE_OK);
863 }
864 p += 0x10;
865 }
866 skip = p - (const char *)h;
867 __archive_read_consume(a, skip);
868 total += skip;
869 }
870 fatal:
871 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
872 "Couldn't find out RAR header");
873 return (ARCHIVE_FATAL);
874 }
875
876 static int
archive_read_format_rar_options(struct archive_read * a,const char * key,const char * val)877 archive_read_format_rar_options(struct archive_read *a,
878 const char *key, const char *val)
879 {
880 struct rar *rar;
881 int ret = ARCHIVE_FAILED;
882
883 rar = (struct rar *)(a->format->data);
884 if (strcmp(key, "hdrcharset") == 0) {
885 if (val == NULL || val[0] == 0)
886 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
887 "rar: hdrcharset option needs a character-set name");
888 else {
889 rar->opt_sconv =
890 archive_string_conversion_from_charset(
891 &a->archive, val, 0);
892 if (rar->opt_sconv != NULL)
893 ret = ARCHIVE_OK;
894 else
895 ret = ARCHIVE_FATAL;
896 }
897 return (ret);
898 }
899
900 /* Note: The "warn" return is just to inform the options
901 * supervisor that we didn't handle it. It will generate
902 * a suitable error if no one used this option. */
903 return (ARCHIVE_WARN);
904 }
905
906 static int
archive_read_format_rar_read_header(struct archive_read * a,struct archive_entry * entry)907 archive_read_format_rar_read_header(struct archive_read *a,
908 struct archive_entry *entry)
909 {
910 const void *h;
911 const char *p;
912 struct rar *rar;
913 size_t skip;
914 char head_type;
915 int ret;
916 unsigned flags;
917 unsigned long crc32_expected;
918
919 a->archive.archive_format = ARCHIVE_FORMAT_RAR;
920 if (a->archive.archive_format_name == NULL)
921 a->archive.archive_format_name = "RAR";
922
923 rar = (struct rar *)(a->format->data);
924
925 /*
926 * It should be sufficient to call archive_read_next_header() for
927 * a reader to determine if an entry is encrypted or not. If the
928 * encryption of an entry is only detectable when calling
929 * archive_read_data(), so be it. We'll do the same check there
930 * as well.
931 */
932 if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
933 rar->has_encrypted_entries = 0;
934 }
935
936 /* RAR files can be generated without EOF headers, so return ARCHIVE_EOF if
937 * this fails.
938 */
939 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
940 return (ARCHIVE_EOF);
941
942 p = h;
943 if (rar->found_first_header == 0 &&
944 ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0)) {
945 /* This is an executable ? Must be self-extracting... */
946 ret = skip_sfx(a);
947 if (ret < ARCHIVE_WARN)
948 return (ret);
949 }
950 rar->found_first_header = 1;
951
952 while (1)
953 {
954 unsigned long crc32_val;
955
956 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
957 return (ARCHIVE_FATAL);
958 p = h;
959
960 head_type = p[2];
961 switch(head_type)
962 {
963 case MARK_HEAD:
964 if (memcmp(p, RAR_SIGNATURE, 7) != 0) {
965 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
966 "Invalid marker header");
967 return (ARCHIVE_FATAL);
968 }
969 __archive_read_consume(a, 7);
970 break;
971
972 case MAIN_HEAD:
973 rar->main_flags = archive_le16dec(p + 3);
974 skip = archive_le16dec(p + 5);
975 if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)) {
976 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
977 "Invalid header size");
978 return (ARCHIVE_FATAL);
979 }
980 if ((h = __archive_read_ahead(a, skip, NULL)) == NULL)
981 return (ARCHIVE_FATAL);
982 p = h;
983 memcpy(rar->reserved1, p + 7, sizeof(rar->reserved1));
984 memcpy(rar->reserved2, p + 7 + sizeof(rar->reserved1),
985 sizeof(rar->reserved2));
986 if (rar->main_flags & MHD_ENCRYPTVER) {
987 if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)+1) {
988 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
989 "Invalid header size");
990 return (ARCHIVE_FATAL);
991 }
992 rar->encryptver = *(p + 7 + sizeof(rar->reserved1) +
993 sizeof(rar->reserved2));
994 }
995
996 /* Main header is password encrypted, so we cannot read any
997 file names or any other info about files from the header. */
998 if (rar->main_flags & MHD_PASSWORD)
999 {
1000 archive_entry_set_is_metadata_encrypted(entry, 1);
1001 archive_entry_set_is_data_encrypted(entry, 1);
1002 rar->has_encrypted_entries = 1;
1003 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1004 "RAR encryption support unavailable.");
1005 return (ARCHIVE_FATAL);
1006 }
1007
1008 crc32_val = crc32(0, (const unsigned char *)p + 2, (unsigned)skip - 2);
1009 if ((crc32_val & 0xffff) != archive_le16dec(p)) {
1010 #ifndef DONT_FAIL_ON_CRC_ERROR
1011 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1012 "Header CRC error");
1013 return (ARCHIVE_FATAL);
1014 #endif
1015 }
1016 __archive_read_consume(a, skip);
1017 break;
1018
1019 case FILE_HEAD:
1020 return read_header(a, entry, head_type);
1021
1022 case COMM_HEAD:
1023 case AV_HEAD:
1024 case SUB_HEAD:
1025 case PROTECT_HEAD:
1026 case SIGN_HEAD:
1027 case ENDARC_HEAD:
1028 flags = archive_le16dec(p + 3);
1029 skip = archive_le16dec(p + 5);
1030 if (skip < 7) {
1031 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1032 "Invalid header size too small");
1033 return (ARCHIVE_FATAL);
1034 }
1035 if (flags & HD_ADD_SIZE_PRESENT)
1036 {
1037 if (skip < 7 + 4) {
1038 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1039 "Invalid header size too small");
1040 return (ARCHIVE_FATAL);
1041 }
1042 if ((h = __archive_read_ahead(a, skip, NULL)) == NULL)
1043 return (ARCHIVE_FATAL);
1044 p = h;
1045 skip += archive_le32dec(p + 7);
1046 }
1047
1048 /* Skip over the 2-byte CRC at the beginning of the header. */
1049 crc32_expected = archive_le16dec(p);
1050 __archive_read_consume(a, 2);
1051 skip -= 2;
1052
1053 /* Skim the entire header and compute the CRC. */
1054 crc32_val = 0;
1055 while (skip > 0) {
1056 size_t to_read = skip;
1057 if (to_read > 32 * 1024)
1058 to_read = 32 * 1024;
1059 if ((h = __archive_read_ahead(a, to_read, NULL)) == NULL) {
1060 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1061 "Bad RAR file");
1062 return (ARCHIVE_FATAL);
1063 }
1064 p = h;
1065 crc32_val = crc32(crc32_val, (const unsigned char *)p, (unsigned int)to_read);
1066 __archive_read_consume(a, to_read);
1067 skip -= to_read;
1068 }
1069 if ((crc32_val & 0xffff) != crc32_expected) {
1070 #ifndef DONT_FAIL_ON_CRC_ERROR
1071 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1072 "Header CRC error");
1073 return (ARCHIVE_FATAL);
1074 #endif
1075 }
1076 if (head_type == ENDARC_HEAD)
1077 return (ARCHIVE_EOF);
1078 break;
1079
1080 case NEWSUB_HEAD:
1081 if ((ret = read_header(a, entry, head_type)) < ARCHIVE_WARN)
1082 return ret;
1083 break;
1084
1085 default:
1086 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1087 "Bad RAR file");
1088 return (ARCHIVE_FATAL);
1089 }
1090 }
1091 }
1092
1093 static int
archive_read_format_rar_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1094 archive_read_format_rar_read_data(struct archive_read *a, const void **buff,
1095 size_t *size, int64_t *offset)
1096 {
1097 struct rar *rar = (struct rar *)(a->format->data);
1098 int ret;
1099
1100 if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
1101 rar->has_encrypted_entries = 0;
1102 }
1103
1104 if (rar->bytes_unconsumed > 0) {
1105 /* Consume as much as the decompressor actually used. */
1106 __archive_read_consume(a, rar->bytes_unconsumed);
1107 rar->bytes_unconsumed = 0;
1108 }
1109
1110 *buff = NULL;
1111 if (rar->entry_eof || rar->offset_seek >= rar->unp_size) {
1112 *size = 0;
1113 *offset = rar->offset;
1114 if (*offset < rar->unp_size)
1115 *offset = rar->unp_size;
1116 return (ARCHIVE_EOF);
1117 }
1118
1119 switch (rar->compression_method)
1120 {
1121 case COMPRESS_METHOD_STORE:
1122 ret = read_data_stored(a, buff, size, offset);
1123 break;
1124
1125 case COMPRESS_METHOD_FASTEST:
1126 case COMPRESS_METHOD_FAST:
1127 case COMPRESS_METHOD_NORMAL:
1128 case COMPRESS_METHOD_GOOD:
1129 case COMPRESS_METHOD_BEST:
1130 ret = read_data_compressed(a, buff, size, offset, 0);
1131 if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) {
1132 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1133 rar->start_new_table = 1;
1134 rar->ppmd_valid = 0;
1135 }
1136 break;
1137
1138 default:
1139 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1140 "Unsupported compression method for RAR file.");
1141 ret = ARCHIVE_FATAL;
1142 break;
1143 }
1144 return (ret);
1145 }
1146
1147 static int
archive_read_format_rar_read_data_skip(struct archive_read * a)1148 archive_read_format_rar_read_data_skip(struct archive_read *a)
1149 {
1150 struct rar *rar;
1151 int64_t bytes_skipped;
1152 int ret;
1153
1154 rar = (struct rar *)(a->format->data);
1155
1156 if (rar->bytes_unconsumed > 0) {
1157 /* Consume as much as the decompressor actually used. */
1158 __archive_read_consume(a, rar->bytes_unconsumed);
1159 rar->bytes_unconsumed = 0;
1160 }
1161
1162 if (rar->bytes_remaining > 0) {
1163 bytes_skipped = __archive_read_consume(a, rar->bytes_remaining);
1164 if (bytes_skipped < 0)
1165 return (ARCHIVE_FATAL);
1166 }
1167
1168 /* Compressed data to skip must be read from each header in a multivolume
1169 * archive.
1170 */
1171 if (rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER)
1172 {
1173 ret = archive_read_format_rar_read_header(a, a->entry);
1174 if (ret == (ARCHIVE_EOF))
1175 ret = archive_read_format_rar_read_header(a, a->entry);
1176 if (ret != (ARCHIVE_OK))
1177 return ret;
1178 return archive_read_format_rar_read_data_skip(a);
1179 }
1180
1181 return (ARCHIVE_OK);
1182 }
1183
1184 static int64_t
archive_read_format_rar_seek_data(struct archive_read * a,int64_t offset,int whence)1185 archive_read_format_rar_seek_data(struct archive_read *a, int64_t offset,
1186 int whence)
1187 {
1188 int64_t client_offset, ret;
1189 unsigned int i;
1190 struct rar *rar = (struct rar *)(a->format->data);
1191
1192 if (rar->compression_method == COMPRESS_METHOD_STORE)
1193 {
1194 /* Modify the offset for use with SEEK_SET */
1195 switch (whence)
1196 {
1197 case SEEK_CUR:
1198 client_offset = rar->offset_seek;
1199 break;
1200 case SEEK_END:
1201 client_offset = rar->unp_size;
1202 break;
1203 case SEEK_SET:
1204 default:
1205 client_offset = 0;
1206 }
1207 client_offset += offset;
1208 if (client_offset < 0)
1209 {
1210 /* Can't seek past beginning of data block */
1211 return -1;
1212 }
1213 else if (client_offset > rar->unp_size)
1214 {
1215 /*
1216 * Set the returned offset but only seek to the end of
1217 * the data block.
1218 */
1219 rar->offset_seek = client_offset;
1220 client_offset = rar->unp_size;
1221 }
1222
1223 client_offset += rar->dbo[0].start_offset;
1224 i = 0;
1225 while (i < rar->cursor)
1226 {
1227 i++;
1228 client_offset += rar->dbo[i].start_offset - rar->dbo[i-1].end_offset;
1229 }
1230 if (rar->main_flags & MHD_VOLUME)
1231 {
1232 /* Find the appropriate offset among the multivolume archive */
1233 while (1)
1234 {
1235 if (client_offset < rar->dbo[rar->cursor].start_offset &&
1236 rar->file_flags & FHD_SPLIT_BEFORE)
1237 {
1238 /* Search backwards for the correct data block */
1239 if (rar->cursor == 0)
1240 {
1241 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1242 "Attempt to seek past beginning of RAR data block");
1243 return (ARCHIVE_FAILED);
1244 }
1245 rar->cursor--;
1246 client_offset -= rar->dbo[rar->cursor+1].start_offset -
1247 rar->dbo[rar->cursor].end_offset;
1248 if (client_offset < rar->dbo[rar->cursor].start_offset)
1249 continue;
1250 ret = __archive_read_seek(a, rar->dbo[rar->cursor].start_offset -
1251 rar->dbo[rar->cursor].header_size, SEEK_SET);
1252 if (ret < (ARCHIVE_OK))
1253 return ret;
1254 ret = archive_read_format_rar_read_header(a, a->entry);
1255 if (ret != (ARCHIVE_OK))
1256 {
1257 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1258 "Error during seek of RAR file");
1259 return (ARCHIVE_FAILED);
1260 }
1261 rar->cursor--;
1262 break;
1263 }
1264 else if (client_offset > rar->dbo[rar->cursor].end_offset &&
1265 rar->file_flags & FHD_SPLIT_AFTER)
1266 {
1267 /* Search forward for the correct data block */
1268 rar->cursor++;
1269 if (rar->cursor < rar->nodes &&
1270 client_offset > rar->dbo[rar->cursor].end_offset)
1271 {
1272 client_offset += rar->dbo[rar->cursor].start_offset -
1273 rar->dbo[rar->cursor-1].end_offset;
1274 continue;
1275 }
1276 rar->cursor--;
1277 ret = __archive_read_seek(a, rar->dbo[rar->cursor].end_offset,
1278 SEEK_SET);
1279 if (ret < (ARCHIVE_OK))
1280 return ret;
1281 ret = archive_read_format_rar_read_header(a, a->entry);
1282 if (ret == (ARCHIVE_EOF))
1283 {
1284 rar->has_endarc_header = 1;
1285 ret = archive_read_format_rar_read_header(a, a->entry);
1286 }
1287 if (ret != (ARCHIVE_OK))
1288 {
1289 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1290 "Error during seek of RAR file");
1291 return (ARCHIVE_FAILED);
1292 }
1293 client_offset += rar->dbo[rar->cursor].start_offset -
1294 rar->dbo[rar->cursor-1].end_offset;
1295 continue;
1296 }
1297 break;
1298 }
1299 }
1300
1301 ret = __archive_read_seek(a, client_offset, SEEK_SET);
1302 if (ret < (ARCHIVE_OK))
1303 return ret;
1304 rar->bytes_remaining = rar->dbo[rar->cursor].end_offset - ret;
1305 i = rar->cursor;
1306 while (i > 0)
1307 {
1308 i--;
1309 ret -= rar->dbo[i+1].start_offset - rar->dbo[i].end_offset;
1310 }
1311 ret -= rar->dbo[0].start_offset;
1312
1313 /* Always restart reading the file after a seek */
1314 __archive_reset_read_data(&a->archive);
1315
1316 rar->bytes_unconsumed = 0;
1317 rar->offset = 0;
1318
1319 /*
1320 * If a seek past the end of file was requested, return the requested
1321 * offset.
1322 */
1323 if (ret == rar->unp_size && rar->offset_seek > rar->unp_size)
1324 return rar->offset_seek;
1325
1326 /* Return the new offset */
1327 rar->offset_seek = ret;
1328 return rar->offset_seek;
1329 }
1330 else
1331 {
1332 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1333 "Seeking of compressed RAR files is unsupported");
1334 }
1335 return (ARCHIVE_FAILED);
1336 }
1337
1338 static int
archive_read_format_rar_cleanup(struct archive_read * a)1339 archive_read_format_rar_cleanup(struct archive_read *a)
1340 {
1341 struct rar *rar;
1342
1343 rar = (struct rar *)(a->format->data);
1344 free_codes(a);
1345 clear_filters(&rar->filters);
1346 free(rar->filename);
1347 free(rar->filename_save);
1348 free(rar->dbo);
1349 free(rar->unp_buffer);
1350 free(rar->lzss.window);
1351 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1352 free(rar);
1353 (a->format->data) = NULL;
1354 return (ARCHIVE_OK);
1355 }
1356
1357 static int
read_header(struct archive_read * a,struct archive_entry * entry,char head_type)1358 read_header(struct archive_read *a, struct archive_entry *entry,
1359 char head_type)
1360 {
1361 const void *h;
1362 const char *p, *endp;
1363 struct rar *rar;
1364 struct rar_header rar_header;
1365 struct rar_file_header file_header;
1366 int64_t header_size;
1367 unsigned filename_size, end;
1368 char *filename;
1369 char *strp;
1370 char packed_size[8];
1371 char unp_size[8];
1372 int ttime;
1373 struct archive_string_conv *sconv, *fn_sconv;
1374 unsigned long crc32_val;
1375 int ret = (ARCHIVE_OK), ret2;
1376
1377 rar = (struct rar *)(a->format->data);
1378
1379 /* Setup a string conversion object for non-rar-unicode filenames. */
1380 sconv = rar->opt_sconv;
1381 if (sconv == NULL) {
1382 if (!rar->init_default_conversion) {
1383 rar->sconv_default =
1384 archive_string_default_conversion_for_read(
1385 &(a->archive));
1386 rar->init_default_conversion = 1;
1387 }
1388 sconv = rar->sconv_default;
1389 }
1390
1391
1392 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
1393 return (ARCHIVE_FATAL);
1394 p = h;
1395 memcpy(&rar_header, p, sizeof(rar_header));
1396 rar->file_flags = archive_le16dec(rar_header.flags);
1397 header_size = archive_le16dec(rar_header.size);
1398 if (header_size < (int64_t)sizeof(file_header) + 7) {
1399 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1400 "Invalid header size");
1401 return (ARCHIVE_FATAL);
1402 }
1403 crc32_val = crc32(0, (const unsigned char *)p + 2, 7 - 2);
1404 __archive_read_consume(a, 7);
1405
1406 if (!(rar->file_flags & FHD_SOLID))
1407 {
1408 rar->compression_method = 0;
1409 rar->packed_size = 0;
1410 rar->unp_size = 0;
1411 rar->mtime = 0;
1412 rar->ctime = 0;
1413 rar->atime = 0;
1414 rar->arctime = 0;
1415 rar->mode = 0;
1416 memset(&rar->salt, 0, sizeof(rar->salt));
1417 rar->atime = 0;
1418 rar->ansec = 0;
1419 rar->ctime = 0;
1420 rar->cnsec = 0;
1421 rar->mtime = 0;
1422 rar->mnsec = 0;
1423 rar->arctime = 0;
1424 rar->arcnsec = 0;
1425 }
1426 else
1427 {
1428 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1429 "RAR solid archive support unavailable.");
1430 return (ARCHIVE_FATAL);
1431 }
1432
1433 if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL)
1434 return (ARCHIVE_FATAL);
1435
1436 /* File Header CRC check. */
1437 crc32_val = crc32(crc32_val, h, (unsigned)(header_size - 7));
1438 if ((crc32_val & 0xffff) != archive_le16dec(rar_header.crc)) {
1439 #ifndef DONT_FAIL_ON_CRC_ERROR
1440 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1441 "Header CRC error");
1442 return (ARCHIVE_FATAL);
1443 #endif
1444 }
1445 /* If no CRC error, Go on parsing File Header. */
1446 p = h;
1447 endp = p + header_size - 7;
1448 memcpy(&file_header, p, sizeof(file_header));
1449 p += sizeof(file_header);
1450
1451 rar->compression_method = file_header.method;
1452
1453 ttime = archive_le32dec(file_header.file_time);
1454 rar->mtime = get_time(ttime);
1455
1456 rar->file_crc = archive_le32dec(file_header.file_crc);
1457
1458 if (rar->file_flags & FHD_PASSWORD)
1459 {
1460 archive_entry_set_is_data_encrypted(entry, 1);
1461 rar->has_encrypted_entries = 1;
1462 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1463 "RAR encryption support unavailable.");
1464 /* Since it is only the data part itself that is encrypted we can at least
1465 extract information about the currently processed entry and don't need
1466 to return ARCHIVE_FATAL here. */
1467 /*return (ARCHIVE_FATAL);*/
1468 }
1469
1470 if (rar->file_flags & FHD_LARGE)
1471 {
1472 memcpy(packed_size, file_header.pack_size, 4);
1473 memcpy(packed_size + 4, p, 4); /* High pack size */
1474 p += 4;
1475 memcpy(unp_size, file_header.unp_size, 4);
1476 memcpy(unp_size + 4, p, 4); /* High unpack size */
1477 p += 4;
1478 rar->packed_size = archive_le64dec(&packed_size);
1479 rar->unp_size = archive_le64dec(&unp_size);
1480 }
1481 else
1482 {
1483 rar->packed_size = archive_le32dec(file_header.pack_size);
1484 rar->unp_size = archive_le32dec(file_header.unp_size);
1485 }
1486
1487 if (rar->packed_size < 0 || rar->unp_size < 0)
1488 {
1489 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1490 "Invalid sizes specified.");
1491 return (ARCHIVE_FATAL);
1492 }
1493
1494 rar->bytes_remaining = rar->packed_size;
1495
1496 /* TODO: RARv3 subblocks contain comments. For now the complete block is
1497 * consumed at the end.
1498 */
1499 if (head_type == NEWSUB_HEAD) {
1500 size_t distance = p - (const char *)h;
1501 header_size += rar->packed_size;
1502 /* Make sure we have the extended data. */
1503 if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL)
1504 return (ARCHIVE_FATAL);
1505 p = h;
1506 endp = p + header_size - 7;
1507 p += distance;
1508 }
1509
1510 filename_size = archive_le16dec(file_header.name_size);
1511 if (p + filename_size > endp) {
1512 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1513 "Invalid filename size");
1514 return (ARCHIVE_FATAL);
1515 }
1516 if (rar->filename_allocated < filename_size * 2 + 2) {
1517 char *newptr;
1518 size_t newsize = filename_size * 2 + 2;
1519 newptr = realloc(rar->filename, newsize);
1520 if (newptr == NULL) {
1521 archive_set_error(&a->archive, ENOMEM,
1522 "Couldn't allocate memory.");
1523 return (ARCHIVE_FATAL);
1524 }
1525 rar->filename = newptr;
1526 rar->filename_allocated = newsize;
1527 }
1528 filename = rar->filename;
1529 memcpy(filename, p, filename_size);
1530 filename[filename_size] = '\0';
1531 if (rar->file_flags & FHD_UNICODE)
1532 {
1533 if (filename_size != strlen(filename))
1534 {
1535 unsigned char highbyte, flagbits, flagbyte;
1536 unsigned fn_end, offset;
1537
1538 end = filename_size;
1539 fn_end = filename_size * 2;
1540 filename_size = 0;
1541 offset = (unsigned)strlen(filename) + 1;
1542 highbyte = *(p + offset++);
1543 flagbits = 0;
1544 flagbyte = 0;
1545 while (offset < end && filename_size < fn_end)
1546 {
1547 if (!flagbits)
1548 {
1549 flagbyte = *(p + offset++);
1550 flagbits = 8;
1551 }
1552
1553 flagbits -= 2;
1554 switch((flagbyte >> flagbits) & 3)
1555 {
1556 case 0:
1557 filename[filename_size++] = '\0';
1558 filename[filename_size++] = *(p + offset++);
1559 break;
1560 case 1:
1561 filename[filename_size++] = highbyte;
1562 filename[filename_size++] = *(p + offset++);
1563 break;
1564 case 2:
1565 filename[filename_size++] = *(p + offset + 1);
1566 filename[filename_size++] = *(p + offset);
1567 offset += 2;
1568 break;
1569 case 3:
1570 {
1571 char extra, high;
1572 uint8_t length = *(p + offset++);
1573
1574 if (length & 0x80) {
1575 extra = *(p + offset++);
1576 high = (char)highbyte;
1577 } else
1578 extra = high = 0;
1579 length = (length & 0x7f) + 2;
1580 while (length && filename_size < fn_end) {
1581 unsigned cp = filename_size >> 1;
1582 filename[filename_size++] = high;
1583 filename[filename_size++] = p[cp] + extra;
1584 length--;
1585 }
1586 }
1587 break;
1588 }
1589 }
1590 if (filename_size > fn_end) {
1591 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1592 "Invalid filename");
1593 return (ARCHIVE_FATAL);
1594 }
1595 filename[filename_size++] = '\0';
1596 /*
1597 * Do not increment filename_size here as the computations below
1598 * add the space for the terminating NUL explicitly.
1599 */
1600 filename[filename_size] = '\0';
1601
1602 /* Decoded unicode form is UTF-16BE, so we have to update a string
1603 * conversion object for it. */
1604 if (rar->sconv_utf16be == NULL) {
1605 rar->sconv_utf16be = archive_string_conversion_from_charset(
1606 &a->archive, "UTF-16BE", 1);
1607 if (rar->sconv_utf16be == NULL)
1608 return (ARCHIVE_FATAL);
1609 }
1610 fn_sconv = rar->sconv_utf16be;
1611
1612 strp = filename;
1613 while (memcmp(strp, "\x00\x00", 2))
1614 {
1615 if (!memcmp(strp, "\x00\\", 2))
1616 *(strp + 1) = '/';
1617 strp += 2;
1618 }
1619 p += offset;
1620 } else {
1621 /*
1622 * If FHD_UNICODE is set but no unicode data, this file name form
1623 * is UTF-8, so we have to update a string conversion object for
1624 * it accordingly.
1625 */
1626 if (rar->sconv_utf8 == NULL) {
1627 rar->sconv_utf8 = archive_string_conversion_from_charset(
1628 &a->archive, "UTF-8", 1);
1629 if (rar->sconv_utf8 == NULL)
1630 return (ARCHIVE_FATAL);
1631 }
1632 fn_sconv = rar->sconv_utf8;
1633 while ((strp = strchr(filename, '\\')) != NULL)
1634 *strp = '/';
1635 p += filename_size;
1636 }
1637 }
1638 else
1639 {
1640 fn_sconv = sconv;
1641 while ((strp = strchr(filename, '\\')) != NULL)
1642 *strp = '/';
1643 p += filename_size;
1644 }
1645
1646 /* Split file in multivolume RAR. No more need to process header. */
1647 if (rar->filename_save &&
1648 filename_size == rar->filename_save_size &&
1649 !memcmp(rar->filename, rar->filename_save, filename_size + 1))
1650 {
1651 __archive_read_consume(a, header_size - 7);
1652 rar->cursor++;
1653 if (rar->cursor >= rar->nodes)
1654 {
1655 rar->nodes++;
1656 if ((rar->dbo =
1657 realloc(rar->dbo, sizeof(*rar->dbo) * rar->nodes)) == NULL)
1658 {
1659 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
1660 return (ARCHIVE_FATAL);
1661 }
1662 rar->dbo[rar->cursor].header_size = header_size;
1663 rar->dbo[rar->cursor].start_offset = -1;
1664 rar->dbo[rar->cursor].end_offset = -1;
1665 }
1666 if (rar->dbo[rar->cursor].start_offset < 0)
1667 {
1668 rar->dbo[rar->cursor].start_offset = a->filter->position;
1669 rar->dbo[rar->cursor].end_offset = rar->dbo[rar->cursor].start_offset +
1670 rar->packed_size;
1671 }
1672 return ret;
1673 }
1674 else if (rar->filename_must_match)
1675 {
1676 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1677 "Mismatch of file parts split across multi-volume archive");
1678 return (ARCHIVE_FATAL);
1679 }
1680
1681 rar->filename_save = (char*)realloc(rar->filename_save,
1682 filename_size + 1);
1683 memcpy(rar->filename_save, rar->filename, filename_size + 1);
1684 rar->filename_save_size = filename_size;
1685
1686 /* Set info for seeking */
1687 free(rar->dbo);
1688 if ((rar->dbo = calloc(1, sizeof(*rar->dbo))) == NULL)
1689 {
1690 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
1691 return (ARCHIVE_FATAL);
1692 }
1693 rar->dbo[0].header_size = header_size;
1694 rar->dbo[0].start_offset = -1;
1695 rar->dbo[0].end_offset = -1;
1696 rar->cursor = 0;
1697 rar->nodes = 1;
1698
1699 if (rar->file_flags & FHD_SALT)
1700 {
1701 if (p + 8 > endp) {
1702 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1703 "Invalid header size");
1704 return (ARCHIVE_FATAL);
1705 }
1706 memcpy(rar->salt, p, 8);
1707 p += 8;
1708 }
1709
1710 if (rar->file_flags & FHD_EXTTIME) {
1711 if (read_exttime(p, rar, endp) < 0) {
1712 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1713 "Invalid header size");
1714 return (ARCHIVE_FATAL);
1715 }
1716 }
1717
1718 __archive_read_consume(a, header_size - 7);
1719 rar->dbo[0].start_offset = a->filter->position;
1720 rar->dbo[0].end_offset = rar->dbo[0].start_offset + rar->packed_size;
1721
1722 switch(file_header.host_os)
1723 {
1724 case OS_MSDOS:
1725 case OS_OS2:
1726 case OS_WIN32:
1727 rar->mode = archive_le32dec(file_header.file_attr);
1728 if (rar->mode & FILE_ATTRIBUTE_DIRECTORY)
1729 rar->mode = AE_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH;
1730 else
1731 rar->mode = AE_IFREG;
1732 rar->mode |= S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
1733 break;
1734
1735 case OS_UNIX:
1736 case OS_MAC_OS:
1737 case OS_BEOS:
1738 rar->mode = archive_le32dec(file_header.file_attr);
1739 break;
1740
1741 default:
1742 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1743 "Unknown file attributes from RAR file's host OS");
1744 return (ARCHIVE_FATAL);
1745 }
1746
1747 rar->bytes_uncopied = rar->bytes_unconsumed = 0;
1748 rar->lzss.position = rar->offset = 0;
1749 rar->offset_seek = 0;
1750 rar->dictionary_size = 0;
1751 rar->offset_outgoing = 0;
1752 rar->br.cache_avail = 0;
1753 rar->br.avail_in = 0;
1754 rar->crc_calculated = 0;
1755 rar->entry_eof = 0;
1756 rar->valid = 1;
1757 rar->is_ppmd_block = 0;
1758 rar->start_new_table = 1;
1759 free(rar->unp_buffer);
1760 rar->unp_buffer = NULL;
1761 rar->unp_offset = 0;
1762 rar->unp_buffer_size = UNP_BUFFER_SIZE;
1763 memset(rar->lengthtable, 0, sizeof(rar->lengthtable));
1764 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1765 rar->ppmd_valid = rar->ppmd_eod = 0;
1766 rar->filters.filterstart = INT64_MAX;
1767
1768 /* Don't set any archive entries for non-file header types */
1769 if (head_type == NEWSUB_HEAD)
1770 return ret;
1771
1772 archive_entry_set_mtime(entry, rar->mtime, rar->mnsec);
1773 archive_entry_set_ctime(entry, rar->ctime, rar->cnsec);
1774 archive_entry_set_atime(entry, rar->atime, rar->ansec);
1775 archive_entry_set_size(entry, rar->unp_size);
1776 archive_entry_set_mode(entry, rar->mode);
1777
1778 if (archive_entry_copy_pathname_l(entry, filename, filename_size, fn_sconv))
1779 {
1780 if (errno == ENOMEM)
1781 {
1782 archive_set_error(&a->archive, ENOMEM,
1783 "Can't allocate memory for Pathname");
1784 return (ARCHIVE_FATAL);
1785 }
1786 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1787 "Pathname cannot be converted from %s to current locale.",
1788 archive_string_conversion_charset_name(fn_sconv));
1789 ret = (ARCHIVE_WARN);
1790 }
1791
1792 if (((rar->mode) & AE_IFMT) == AE_IFLNK)
1793 {
1794 /* Make sure a symbolic-link file does not have its body. */
1795 rar->bytes_remaining = 0;
1796 archive_entry_set_size(entry, 0);
1797
1798 /* Read a symbolic-link name. */
1799 if ((ret2 = read_symlink_stored(a, entry, sconv)) < (ARCHIVE_WARN))
1800 return ret2;
1801 if (ret > ret2)
1802 ret = ret2;
1803 }
1804
1805 if (rar->bytes_remaining == 0)
1806 rar->entry_eof = 1;
1807
1808 return ret;
1809 }
1810
1811 static time_t
get_time(int ttime)1812 get_time(int ttime)
1813 {
1814 struct tm tm;
1815 tm.tm_sec = 2 * (ttime & 0x1f);
1816 tm.tm_min = (ttime >> 5) & 0x3f;
1817 tm.tm_hour = (ttime >> 11) & 0x1f;
1818 tm.tm_mday = (ttime >> 16) & 0x1f;
1819 tm.tm_mon = ((ttime >> 21) & 0x0f) - 1;
1820 tm.tm_year = ((ttime >> 25) & 0x7f) + 80;
1821 tm.tm_isdst = -1;
1822 return mktime(&tm);
1823 }
1824
1825 static int
read_exttime(const char * p,struct rar * rar,const char * endp)1826 read_exttime(const char *p, struct rar *rar, const char *endp)
1827 {
1828 unsigned rmode, flags, rem, j, count;
1829 int ttime, i;
1830 struct tm *tm;
1831 time_t t;
1832 long nsec;
1833 #if defined(HAVE_LOCALTIME_R) || defined(HAVE_LOCALTIME_S)
1834 struct tm tmbuf;
1835 #endif
1836
1837 if (p + 2 > endp)
1838 return (-1);
1839 flags = archive_le16dec(p);
1840 p += 2;
1841
1842 for (i = 3; i >= 0; i--)
1843 {
1844 t = 0;
1845 if (i == 3)
1846 t = rar->mtime;
1847 rmode = flags >> i * 4;
1848 if (rmode & 8)
1849 {
1850 if (!t)
1851 {
1852 if (p + 4 > endp)
1853 return (-1);
1854 ttime = archive_le32dec(p);
1855 t = get_time(ttime);
1856 p += 4;
1857 }
1858 rem = 0;
1859 count = rmode & 3;
1860 if (p + count > endp)
1861 return (-1);
1862 for (j = 0; j < count; j++)
1863 {
1864 rem = (((unsigned)(unsigned char)*p) << 16) | (rem >> 8);
1865 p++;
1866 }
1867 #if defined(HAVE_LOCALTIME_S)
1868 tm = localtime_s(&tmbuf, &t) ? NULL : &tmbuf;
1869 #elif defined(HAVE_LOCALTIME_R)
1870 tm = localtime_r(&t, &tmbuf);
1871 #else
1872 tm = localtime(&t);
1873 #endif
1874 nsec = tm->tm_sec + rem / NS_UNIT;
1875 if (rmode & 4)
1876 {
1877 tm->tm_sec++;
1878 t = mktime(tm);
1879 }
1880 if (i == 3)
1881 {
1882 rar->mtime = t;
1883 rar->mnsec = nsec;
1884 }
1885 else if (i == 2)
1886 {
1887 rar->ctime = t;
1888 rar->cnsec = nsec;
1889 }
1890 else if (i == 1)
1891 {
1892 rar->atime = t;
1893 rar->ansec = nsec;
1894 }
1895 else
1896 {
1897 rar->arctime = t;
1898 rar->arcnsec = nsec;
1899 }
1900 }
1901 }
1902 return (0);
1903 }
1904
1905 static int
read_symlink_stored(struct archive_read * a,struct archive_entry * entry,struct archive_string_conv * sconv)1906 read_symlink_stored(struct archive_read *a, struct archive_entry *entry,
1907 struct archive_string_conv *sconv)
1908 {
1909 const void *h;
1910 const char *p;
1911 struct rar *rar;
1912 int ret = (ARCHIVE_OK);
1913
1914 rar = (struct rar *)(a->format->data);
1915 if ((h = rar_read_ahead(a, (size_t)rar->packed_size, NULL)) == NULL)
1916 return (ARCHIVE_FATAL);
1917 p = h;
1918
1919 if (archive_entry_copy_symlink_l(entry,
1920 p, (size_t)rar->packed_size, sconv))
1921 {
1922 if (errno == ENOMEM)
1923 {
1924 archive_set_error(&a->archive, ENOMEM,
1925 "Can't allocate memory for link");
1926 return (ARCHIVE_FATAL);
1927 }
1928 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1929 "link cannot be converted from %s to current locale.",
1930 archive_string_conversion_charset_name(sconv));
1931 ret = (ARCHIVE_WARN);
1932 }
1933 __archive_read_consume(a, rar->packed_size);
1934 return ret;
1935 }
1936
1937 static int
read_data_stored(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1938 read_data_stored(struct archive_read *a, const void **buff, size_t *size,
1939 int64_t *offset)
1940 {
1941 struct rar *rar;
1942 ssize_t bytes_avail;
1943
1944 rar = (struct rar *)(a->format->data);
1945 if (rar->bytes_remaining == 0 &&
1946 !(rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER))
1947 {
1948 *buff = NULL;
1949 *size = 0;
1950 *offset = rar->offset;
1951 if (rar->file_crc != rar->crc_calculated) {
1952 #ifndef DONT_FAIL_ON_CRC_ERROR
1953 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1954 "File CRC error");
1955 return (ARCHIVE_FATAL);
1956 #endif
1957 }
1958 rar->entry_eof = 1;
1959 return (ARCHIVE_EOF);
1960 }
1961
1962 *buff = rar_read_ahead(a, 1, &bytes_avail);
1963 if (bytes_avail <= 0)
1964 {
1965 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1966 "Truncated RAR file data");
1967 return (ARCHIVE_FATAL);
1968 }
1969
1970 *size = bytes_avail;
1971 *offset = rar->offset;
1972 rar->offset += bytes_avail;
1973 rar->offset_seek += bytes_avail;
1974 rar->bytes_remaining -= bytes_avail;
1975 rar->bytes_unconsumed = bytes_avail;
1976 /* Calculate File CRC. */
1977 rar->crc_calculated = crc32(rar->crc_calculated, *buff,
1978 (unsigned)bytes_avail);
1979 return (ARCHIVE_OK);
1980 }
1981
1982 static int
read_data_compressed(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset,size_t looper)1983 read_data_compressed(struct archive_read *a, const void **buff, size_t *size,
1984 int64_t *offset, size_t looper)
1985 {
1986 if (looper++ > MAX_COMPRESS_DEPTH)
1987 return (ARCHIVE_FATAL);
1988
1989 struct rar *rar;
1990 int64_t start, end;
1991 size_t bs;
1992 int ret = (ARCHIVE_OK), sym, code, lzss_offset, length, i;
1993
1994 rar = (struct rar *)(a->format->data);
1995
1996 do {
1997 if (!rar->valid)
1998 return (ARCHIVE_FATAL);
1999
2000 if (rar->filters.bytes_ready > 0)
2001 {
2002 /* Flush unp_buffer first */
2003 if (rar->unp_offset > 0)
2004 {
2005 *buff = rar->unp_buffer;
2006 *size = rar->unp_offset;
2007 rar->unp_offset = 0;
2008 *offset = rar->offset_outgoing;
2009 rar->offset_outgoing += *size;
2010 }
2011 else
2012 {
2013 *buff = rar->filters.bytes;
2014 *size = rar->filters.bytes_ready;
2015
2016 rar->offset += *size;
2017 *offset = rar->offset_outgoing;
2018 rar->offset_outgoing += *size;
2019
2020 rar->filters.bytes_ready -= *size;
2021 rar->filters.bytes += *size;
2022 }
2023 goto ending_block;
2024 }
2025
2026 if (rar->ppmd_eod ||
2027 (rar->dictionary_size && rar->offset >= rar->unp_size))
2028 {
2029 if (rar->unp_offset > 0) {
2030 /*
2031 * We have unprocessed extracted data. write it out.
2032 */
2033 *buff = rar->unp_buffer;
2034 *size = rar->unp_offset;
2035 *offset = rar->offset_outgoing;
2036 rar->offset_outgoing += *size;
2037 /* Calculate File CRC. */
2038 rar->crc_calculated = crc32(rar->crc_calculated, *buff,
2039 (unsigned)*size);
2040 rar->unp_offset = 0;
2041 return (ARCHIVE_OK);
2042 }
2043 *buff = NULL;
2044 *size = 0;
2045 *offset = rar->offset;
2046 if (rar->file_crc != rar->crc_calculated) {
2047 #ifndef DONT_FAIL_ON_CRC_ERROR
2048 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2049 "File CRC error");
2050 return (ARCHIVE_FATAL);
2051 #endif
2052 }
2053 rar->entry_eof = 1;
2054 return (ARCHIVE_EOF);
2055 }
2056
2057 if (!rar->is_ppmd_block && rar->dictionary_size && rar->bytes_uncopied > 0)
2058 {
2059 if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset))
2060 bs = rar->unp_buffer_size - rar->unp_offset;
2061 else
2062 bs = (size_t)rar->bytes_uncopied;
2063 ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs);
2064 if (ret != ARCHIVE_OK)
2065 return (ret);
2066 rar->offset += bs;
2067 rar->bytes_uncopied -= bs;
2068 if (*buff != NULL) {
2069 rar->unp_offset = 0;
2070 *size = rar->unp_buffer_size;
2071 *offset = rar->offset_outgoing;
2072 rar->offset_outgoing += *size;
2073 /* Calculate File CRC. */
2074 rar->crc_calculated = crc32(rar->crc_calculated, *buff,
2075 (unsigned)*size);
2076 return (ret);
2077 }
2078 continue;
2079 }
2080
2081 if (rar->filters.lastend == rar->filters.filterstart)
2082 {
2083 if (!run_filters(a))
2084 return (ARCHIVE_FATAL);
2085 continue;
2086 }
2087
2088 if (!rar->br.next_in &&
2089 (ret = rar_br_preparation(a, &(rar->br))) < ARCHIVE_WARN)
2090 return (ret);
2091 if (rar->start_new_table && ((ret = parse_codes(a)) < (ARCHIVE_WARN)))
2092 return (ret);
2093
2094 if (rar->is_ppmd_block)
2095 {
2096 if ((sym = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2097 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2098 {
2099 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2100 "Invalid symbol");
2101 return (ARCHIVE_FATAL);
2102 }
2103 if(sym != rar->ppmd_escape)
2104 {
2105 lzss_emit_literal(rar, sym);
2106 rar->bytes_uncopied++;
2107 }
2108 else
2109 {
2110 if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2111 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2112 {
2113 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2114 "Invalid symbol");
2115 return (ARCHIVE_FATAL);
2116 }
2117
2118 switch(code)
2119 {
2120 case 0:
2121 rar->start_new_table = 1;
2122 return read_data_compressed(a, buff, size, offset, looper);
2123
2124 case 2:
2125 rar->ppmd_eod = 1;/* End Of ppmd Data. */
2126 continue;
2127
2128 case 3:
2129 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2130 "Parsing filters is unsupported.");
2131 return (ARCHIVE_FAILED);
2132
2133 case 4:
2134 lzss_offset = 0;
2135 for (i = 2; i >= 0; i--)
2136 {
2137 if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2138 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2139 {
2140 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2141 "Invalid symbol");
2142 return (ARCHIVE_FATAL);
2143 }
2144 lzss_offset |= code << (i * 8);
2145 }
2146 if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2147 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2148 {
2149 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2150 "Invalid symbol");
2151 return (ARCHIVE_FATAL);
2152 }
2153 lzss_emit_match(rar, lzss_offset + 2, length + 32);
2154 rar->bytes_uncopied += length + 32;
2155 break;
2156
2157 case 5:
2158 if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2159 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2160 {
2161 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2162 "Invalid symbol");
2163 return (ARCHIVE_FATAL);
2164 }
2165 lzss_emit_match(rar, 1, length + 4);
2166 rar->bytes_uncopied += length + 4;
2167 break;
2168
2169 default:
2170 lzss_emit_literal(rar, sym);
2171 rar->bytes_uncopied++;
2172 }
2173 }
2174 }
2175 else
2176 {
2177 start = rar->offset;
2178 end = start + rar->dictionary_size;
2179
2180 /* We don't want to overflow the window and overwrite data that we write
2181 * at 'start'. Therefore, reduce the end length by the maximum match size,
2182 * which is 260 bytes. You can compute this maximum by looking at the
2183 * definition of 'expand', in particular when 'symbol >= 271'. */
2184 /* NOTE: It's possible for 'dictionary_size' to be less than this 260
2185 * value, however that will only be the case when 'unp_size' is small,
2186 * which should only happen when the entry size is small and there's no
2187 * risk of overflowing the buffer */
2188 if (rar->dictionary_size > 260) {
2189 end -= 260;
2190 }
2191
2192 if (rar->filters.filterstart < end) {
2193 end = rar->filters.filterstart;
2194 }
2195
2196 ret = expand(a, &end);
2197 if (ret != ARCHIVE_OK)
2198 return (ret);
2199
2200 rar->bytes_uncopied = end - start;
2201 rar->filters.lastend = end;
2202 if (rar->filters.lastend != rar->filters.filterstart && rar->bytes_uncopied == 0) {
2203 /* Broken RAR files cause this case.
2204 * NOTE: If this case were possible on a normal RAR file
2205 * we would find out where it was actually bad and
2206 * what we would do to solve it. */
2207 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2208 "Internal error extracting RAR file");
2209 return (ARCHIVE_FATAL);
2210 }
2211 }
2212 if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset))
2213 bs = rar->unp_buffer_size - rar->unp_offset;
2214 else
2215 bs = (size_t)rar->bytes_uncopied;
2216 ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs);
2217 if (ret != ARCHIVE_OK)
2218 return (ret);
2219 rar->offset += bs;
2220 rar->bytes_uncopied -= bs;
2221 /*
2222 * If *buff is NULL, it means unp_buffer is not full.
2223 * So we have to continue extracting a RAR file.
2224 */
2225 } while (*buff == NULL);
2226
2227 rar->unp_offset = 0;
2228 *size = rar->unp_buffer_size;
2229 *offset = rar->offset_outgoing;
2230 rar->offset_outgoing += *size;
2231 ending_block:
2232 /* Calculate File CRC. */
2233 rar->crc_calculated = crc32(rar->crc_calculated, *buff, (unsigned)*size);
2234 return ret;
2235 }
2236
2237 static int
parse_codes(struct archive_read * a)2238 parse_codes(struct archive_read *a)
2239 {
2240 int i, j, val, n, r;
2241 unsigned char bitlengths[MAX_SYMBOLS], zerocount, ppmd_flags;
2242 unsigned int maxorder;
2243 struct huffman_code precode;
2244 struct rar *rar = (struct rar *)(a->format->data);
2245 struct rar_br *br = &(rar->br);
2246
2247 free_codes(a);
2248
2249 /* Skip to the next byte */
2250 rar_br_consume_unalined_bits(br);
2251
2252 /* PPMd block flag */
2253 if (!rar_br_read_ahead(a, br, 1))
2254 goto truncated_data;
2255 if ((rar->is_ppmd_block = rar_br_bits(br, 1)) != 0)
2256 {
2257 rar_br_consume(br, 1);
2258 if (!rar_br_read_ahead(a, br, 7))
2259 goto truncated_data;
2260 ppmd_flags = rar_br_bits(br, 7);
2261 rar_br_consume(br, 7);
2262
2263 /* Memory is allocated in MB */
2264 if (ppmd_flags & 0x20)
2265 {
2266 if (!rar_br_read_ahead(a, br, 8))
2267 goto truncated_data;
2268 rar->dictionary_size = (rar_br_bits(br, 8) + 1) << 20;
2269 rar_br_consume(br, 8);
2270 }
2271
2272 if (ppmd_flags & 0x40)
2273 {
2274 if (!rar_br_read_ahead(a, br, 8))
2275 goto truncated_data;
2276 rar->ppmd_escape = rar->ppmd7_context.InitEsc = rar_br_bits(br, 8);
2277 rar_br_consume(br, 8);
2278 }
2279 else
2280 rar->ppmd_escape = 2;
2281
2282 if (ppmd_flags & 0x20)
2283 {
2284 maxorder = (ppmd_flags & 0x1F) + 1;
2285 if(maxorder > 16)
2286 maxorder = 16 + (maxorder - 16) * 3;
2287
2288 if (maxorder == 1)
2289 {
2290 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2291 "Truncated RAR file data");
2292 return (ARCHIVE_FATAL);
2293 }
2294
2295 /* Make sure ppmd7_contest is freed before Ppmd7_Construct
2296 * because reading a broken file cause this abnormal sequence. */
2297 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
2298
2299 rar->bytein.a = a;
2300 rar->bytein.Read = &ppmd_read;
2301 __archive_ppmd7_functions.PpmdRAR_RangeDec_CreateVTable(&rar->range_dec);
2302 rar->range_dec.Stream = &rar->bytein;
2303 __archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context);
2304
2305 if (rar->dictionary_size == 0) {
2306 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2307 "Invalid zero dictionary size");
2308 return (ARCHIVE_FATAL);
2309 }
2310
2311 if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context,
2312 rar->dictionary_size))
2313 {
2314 archive_set_error(&a->archive, ENOMEM,
2315 "Out of memory");
2316 return (ARCHIVE_FATAL);
2317 }
2318 if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec))
2319 {
2320 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2321 "Unable to initialize PPMd range decoder");
2322 return (ARCHIVE_FATAL);
2323 }
2324 __archive_ppmd7_functions.Ppmd7_Init(&rar->ppmd7_context, maxorder);
2325 rar->ppmd_valid = 1;
2326 }
2327 else
2328 {
2329 if (!rar->ppmd_valid) {
2330 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2331 "Invalid PPMd sequence");
2332 return (ARCHIVE_FATAL);
2333 }
2334 if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec))
2335 {
2336 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2337 "Unable to initialize PPMd range decoder");
2338 return (ARCHIVE_FATAL);
2339 }
2340 }
2341 }
2342 else
2343 {
2344 rar_br_consume(br, 1);
2345
2346 /* Keep existing table flag */
2347 if (!rar_br_read_ahead(a, br, 1))
2348 goto truncated_data;
2349 if (!rar_br_bits(br, 1))
2350 memset(rar->lengthtable, 0, sizeof(rar->lengthtable));
2351 rar_br_consume(br, 1);
2352
2353 memset(&bitlengths, 0, sizeof(bitlengths));
2354 for (i = 0; i < MAX_SYMBOLS;)
2355 {
2356 if (!rar_br_read_ahead(a, br, 4))
2357 goto truncated_data;
2358 bitlengths[i++] = rar_br_bits(br, 4);
2359 rar_br_consume(br, 4);
2360 if (bitlengths[i-1] == 0xF)
2361 {
2362 if (!rar_br_read_ahead(a, br, 4))
2363 goto truncated_data;
2364 zerocount = rar_br_bits(br, 4);
2365 rar_br_consume(br, 4);
2366 if (zerocount)
2367 {
2368 i--;
2369 for (j = 0; j < zerocount + 2 && i < MAX_SYMBOLS; j++)
2370 bitlengths[i++] = 0;
2371 }
2372 }
2373 }
2374
2375 memset(&precode, 0, sizeof(precode));
2376 r = create_code(a, &precode, bitlengths, MAX_SYMBOLS, MAX_SYMBOL_LENGTH);
2377 if (r != ARCHIVE_OK) {
2378 free(precode.tree);
2379 free(precode.table);
2380 return (r);
2381 }
2382
2383 for (i = 0; i < HUFFMAN_TABLE_SIZE;)
2384 {
2385 if ((val = read_next_symbol(a, &precode)) < 0) {
2386 free(precode.tree);
2387 free(precode.table);
2388 return (ARCHIVE_FATAL);
2389 }
2390 if (val < 16)
2391 {
2392 rar->lengthtable[i] = (rar->lengthtable[i] + val) & 0xF;
2393 i++;
2394 }
2395 else if (val < 18)
2396 {
2397 if (i == 0)
2398 {
2399 free(precode.tree);
2400 free(precode.table);
2401 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2402 "Internal error extracting RAR file.");
2403 return (ARCHIVE_FATAL);
2404 }
2405
2406 if(val == 16) {
2407 if (!rar_br_read_ahead(a, br, 3)) {
2408 free(precode.tree);
2409 free(precode.table);
2410 goto truncated_data;
2411 }
2412 n = rar_br_bits(br, 3) + 3;
2413 rar_br_consume(br, 3);
2414 } else {
2415 if (!rar_br_read_ahead(a, br, 7)) {
2416 free(precode.tree);
2417 free(precode.table);
2418 goto truncated_data;
2419 }
2420 n = rar_br_bits(br, 7) + 11;
2421 rar_br_consume(br, 7);
2422 }
2423
2424 for (j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++)
2425 {
2426 rar->lengthtable[i] = rar->lengthtable[i-1];
2427 i++;
2428 }
2429 }
2430 else
2431 {
2432 if(val == 18) {
2433 if (!rar_br_read_ahead(a, br, 3)) {
2434 free(precode.tree);
2435 free(precode.table);
2436 goto truncated_data;
2437 }
2438 n = rar_br_bits(br, 3) + 3;
2439 rar_br_consume(br, 3);
2440 } else {
2441 if (!rar_br_read_ahead(a, br, 7)) {
2442 free(precode.tree);
2443 free(precode.table);
2444 goto truncated_data;
2445 }
2446 n = rar_br_bits(br, 7) + 11;
2447 rar_br_consume(br, 7);
2448 }
2449
2450 for(j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++)
2451 rar->lengthtable[i++] = 0;
2452 }
2453 }
2454 free(precode.tree);
2455 free(precode.table);
2456
2457 r = create_code(a, &rar->maincode, &rar->lengthtable[0], MAINCODE_SIZE,
2458 MAX_SYMBOL_LENGTH);
2459 if (r != ARCHIVE_OK)
2460 return (r);
2461 r = create_code(a, &rar->offsetcode, &rar->lengthtable[MAINCODE_SIZE],
2462 OFFSETCODE_SIZE, MAX_SYMBOL_LENGTH);
2463 if (r != ARCHIVE_OK)
2464 return (r);
2465 r = create_code(a, &rar->lowoffsetcode,
2466 &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE],
2467 LOWOFFSETCODE_SIZE, MAX_SYMBOL_LENGTH);
2468 if (r != ARCHIVE_OK)
2469 return (r);
2470 r = create_code(a, &rar->lengthcode,
2471 &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE +
2472 LOWOFFSETCODE_SIZE], LENGTHCODE_SIZE, MAX_SYMBOL_LENGTH);
2473 if (r != ARCHIVE_OK)
2474 return (r);
2475 }
2476
2477 if (!rar->dictionary_size || !rar->lzss.window)
2478 {
2479 /* Seems as though dictionary sizes are not used. Even so, minimize
2480 * memory usage as much as possible.
2481 */
2482 void *new_window;
2483 unsigned int new_size;
2484
2485 if (rar->unp_size >= DICTIONARY_MAX_SIZE)
2486 new_size = DICTIONARY_MAX_SIZE;
2487 else
2488 new_size = rar_fls((unsigned int)rar->unp_size) << 1;
2489 if (new_size == 0) {
2490 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2491 "Zero window size is invalid.");
2492 return (ARCHIVE_FATAL);
2493 }
2494 new_window = realloc(rar->lzss.window, new_size);
2495 if (new_window == NULL) {
2496 archive_set_error(&a->archive, ENOMEM,
2497 "Unable to allocate memory for uncompressed data.");
2498 return (ARCHIVE_FATAL);
2499 }
2500 rar->lzss.window = (unsigned char *)new_window;
2501 rar->dictionary_size = new_size;
2502 memset(rar->lzss.window, 0, rar->dictionary_size);
2503 rar->lzss.mask = rar->dictionary_size - 1;
2504 }
2505
2506 rar->start_new_table = 0;
2507 return (ARCHIVE_OK);
2508 truncated_data:
2509 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2510 "Truncated RAR file data");
2511 rar->valid = 0;
2512 return (ARCHIVE_FATAL);
2513 }
2514
2515 static void
free_codes(struct archive_read * a)2516 free_codes(struct archive_read *a)
2517 {
2518 struct rar *rar = (struct rar *)(a->format->data);
2519 free(rar->maincode.tree);
2520 free(rar->offsetcode.tree);
2521 free(rar->lowoffsetcode.tree);
2522 free(rar->lengthcode.tree);
2523 free(rar->maincode.table);
2524 free(rar->offsetcode.table);
2525 free(rar->lowoffsetcode.table);
2526 free(rar->lengthcode.table);
2527 memset(&rar->maincode, 0, sizeof(rar->maincode));
2528 memset(&rar->offsetcode, 0, sizeof(rar->offsetcode));
2529 memset(&rar->lowoffsetcode, 0, sizeof(rar->lowoffsetcode));
2530 memset(&rar->lengthcode, 0, sizeof(rar->lengthcode));
2531 }
2532
2533
2534 static int
read_next_symbol(struct archive_read * a,struct huffman_code * code)2535 read_next_symbol(struct archive_read *a, struct huffman_code *code)
2536 {
2537 unsigned char bit;
2538 unsigned int bits;
2539 int length, value, node;
2540 struct rar *rar;
2541 struct rar_br *br;
2542
2543 if (!code->table)
2544 {
2545 if (make_table(a, code) != (ARCHIVE_OK))
2546 return -1;
2547 }
2548
2549 rar = (struct rar *)(a->format->data);
2550 br = &(rar->br);
2551
2552 /* Look ahead (peek) at bits */
2553 if (!rar_br_read_ahead(a, br, code->tablesize)) {
2554 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2555 "Truncated RAR file data");
2556 rar->valid = 0;
2557 return -1;
2558 }
2559 bits = rar_br_bits(br, code->tablesize);
2560
2561 length = code->table[bits].length;
2562 value = code->table[bits].value;
2563
2564 if (length < 0)
2565 {
2566 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2567 "Invalid prefix code in bitstream");
2568 return -1;
2569 }
2570
2571 if (length <= code->tablesize)
2572 {
2573 /* Skip length bits */
2574 rar_br_consume(br, length);
2575 return value;
2576 }
2577
2578 /* Skip tablesize bits */
2579 rar_br_consume(br, code->tablesize);
2580
2581 node = value;
2582 while (!(code->tree[node].branches[0] ==
2583 code->tree[node].branches[1]))
2584 {
2585 if (!rar_br_read_ahead(a, br, 1)) {
2586 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2587 "Truncated RAR file data");
2588 rar->valid = 0;
2589 return -1;
2590 }
2591 bit = rar_br_bits(br, 1);
2592 rar_br_consume(br, 1);
2593
2594 if (code->tree[node].branches[bit] < 0)
2595 {
2596 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2597 "Invalid prefix code in bitstream");
2598 return -1;
2599 }
2600 node = code->tree[node].branches[bit];
2601 }
2602
2603 return code->tree[node].branches[0];
2604 }
2605
2606 static int
create_code(struct archive_read * a,struct huffman_code * code,unsigned char * lengths,int numsymbols,char maxlength)2607 create_code(struct archive_read *a, struct huffman_code *code,
2608 unsigned char *lengths, int numsymbols, char maxlength)
2609 {
2610 int i, j, codebits = 0, symbolsleft = numsymbols;
2611
2612 code->numentries = 0;
2613 code->numallocatedentries = 0;
2614 if (new_node(code) < 0) {
2615 archive_set_error(&a->archive, ENOMEM,
2616 "Unable to allocate memory for node data.");
2617 return (ARCHIVE_FATAL);
2618 }
2619 code->numentries = 1;
2620 code->minlength = INT_MAX;
2621 code->maxlength = INT_MIN;
2622 codebits = 0;
2623 for(i = 1; i <= maxlength; i++)
2624 {
2625 for(j = 0; j < numsymbols; j++)
2626 {
2627 if (lengths[j] != i) continue;
2628 if (add_value(a, code, j, codebits, i) != ARCHIVE_OK)
2629 return (ARCHIVE_FATAL);
2630 codebits++;
2631 if (--symbolsleft <= 0)
2632 break;
2633 }
2634 if (symbolsleft <= 0)
2635 break;
2636 codebits <<= 1;
2637 }
2638 return (ARCHIVE_OK);
2639 }
2640
2641 static int
add_value(struct archive_read * a,struct huffman_code * code,int value,int codebits,int length)2642 add_value(struct archive_read *a, struct huffman_code *code, int value,
2643 int codebits, int length)
2644 {
2645 int lastnode, bitpos, bit;
2646 /* int repeatpos, repeatnode, nextnode; */
2647
2648 free(code->table);
2649 code->table = NULL;
2650
2651 if(length > code->maxlength)
2652 code->maxlength = length;
2653 if(length < code->minlength)
2654 code->minlength = length;
2655
2656 /*
2657 * Dead code, repeatpos was is -1
2658 *
2659 repeatpos = -1;
2660 if (repeatpos == 0 || (repeatpos >= 0
2661 && (((codebits >> (repeatpos - 1)) & 3) == 0
2662 || ((codebits >> (repeatpos - 1)) & 3) == 3)))
2663 {
2664 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2665 "Invalid repeat position");
2666 return (ARCHIVE_FATAL);
2667 }
2668 */
2669
2670 lastnode = 0;
2671 for (bitpos = length - 1; bitpos >= 0; bitpos--)
2672 {
2673 bit = (codebits >> bitpos) & 1;
2674
2675 /* Leaf node check */
2676 if (code->tree[lastnode].branches[0] ==
2677 code->tree[lastnode].branches[1])
2678 {
2679 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2680 "Prefix found");
2681 return (ARCHIVE_FATAL);
2682 }
2683
2684 /*
2685 * Dead code, repeatpos was -1, bitpos >=0
2686 *
2687 if (bitpos == repeatpos)
2688 {
2689 * Open branch check *
2690 if (!(code->tree[lastnode].branches[bit] < 0))
2691 {
2692 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2693 "Invalid repeating code");
2694 return (ARCHIVE_FATAL);
2695 }
2696
2697 if ((repeatnode = new_node(code)) < 0) {
2698 archive_set_error(&a->archive, ENOMEM,
2699 "Unable to allocate memory for node data.");
2700 return (ARCHIVE_FATAL);
2701 }
2702 if ((nextnode = new_node(code)) < 0) {
2703 archive_set_error(&a->archive, ENOMEM,
2704 "Unable to allocate memory for node data.");
2705 return (ARCHIVE_FATAL);
2706 }
2707
2708 * Set branches *
2709 code->tree[lastnode].branches[bit] = repeatnode;
2710 code->tree[repeatnode].branches[bit] = repeatnode;
2711 code->tree[repeatnode].branches[bit^1] = nextnode;
2712 lastnode = nextnode;
2713
2714 bitpos++; * terminating bit already handled, skip it *
2715 }
2716 else
2717 {
2718 */
2719 /* Open branch check */
2720 if (code->tree[lastnode].branches[bit] < 0)
2721 {
2722 if (new_node(code) < 0) {
2723 archive_set_error(&a->archive, ENOMEM,
2724 "Unable to allocate memory for node data.");
2725 return (ARCHIVE_FATAL);
2726 }
2727 code->tree[lastnode].branches[bit] = code->numentries++;
2728 }
2729
2730 /* set to branch */
2731 lastnode = code->tree[lastnode].branches[bit];
2732 /* } */
2733 }
2734
2735 if (!(code->tree[lastnode].branches[0] == -1
2736 && code->tree[lastnode].branches[1] == -2))
2737 {
2738 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2739 "Prefix found");
2740 return (ARCHIVE_FATAL);
2741 }
2742
2743 /* Set leaf value */
2744 code->tree[lastnode].branches[0] = value;
2745 code->tree[lastnode].branches[1] = value;
2746
2747 return (ARCHIVE_OK);
2748 }
2749
2750 static int
new_node(struct huffman_code * code)2751 new_node(struct huffman_code *code)
2752 {
2753 void *new_tree;
2754 if (code->numallocatedentries == code->numentries) {
2755 int new_num_entries = 256;
2756 if (code->numentries > 0) {
2757 new_num_entries = code->numentries * 2;
2758 }
2759 new_tree = realloc(code->tree, new_num_entries * sizeof(*code->tree));
2760 if (new_tree == NULL)
2761 return (-1);
2762 code->tree = (struct huffman_tree_node *)new_tree;
2763 code->numallocatedentries = new_num_entries;
2764 }
2765 code->tree[code->numentries].branches[0] = -1;
2766 code->tree[code->numentries].branches[1] = -2;
2767 return 1;
2768 }
2769
2770 static int
make_table(struct archive_read * a,struct huffman_code * code)2771 make_table(struct archive_read *a, struct huffman_code *code)
2772 {
2773 if (code->maxlength < code->minlength || code->maxlength > 10)
2774 code->tablesize = 10;
2775 else
2776 code->tablesize = code->maxlength;
2777
2778 code->table =
2779 (struct huffman_table_entry *)calloc(1, sizeof(*code->table)
2780 * ((size_t)1 << code->tablesize));
2781
2782 return make_table_recurse(a, code, 0, code->table, 0, code->tablesize);
2783 }
2784
2785 static int
make_table_recurse(struct archive_read * a,struct huffman_code * code,int node,struct huffman_table_entry * table,int depth,int maxdepth)2786 make_table_recurse(struct archive_read *a, struct huffman_code *code, int node,
2787 struct huffman_table_entry *table, int depth,
2788 int maxdepth)
2789 {
2790 int currtablesize, i, ret = (ARCHIVE_OK);
2791
2792 if (!code->tree)
2793 {
2794 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2795 "Huffman tree was not created.");
2796 return (ARCHIVE_FATAL);
2797 }
2798 if (node < 0 || node >= code->numentries)
2799 {
2800 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2801 "Invalid location to Huffman tree specified.");
2802 return (ARCHIVE_FATAL);
2803 }
2804
2805 currtablesize = 1 << (maxdepth - depth);
2806
2807 if (code->tree[node].branches[0] ==
2808 code->tree[node].branches[1])
2809 {
2810 for(i = 0; i < currtablesize; i++)
2811 {
2812 table[i].length = depth;
2813 table[i].value = code->tree[node].branches[0];
2814 }
2815 }
2816 /*
2817 * Dead code, node >= 0
2818 *
2819 else if (node < 0)
2820 {
2821 for(i = 0; i < currtablesize; i++)
2822 table[i].length = -1;
2823 }
2824 */
2825 else
2826 {
2827 if(depth == maxdepth)
2828 {
2829 table[0].length = maxdepth + 1;
2830 table[0].value = node;
2831 }
2832 else
2833 {
2834 ret |= make_table_recurse(a, code, code->tree[node].branches[0], table,
2835 depth + 1, maxdepth);
2836 ret |= make_table_recurse(a, code, code->tree[node].branches[1],
2837 table + currtablesize / 2, depth + 1, maxdepth);
2838 }
2839 }
2840 return ret;
2841 }
2842
2843 static int
expand(struct archive_read * a,int64_t * end)2844 expand(struct archive_read *a, int64_t *end)
2845 {
2846 static const unsigned char lengthbases[] =
2847 { 0, 1, 2, 3, 4, 5, 6,
2848 7, 8, 10, 12, 14, 16, 20,
2849 24, 28, 32, 40, 48, 56, 64,
2850 80, 96, 112, 128, 160, 192, 224 };
2851 static const unsigned char lengthbits[] =
2852 { 0, 0, 0, 0, 0, 0, 0,
2853 0, 1, 1, 1, 1, 2, 2,
2854 2, 2, 3, 3, 3, 3, 4,
2855 4, 4, 4, 5, 5, 5, 5 };
2856 static const int lengthb_min = minimum(
2857 (int)(sizeof(lengthbases)/sizeof(lengthbases[0])),
2858 (int)(sizeof(lengthbits)/sizeof(lengthbits[0]))
2859 );
2860 static const unsigned int offsetbases[] =
2861 { 0, 1, 2, 3, 4, 6,
2862 8, 12, 16, 24, 32, 48,
2863 64, 96, 128, 192, 256, 384,
2864 512, 768, 1024, 1536, 2048, 3072,
2865 4096, 6144, 8192, 12288, 16384, 24576,
2866 32768, 49152, 65536, 98304, 131072, 196608,
2867 262144, 327680, 393216, 458752, 524288, 589824,
2868 655360, 720896, 786432, 851968, 917504, 983040,
2869 1048576, 1310720, 1572864, 1835008, 2097152, 2359296,
2870 2621440, 2883584, 3145728, 3407872, 3670016, 3932160 };
2871 static const unsigned char offsetbits[] =
2872 { 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4,
2873 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10,
2874 11, 11, 12, 12, 13, 13, 14, 14, 15, 15, 16, 16,
2875 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
2876 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18 };
2877 static const int offsetb_min = minimum(
2878 (int)(sizeof(offsetbases)/sizeof(offsetbases[0])),
2879 (int)(sizeof(offsetbits)/sizeof(offsetbits[0]))
2880 );
2881 static const unsigned char shortbases[] =
2882 { 0, 4, 8, 16, 32, 64, 128, 192 };
2883 static const unsigned char shortbits[] =
2884 { 2, 2, 3, 4, 5, 6, 6, 6 };
2885
2886 int symbol, offs, len, offsindex, lensymbol, i, offssymbol, lowoffsetsymbol;
2887 unsigned char newfile;
2888 struct rar *rar = (struct rar *)(a->format->data);
2889 struct rar_br *br = &(rar->br);
2890
2891 if (rar->filters.filterstart < *end)
2892 *end = rar->filters.filterstart;
2893
2894 while (1)
2895 {
2896 if(lzss_position(&rar->lzss) >= *end) {
2897 return (ARCHIVE_OK);
2898 }
2899
2900 if(rar->is_ppmd_block) {
2901 *end = lzss_position(&rar->lzss);
2902 return (ARCHIVE_OK);
2903 }
2904
2905 if ((symbol = read_next_symbol(a, &rar->maincode)) < 0)
2906 return (ARCHIVE_FATAL);
2907
2908 if (symbol < 256)
2909 {
2910 lzss_emit_literal(rar, symbol);
2911 continue;
2912 }
2913 else if (symbol == 256)
2914 {
2915 if (!rar_br_read_ahead(a, br, 1))
2916 goto truncated_data;
2917 newfile = !rar_br_bits(br, 1);
2918 rar_br_consume(br, 1);
2919
2920 if(newfile)
2921 {
2922 rar->start_new_block = 1;
2923 if (!rar_br_read_ahead(a, br, 1))
2924 goto truncated_data;
2925 rar->start_new_table = rar_br_bits(br, 1);
2926 rar_br_consume(br, 1);
2927 *end = lzss_position(&rar->lzss);
2928 return (ARCHIVE_OK);
2929 }
2930 else
2931 {
2932 if (parse_codes(a) != ARCHIVE_OK)
2933 return (ARCHIVE_FATAL);
2934 continue;
2935 }
2936 }
2937 else if(symbol==257)
2938 {
2939 if (!read_filter(a, end))
2940 return (ARCHIVE_FATAL);
2941 continue;
2942 }
2943 else if(symbol==258)
2944 {
2945 if(rar->lastlength == 0)
2946 continue;
2947
2948 offs = rar->lastoffset;
2949 len = rar->lastlength;
2950 }
2951 else if (symbol <= 262)
2952 {
2953 offsindex = symbol - 259;
2954 offs = rar->oldoffset[offsindex];
2955
2956 if ((lensymbol = read_next_symbol(a, &rar->lengthcode)) < 0)
2957 goto bad_data;
2958 if (lensymbol > lengthb_min)
2959 goto bad_data;
2960 len = lengthbases[lensymbol] + 2;
2961 if (lengthbits[lensymbol] > 0) {
2962 if (!rar_br_read_ahead(a, br, lengthbits[lensymbol]))
2963 goto truncated_data;
2964 len += rar_br_bits(br, lengthbits[lensymbol]);
2965 rar_br_consume(br, lengthbits[lensymbol]);
2966 }
2967
2968 for (i = offsindex; i > 0; i--)
2969 rar->oldoffset[i] = rar->oldoffset[i-1];
2970 rar->oldoffset[0] = offs;
2971 }
2972 else if(symbol<=270)
2973 {
2974 offs = shortbases[symbol-263] + 1;
2975 if(shortbits[symbol-263] > 0) {
2976 if (!rar_br_read_ahead(a, br, shortbits[symbol-263]))
2977 goto truncated_data;
2978 offs += rar_br_bits(br, shortbits[symbol-263]);
2979 rar_br_consume(br, shortbits[symbol-263]);
2980 }
2981
2982 len = 2;
2983
2984 for(i = 3; i > 0; i--)
2985 rar->oldoffset[i] = rar->oldoffset[i-1];
2986 rar->oldoffset[0] = offs;
2987 }
2988 else
2989 {
2990 if (symbol-271 > lengthb_min)
2991 goto bad_data;
2992 len = lengthbases[symbol-271]+3;
2993 if(lengthbits[symbol-271] > 0) {
2994 if (!rar_br_read_ahead(a, br, lengthbits[symbol-271]))
2995 goto truncated_data;
2996 len += rar_br_bits(br, lengthbits[symbol-271]);
2997 rar_br_consume(br, lengthbits[symbol-271]);
2998 }
2999
3000 if ((offssymbol = read_next_symbol(a, &rar->offsetcode)) < 0)
3001 goto bad_data;
3002 if (offssymbol > offsetb_min)
3003 goto bad_data;
3004 offs = offsetbases[offssymbol]+1;
3005 if(offsetbits[offssymbol] > 0)
3006 {
3007 if(offssymbol > 9)
3008 {
3009 if(offsetbits[offssymbol] > 4) {
3010 if (!rar_br_read_ahead(a, br, offsetbits[offssymbol] - 4))
3011 goto truncated_data;
3012 offs += rar_br_bits(br, offsetbits[offssymbol] - 4) << 4;
3013 rar_br_consume(br, offsetbits[offssymbol] - 4);
3014 }
3015
3016 if(rar->numlowoffsetrepeats > 0)
3017 {
3018 rar->numlowoffsetrepeats--;
3019 offs += rar->lastlowoffset;
3020 }
3021 else
3022 {
3023 if ((lowoffsetsymbol =
3024 read_next_symbol(a, &rar->lowoffsetcode)) < 0)
3025 return (ARCHIVE_FATAL);
3026 if(lowoffsetsymbol == 16)
3027 {
3028 rar->numlowoffsetrepeats = 15;
3029 offs += rar->lastlowoffset;
3030 }
3031 else
3032 {
3033 offs += lowoffsetsymbol;
3034 rar->lastlowoffset = lowoffsetsymbol;
3035 }
3036 }
3037 }
3038 else {
3039 if (!rar_br_read_ahead(a, br, offsetbits[offssymbol]))
3040 goto truncated_data;
3041 offs += rar_br_bits(br, offsetbits[offssymbol]);
3042 rar_br_consume(br, offsetbits[offssymbol]);
3043 }
3044 }
3045
3046 if (offs >= 0x40000)
3047 len++;
3048 if (offs >= 0x2000)
3049 len++;
3050
3051 for(i = 3; i > 0; i--)
3052 rar->oldoffset[i] = rar->oldoffset[i-1];
3053 rar->oldoffset[0] = offs;
3054 }
3055
3056 rar->lastoffset = offs;
3057 rar->lastlength = len;
3058
3059 lzss_emit_match(rar, rar->lastoffset, rar->lastlength);
3060 }
3061 truncated_data:
3062 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3063 "Truncated RAR file data");
3064 rar->valid = 0;
3065 return (ARCHIVE_FATAL);
3066 bad_data:
3067 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3068 "Bad RAR file data");
3069 return (ARCHIVE_FATAL);
3070 }
3071
3072 static int
copy_from_lzss_window(struct archive_read * a,void * buffer,int64_t startpos,int length)3073 copy_from_lzss_window(struct archive_read *a, void *buffer,
3074 int64_t startpos, int length)
3075 {
3076 int windowoffs, firstpart;
3077 struct rar *rar = (struct rar *)(a->format->data);
3078
3079 windowoffs = lzss_offset_for_position(&rar->lzss, startpos);
3080 firstpart = lzss_size(&rar->lzss) - windowoffs;
3081 if (firstpart < 0) {
3082 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3083 "Bad RAR file data");
3084 return (ARCHIVE_FATAL);
3085 }
3086 if (firstpart < length) {
3087 memcpy(buffer, &rar->lzss.window[windowoffs], firstpart);
3088 memcpy(buffer, &rar->lzss.window[0], length - firstpart);
3089 } else {
3090 memcpy(buffer, &rar->lzss.window[windowoffs], length);
3091 }
3092 return (ARCHIVE_OK);
3093 }
3094
3095 static int
copy_from_lzss_window_to_unp(struct archive_read * a,const void ** buffer,int64_t startpos,int length)3096 copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer,
3097 int64_t startpos, int length)
3098 {
3099 int windowoffs, firstpart;
3100 struct rar *rar = (struct rar *)(a->format->data);
3101
3102 if (!rar->unp_buffer)
3103 {
3104 if ((rar->unp_buffer = malloc(rar->unp_buffer_size)) == NULL)
3105 {
3106 archive_set_error(&a->archive, ENOMEM,
3107 "Unable to allocate memory for uncompressed data.");
3108 return (ARCHIVE_FATAL);
3109 }
3110 }
3111
3112 windowoffs = lzss_offset_for_position(&rar->lzss, startpos);
3113 if(windowoffs + length <= lzss_size(&rar->lzss)) {
3114 memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs],
3115 length);
3116 } else if (length <= lzss_size(&rar->lzss)) {
3117 firstpart = lzss_size(&rar->lzss) - windowoffs;
3118 if (firstpart < 0) {
3119 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3120 "Bad RAR file data");
3121 return (ARCHIVE_FATAL);
3122 }
3123 if (firstpart < length) {
3124 memcpy(&rar->unp_buffer[rar->unp_offset],
3125 &rar->lzss.window[windowoffs], firstpart);
3126 memcpy(&rar->unp_buffer[rar->unp_offset + firstpart],
3127 &rar->lzss.window[0], length - firstpart);
3128 } else {
3129 memcpy(&rar->unp_buffer[rar->unp_offset],
3130 &rar->lzss.window[windowoffs], length);
3131 }
3132 } else {
3133 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3134 "Bad RAR file data");
3135 return (ARCHIVE_FATAL);
3136 }
3137 rar->unp_offset += length;
3138 if (rar->unp_offset >= rar->unp_buffer_size)
3139 *buffer = rar->unp_buffer;
3140 else
3141 *buffer = NULL;
3142 return (ARCHIVE_OK);
3143 }
3144
3145 static const void *
rar_read_ahead(struct archive_read * a,size_t min,ssize_t * avail)3146 rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
3147 {
3148 struct rar *rar = (struct rar *)(a->format->data);
3149 const void *h = __archive_read_ahead(a, min, avail);
3150 int ret;
3151 if (avail)
3152 {
3153 if (a->archive.read_data_is_posix_read && *avail > (ssize_t)a->archive.read_data_requested)
3154 *avail = a->archive.read_data_requested;
3155 if (*avail > rar->bytes_remaining)
3156 *avail = (ssize_t)rar->bytes_remaining;
3157 if (*avail < 0)
3158 return NULL;
3159 else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
3160 rar->file_flags & FHD_SPLIT_AFTER)
3161 {
3162 rar->filename_must_match = 1;
3163 ret = archive_read_format_rar_read_header(a, a->entry);
3164 if (ret == (ARCHIVE_EOF))
3165 {
3166 rar->has_endarc_header = 1;
3167 ret = archive_read_format_rar_read_header(a, a->entry);
3168 }
3169 rar->filename_must_match = 0;
3170 if (ret != (ARCHIVE_OK))
3171 return NULL;
3172 return rar_read_ahead(a, min, avail);
3173 }
3174 }
3175 return h;
3176 }
3177
3178 static int
parse_filter(struct archive_read * a,const uint8_t * bytes,uint16_t length,uint8_t flags)3179 parse_filter(struct archive_read *a, const uint8_t *bytes, uint16_t length, uint8_t flags)
3180 {
3181 struct rar *rar = (struct rar *)(a->format->data);
3182 struct rar_filters *filters = &rar->filters;
3183
3184 struct memory_bit_reader br = { 0 };
3185 struct rar_program_code *prog;
3186 struct rar_filter *filter, **nextfilter;
3187
3188 uint32_t numprogs, num, blocklength, globaldatalen;
3189 uint8_t *globaldata;
3190 size_t blockstartpos;
3191 uint32_t registers[8] = { 0 };
3192 uint32_t i;
3193
3194 br.bytes = bytes;
3195 br.length = length;
3196
3197 numprogs = 0;
3198 for (prog = filters->progs; prog; prog = prog->next)
3199 numprogs++;
3200
3201 if ((flags & 0x80))
3202 {
3203 num = membr_next_rarvm_number(&br);
3204 if (num == 0)
3205 {
3206 delete_filter(filters->stack);
3207 filters->stack = NULL;
3208 delete_program_code(filters->progs);
3209 filters->progs = NULL;
3210 }
3211 else
3212 num--;
3213 if (num > numprogs) {
3214 return 0;
3215 }
3216 filters->lastfilternum = num;
3217 }
3218 else
3219 num = filters->lastfilternum;
3220
3221 prog = filters->progs;
3222 for (i = 0; i < num; i++)
3223 prog = prog->next;
3224 if (prog)
3225 prog->usagecount++;
3226
3227 blockstartpos = membr_next_rarvm_number(&br) + (size_t)lzss_position(&rar->lzss);
3228 if ((flags & 0x40))
3229 blockstartpos += 258;
3230 if ((flags & 0x20))
3231 blocklength = membr_next_rarvm_number(&br);
3232 else
3233 blocklength = prog ? prog->oldfilterlength : 0;
3234
3235 registers[3] = PROGRAM_SYSTEM_GLOBAL_ADDRESS;
3236 registers[4] = blocklength;
3237 registers[5] = prog ? prog->usagecount : 0;
3238 registers[7] = VM_MEMORY_SIZE;
3239
3240 if ((flags & 0x10))
3241 {
3242 uint8_t mask = (uint8_t)membr_bits(&br, 7);
3243 for (i = 0; i < 7; i++)
3244 if ((mask & (1 << i)))
3245 registers[i] = membr_next_rarvm_number(&br);
3246 }
3247
3248 if (!prog)
3249 {
3250 uint32_t len = membr_next_rarvm_number(&br);
3251 uint8_t *bytecode;
3252 struct rar_program_code **next;
3253
3254 if (len == 0 || len > 0x10000)
3255 return 0;
3256 bytecode = malloc(len);
3257 if (!bytecode)
3258 return 0;
3259 for (i = 0; i < len; i++)
3260 bytecode[i] = (uint8_t)membr_bits(&br, 8);
3261 prog = compile_program(bytecode, len);
3262 if (!prog) {
3263 free(bytecode);
3264 return 0;
3265 }
3266 free(bytecode);
3267 next = &filters->progs;
3268 while (*next)
3269 next = &(*next)->next;
3270 *next = prog;
3271 }
3272 prog->oldfilterlength = blocklength;
3273
3274 globaldata = NULL;
3275 globaldatalen = 0;
3276 if ((flags & 0x08))
3277 {
3278 globaldatalen = membr_next_rarvm_number(&br);
3279 if (globaldatalen > PROGRAM_USER_GLOBAL_SIZE)
3280 return 0;
3281 globaldata = malloc(globaldatalen + PROGRAM_SYSTEM_GLOBAL_SIZE);
3282 if (!globaldata)
3283 return 0;
3284 for (i = 0; i < globaldatalen; i++)
3285 globaldata[i + PROGRAM_SYSTEM_GLOBAL_SIZE] = (uint8_t)membr_bits(&br, 8);
3286 }
3287
3288 if (br.at_eof)
3289 {
3290 free(globaldata);
3291 return 0;
3292 }
3293
3294 filter = create_filter(prog, globaldata, globaldatalen, registers, blockstartpos, blocklength);
3295 free(globaldata);
3296 if (!filter)
3297 return 0;
3298
3299 for (i = 0; i < 7; i++)
3300 archive_le32enc(&filter->globaldata[i * 4], registers[i]);
3301 archive_le32enc(&filter->globaldata[0x1C], blocklength);
3302 archive_le32enc(&filter->globaldata[0x20], 0);
3303 archive_le32enc(&filter->globaldata[0x2C], prog->usagecount);
3304
3305 nextfilter = &filters->stack;
3306 while (*nextfilter)
3307 nextfilter = &(*nextfilter)->next;
3308 *nextfilter = filter;
3309
3310 if (!filters->stack->next)
3311 filters->filterstart = blockstartpos;
3312
3313 return 1;
3314 }
3315
3316 static struct rar_filter *
create_filter(struct rar_program_code * prog,const uint8_t * globaldata,uint32_t globaldatalen,uint32_t registers[8],size_t startpos,uint32_t length)3317 create_filter(struct rar_program_code *prog, const uint8_t *globaldata, uint32_t globaldatalen, uint32_t registers[8], size_t startpos, uint32_t length)
3318 {
3319 struct rar_filter *filter;
3320
3321 filter = calloc(1, sizeof(*filter));
3322 if (!filter)
3323 return NULL;
3324 filter->prog = prog;
3325 filter->globaldatalen = globaldatalen > PROGRAM_SYSTEM_GLOBAL_SIZE ? globaldatalen : PROGRAM_SYSTEM_GLOBAL_SIZE;
3326 filter->globaldata = calloc(1, filter->globaldatalen);
3327 if (!filter->globaldata)
3328 return NULL;
3329 if (globaldata)
3330 memcpy(filter->globaldata, globaldata, globaldatalen);
3331 if (registers)
3332 memcpy(filter->initialregisters, registers, sizeof(filter->initialregisters));
3333 filter->blockstartpos = startpos;
3334 filter->blocklength = length;
3335
3336 return filter;
3337 }
3338
3339 static int
run_filters(struct archive_read * a)3340 run_filters(struct archive_read *a)
3341 {
3342 struct rar *rar = (struct rar *)(a->format->data);
3343 struct rar_filters *filters = &rar->filters;
3344 struct rar_filter *filter = filters->stack;
3345 struct rar_filter *f;
3346 size_t start, end;
3347 int64_t tend;
3348 uint32_t lastfilteraddress;
3349 uint32_t lastfilterlength;
3350 int ret;
3351
3352 if (filters == NULL || filter == NULL)
3353 return (0);
3354
3355 start = filters->filterstart;
3356 end = start + filter->blocklength;
3357
3358 filters->filterstart = INT64_MAX;
3359 tend = (int64_t)end;
3360 ret = expand(a, &tend);
3361 if (ret != ARCHIVE_OK)
3362 return 0;
3363
3364 /* Check if filter stack was modified in expand() */
3365 ret = ARCHIVE_FATAL;
3366 f = filters->stack;
3367 while (f)
3368 {
3369 if (f == filter)
3370 {
3371 ret = ARCHIVE_OK;
3372 break;
3373 }
3374 f = f->next;
3375 }
3376 if (ret != ARCHIVE_OK)
3377 return 0;
3378
3379 if (tend < 0)
3380 return 0;
3381 end = (size_t)tend;
3382 if (end != start + filter->blocklength)
3383 return 0;
3384
3385 if (!filters->vm)
3386 {
3387 filters->vm = calloc(1, sizeof(*filters->vm));
3388 if (!filters->vm)
3389 return 0;
3390 }
3391
3392 ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);
3393 if (ret != ARCHIVE_OK)
3394 return 0;
3395 if (!execute_filter(a, filter, filters->vm, rar->offset))
3396 return 0;
3397
3398 lastfilteraddress = filter->filteredblockaddress;
3399 lastfilterlength = filter->filteredblocklength;
3400 filters->stack = filter->next;
3401 filter->next = NULL;
3402 delete_filter(filter);
3403
3404 while ((filter = filters->stack) != NULL && (int64_t)filter->blockstartpos == filters->filterstart && filter->blocklength == lastfilterlength)
3405 {
3406 memmove(&filters->vm->memory[0], &filters->vm->memory[lastfilteraddress], lastfilterlength);
3407 if (!execute_filter(a, filter, filters->vm, rar->offset))
3408 return 0;
3409
3410 lastfilteraddress = filter->filteredblockaddress;
3411 lastfilterlength = filter->filteredblocklength;
3412 filters->stack = filter->next;
3413 filter->next = NULL;
3414 delete_filter(filter);
3415 }
3416
3417 if (filters->stack)
3418 {
3419 if (filters->stack->blockstartpos < end)
3420 return 0;
3421 filters->filterstart = filters->stack->blockstartpos;
3422 }
3423
3424 filters->lastend = end;
3425 filters->bytes = &filters->vm->memory[lastfilteraddress];
3426 filters->bytes_ready = lastfilterlength;
3427
3428 return 1;
3429 }
3430
3431 static struct rar_program_code *
compile_program(const uint8_t * bytes,size_t length)3432 compile_program(const uint8_t *bytes, size_t length)
3433 {
3434 struct memory_bit_reader br = { 0 };
3435 struct rar_program_code *prog;
3436 // uint32_t instrcount = 0;
3437 uint8_t xor;
3438 size_t i;
3439
3440 xor = 0;
3441 for (i = 1; i < length; i++)
3442 xor ^= bytes[i];
3443 if (!length || xor != bytes[0])
3444 return NULL;
3445
3446 br.bytes = bytes;
3447 br.length = length;
3448 br.offset = 1;
3449
3450 prog = calloc(1, sizeof(*prog));
3451 if (!prog)
3452 return NULL;
3453 prog->fingerprint = crc32(0, bytes, (unsigned int)length) | ((uint64_t)length << 32);
3454
3455 if (membr_bits(&br, 1))
3456 {
3457 prog->staticdatalen = membr_next_rarvm_number(&br) + 1;
3458 prog->staticdata = malloc(prog->staticdatalen);
3459 if (!prog->staticdata)
3460 {
3461 delete_program_code(prog);
3462 return NULL;
3463 }
3464 for (i = 0; i < prog->staticdatalen; i++)
3465 prog->staticdata[i] = (uint8_t)membr_bits(&br, 8);
3466 }
3467
3468 return prog;
3469 }
3470
3471 static void
delete_filter(struct rar_filter * filter)3472 delete_filter(struct rar_filter *filter)
3473 {
3474 while (filter)
3475 {
3476 struct rar_filter *next = filter->next;
3477 free(filter->globaldata);
3478 free(filter);
3479 filter = next;
3480 }
3481 }
3482
3483 static void
clear_filters(struct rar_filters * filters)3484 clear_filters(struct rar_filters *filters)
3485 {
3486 delete_filter(filters->stack);
3487 delete_program_code(filters->progs);
3488 free(filters->vm);
3489 }
3490
3491 static void
delete_program_code(struct rar_program_code * prog)3492 delete_program_code(struct rar_program_code *prog)
3493 {
3494 while (prog)
3495 {
3496 struct rar_program_code *next = prog->next;
3497 free(prog->staticdata);
3498 free(prog->globalbackup);
3499 free(prog);
3500 prog = next;
3501 }
3502 }
3503
3504 static uint32_t
membr_next_rarvm_number(struct memory_bit_reader * br)3505 membr_next_rarvm_number(struct memory_bit_reader *br)
3506 {
3507 uint32_t val;
3508 switch (membr_bits(br, 2))
3509 {
3510 case 0:
3511 return membr_bits(br, 4);
3512 case 1:
3513 val = membr_bits(br, 8);
3514 if (val >= 16)
3515 return val;
3516 return 0xFFFFFF00 | (val << 4) | membr_bits(br, 4);
3517 case 2:
3518 return membr_bits(br, 16);
3519 default:
3520 return membr_bits(br, 32);
3521 }
3522 }
3523
3524 static inline uint32_t
membr_bits(struct memory_bit_reader * br,int bits)3525 membr_bits(struct memory_bit_reader *br, int bits)
3526 {
3527 if (bits > br->available && (br->at_eof || !membr_fill(br, bits)))
3528 return 0;
3529 return (uint32_t)((br->bits >> (br->available -= bits)) & (((uint64_t)1 << bits) - 1));
3530 }
3531
3532 static int
membr_fill(struct memory_bit_reader * br,int bits)3533 membr_fill(struct memory_bit_reader *br, int bits)
3534 {
3535 while (br->available < bits && br->offset < br->length)
3536 {
3537 br->bits = (br->bits << 8) | br->bytes[br->offset++];
3538 br->available += 8;
3539 }
3540 if (bits > br->available)
3541 {
3542 br->at_eof = 1;
3543 return 0;
3544 }
3545 return 1;
3546 }
3547
3548 static int
read_filter(struct archive_read * a,int64_t * end)3549 read_filter(struct archive_read *a, int64_t *end)
3550 {
3551 struct rar *rar = (struct rar *)(a->format->data);
3552 uint8_t flags, val, *code;
3553 uint16_t length, i;
3554
3555 if (!rar_decode_byte(a, &flags))
3556 return 0;
3557 length = (flags & 0x07) + 1;
3558 if (length == 7)
3559 {
3560 if (!rar_decode_byte(a, &val))
3561 return 0;
3562 length = val + 7;
3563 }
3564 else if (length == 8)
3565 {
3566 if (!rar_decode_byte(a, &val))
3567 return 0;
3568 length = val << 8;
3569 if (!rar_decode_byte(a, &val))
3570 return 0;
3571 length |= val;
3572 }
3573
3574 code = malloc(length);
3575 if (!code)
3576 return 0;
3577 for (i = 0; i < length; i++)
3578 {
3579 if (!rar_decode_byte(a, &code[i]))
3580 {
3581 free(code);
3582 return 0;
3583 }
3584 }
3585 if (!parse_filter(a, code, length, flags))
3586 {
3587 free(code);
3588 return 0;
3589 }
3590 free(code);
3591
3592 if (rar->filters.filterstart < *end)
3593 *end = rar->filters.filterstart;
3594
3595 return 1;
3596 }
3597
3598 static int
execute_filter_delta(struct rar_filter * filter,struct rar_virtual_machine * vm)3599 execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm)
3600 {
3601 uint32_t length = filter->initialregisters[4];
3602 uint32_t numchannels = filter->initialregisters[0];
3603 uint8_t *src, *dst;
3604 uint32_t i, idx;
3605
3606 if (length > PROGRAM_WORK_SIZE / 2)
3607 return 0;
3608
3609 src = &vm->memory[0];
3610 dst = &vm->memory[length];
3611 for (i = 0; i < numchannels; i++)
3612 {
3613 uint8_t lastbyte = 0;
3614 for (idx = i; idx < length; idx += numchannels)
3615 {
3616 /*
3617 * The src block should not overlap with the dst block.
3618 * If so it would be better to consider this archive is broken.
3619 */
3620 if (src >= dst)
3621 return 0;
3622 lastbyte = dst[idx] = lastbyte - *src++;
3623 }
3624 }
3625
3626 filter->filteredblockaddress = length;
3627 filter->filteredblocklength = length;
3628
3629 return 1;
3630 }
3631
3632 static int
execute_filter_e8(struct rar_filter * filter,struct rar_virtual_machine * vm,size_t pos,int e9also)3633 execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, size_t pos, int e9also)
3634 {
3635 uint32_t length = filter->initialregisters[4];
3636 uint32_t filesize = 0x1000000;
3637 uint32_t i;
3638
3639 if (length > PROGRAM_WORK_SIZE || length <= 4)
3640 return 0;
3641
3642 for (i = 0; i <= length - 5; i++)
3643 {
3644 if (vm->memory[i] == 0xE8 || (e9also && vm->memory[i] == 0xE9))
3645 {
3646 uint32_t currpos = (uint32_t)pos + i + 1;
3647 int32_t address = (int32_t)vm_read_32(vm, i + 1);
3648 if (address < 0 && currpos >= (uint32_t)-address)
3649 vm_write_32(vm, i + 1, address + filesize);
3650 else if (address >= 0 && (uint32_t)address < filesize)
3651 vm_write_32(vm, i + 1, address - currpos);
3652 i += 4;
3653 }
3654 }
3655
3656 filter->filteredblockaddress = 0;
3657 filter->filteredblocklength = length;
3658
3659 return 1;
3660 }
3661
3662 static int
execute_filter_rgb(struct rar_filter * filter,struct rar_virtual_machine * vm)3663 execute_filter_rgb(struct rar_filter *filter, struct rar_virtual_machine *vm)
3664 {
3665 uint32_t stride = filter->initialregisters[0];
3666 uint32_t byteoffset = filter->initialregisters[1];
3667 uint32_t blocklength = filter->initialregisters[4];
3668 uint8_t *src, *dst;
3669 uint32_t i, j;
3670
3671 if (blocklength > PROGRAM_WORK_SIZE / 2 || stride > blocklength)
3672 return 0;
3673
3674 src = &vm->memory[0];
3675 dst = &vm->memory[blocklength];
3676 for (i = 0; i < 3; i++) {
3677 uint8_t byte = 0;
3678 uint8_t *prev = dst + i - stride;
3679 for (j = i; j < blocklength; j += 3)
3680 {
3681 if (prev >= dst)
3682 {
3683 uint32_t delta1 = abs(prev[3] - prev[0]);
3684 uint32_t delta2 = abs(byte - prev[0]);
3685 uint32_t delta3 = abs(prev[3] - prev[0] + byte - prev[0]);
3686 if (delta1 > delta2 || delta1 > delta3)
3687 byte = delta2 <= delta3 ? prev[3] : prev[0];
3688 }
3689 byte -= *src++;
3690 dst[j] = byte;
3691 prev += 3;
3692 }
3693 }
3694 for (i = byteoffset; i < blocklength - 2; i += 3)
3695 {
3696 dst[i] += dst[i + 1];
3697 dst[i + 2] += dst[i + 1];
3698 }
3699
3700 filter->filteredblockaddress = blocklength;
3701 filter->filteredblocklength = blocklength;
3702
3703 return 1;
3704 }
3705
3706 static int
execute_filter_audio(struct rar_filter * filter,struct rar_virtual_machine * vm)3707 execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm)
3708 {
3709 uint32_t length = filter->initialregisters[4];
3710 uint32_t numchannels = filter->initialregisters[0];
3711 uint8_t *src, *dst;
3712 uint32_t i, j;
3713
3714 if (length > PROGRAM_WORK_SIZE / 2)
3715 return 0;
3716
3717 src = &vm->memory[0];
3718 dst = &vm->memory[length];
3719 for (i = 0; i < numchannels; i++)
3720 {
3721 struct audio_state state;
3722 memset(&state, 0, sizeof(state));
3723 for (j = i; j < length; j += numchannels)
3724 {
3725 /*
3726 * The src block should not overlap with the dst block.
3727 * If so it would be better to consider this archive is broken.
3728 */
3729 if (src >= dst)
3730 return 0;
3731
3732 int8_t delta = (int8_t)*src++;
3733 uint8_t predbyte, byte;
3734 int prederror;
3735 state.delta[2] = state.delta[1];
3736 state.delta[1] = state.lastdelta - state.delta[0];
3737 state.delta[0] = state.lastdelta;
3738 predbyte = ((8 * state.lastbyte + state.weight[0] * state.delta[0] + state.weight[1] * state.delta[1] + state.weight[2] * state.delta[2]) >> 3) & 0xFF;
3739 byte = (predbyte - delta) & 0xFF;
3740 prederror = delta << 3;
3741 state.error[0] += abs(prederror);
3742 state.error[1] += abs(prederror - state.delta[0]); state.error[2] += abs(prederror + state.delta[0]);
3743 state.error[3] += abs(prederror - state.delta[1]); state.error[4] += abs(prederror + state.delta[1]);
3744 state.error[5] += abs(prederror - state.delta[2]); state.error[6] += abs(prederror + state.delta[2]);
3745 state.lastdelta = (int8_t)(byte - state.lastbyte);
3746 dst[j] = state.lastbyte = byte;
3747 if (!(state.count++ & 0x1F))
3748 {
3749 uint8_t k, idx = 0;
3750 for (k = 1; k < 7; k++)
3751 {
3752 if (state.error[k] < state.error[idx])
3753 idx = k;
3754 }
3755 memset(state.error, 0, sizeof(state.error));
3756 switch (idx)
3757 {
3758 case 1: if (state.weight[0] >= -16) state.weight[0]--; break;
3759 case 2: if (state.weight[0] < 16) state.weight[0]++; break;
3760 case 3: if (state.weight[1] >= -16) state.weight[1]--; break;
3761 case 4: if (state.weight[1] < 16) state.weight[1]++; break;
3762 case 5: if (state.weight[2] >= -16) state.weight[2]--; break;
3763 case 6: if (state.weight[2] < 16) state.weight[2]++; break;
3764 }
3765 }
3766 }
3767 }
3768
3769 filter->filteredblockaddress = length;
3770 filter->filteredblocklength = length;
3771
3772 return 1;
3773 }
3774
3775
3776 static int
execute_filter(struct archive_read * a,struct rar_filter * filter,struct rar_virtual_machine * vm,size_t pos)3777 execute_filter(struct archive_read *a, struct rar_filter *filter, struct rar_virtual_machine *vm, size_t pos)
3778 {
3779 if (filter->prog->fingerprint == 0x1D0E06077D)
3780 return execute_filter_delta(filter, vm);
3781 if (filter->prog->fingerprint == 0x35AD576887)
3782 return execute_filter_e8(filter, vm, pos, 0);
3783 if (filter->prog->fingerprint == 0x393CD7E57E)
3784 return execute_filter_e8(filter, vm, pos, 1);
3785 if (filter->prog->fingerprint == 0x951C2C5DC8)
3786 return execute_filter_rgb(filter, vm);
3787 if (filter->prog->fingerprint == 0xD8BC85E701)
3788 return execute_filter_audio(filter, vm);
3789
3790 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "No support for RAR VM program filter");
3791 return 0;
3792 }
3793
3794 static int
rar_decode_byte(struct archive_read * a,uint8_t * byte)3795 rar_decode_byte(struct archive_read *a, uint8_t *byte)
3796 {
3797 struct rar *rar = (struct rar *)(a->format->data);
3798 struct rar_br *br = &(rar->br);
3799 if (!rar_br_read_ahead(a, br, 8))
3800 return 0;
3801 *byte = (uint8_t)rar_br_bits(br, 8);
3802 rar_br_consume(br, 8);
3803 return 1;
3804 }
3805
3806 static inline void
vm_write_32(struct rar_virtual_machine * vm,size_t offset,uint32_t u32)3807 vm_write_32(struct rar_virtual_machine* vm, size_t offset, uint32_t u32)
3808 {
3809 archive_le32enc(vm->memory + offset, u32);
3810 }
3811
3812 static inline uint32_t
vm_read_32(struct rar_virtual_machine * vm,size_t offset)3813 vm_read_32(struct rar_virtual_machine* vm, size_t offset)
3814 {
3815 return archive_le32dec(vm->memory + offset);
3816 }
3817