1 /*- 2 * Copyright (c) 2003-2007 Tim Kientzle 3 * Copyright (c) 2011 Andres Mejia 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include "archive_platform.h" 28 29 #ifdef HAVE_ERRNO_H 30 #include <errno.h> 31 #endif 32 #include <time.h> 33 #include <limits.h> 34 #ifdef HAVE_ZLIB_H 35 #include <zlib.h> /* crc32 */ 36 #endif 37 38 #include "archive.h" 39 #ifndef HAVE_ZLIB_H 40 #include "archive_crc32.h" 41 #endif 42 #include "archive_endian.h" 43 #include "archive_entry.h" 44 #include "archive_entry_locale.h" 45 #include "archive_ppmd7_private.h" 46 #include "archive_private.h" 47 #include "archive_read_private.h" 48 49 /* RAR signature, also known as the mark header */ 50 #define RAR_SIGNATURE "\x52\x61\x72\x21\x1A\x07\x00" 51 52 /* Header types */ 53 #define MARK_HEAD 0x72 54 #define MAIN_HEAD 0x73 55 #define FILE_HEAD 0x74 56 #define COMM_HEAD 0x75 57 #define AV_HEAD 0x76 58 #define SUB_HEAD 0x77 59 #define PROTECT_HEAD 0x78 60 #define SIGN_HEAD 0x79 61 #define NEWSUB_HEAD 0x7a 62 #define ENDARC_HEAD 0x7b 63 64 /* Main Header Flags */ 65 #define MHD_VOLUME 0x0001 66 #define MHD_COMMENT 0x0002 67 #define MHD_LOCK 0x0004 68 #define MHD_SOLID 0x0008 69 #define MHD_NEWNUMBERING 0x0010 70 #define MHD_AV 0x0020 71 #define MHD_PROTECT 0x0040 72 #define MHD_PASSWORD 0x0080 73 #define MHD_FIRSTVOLUME 0x0100 74 #define MHD_ENCRYPTVER 0x0200 75 76 /* Flags common to all headers */ 77 #define HD_MARKDELETION 0x4000 78 #define HD_ADD_SIZE_PRESENT 0x8000 79 80 /* File Header Flags */ 81 #define FHD_SPLIT_BEFORE 0x0001 82 #define FHD_SPLIT_AFTER 0x0002 83 #define FHD_PASSWORD 0x0004 84 #define FHD_COMMENT 0x0008 85 #define FHD_SOLID 0x0010 86 #define FHD_LARGE 0x0100 87 #define FHD_UNICODE 0x0200 88 #define FHD_SALT 0x0400 89 #define FHD_VERSION 0x0800 90 #define FHD_EXTTIME 0x1000 91 #define FHD_EXTFLAGS 0x2000 92 93 /* File dictionary sizes */ 94 #define DICTIONARY_SIZE_64 0x00 95 #define DICTIONARY_SIZE_128 0x20 96 #define DICTIONARY_SIZE_256 0x40 97 #define DICTIONARY_SIZE_512 0x60 98 #define DICTIONARY_SIZE_1024 0x80 99 #define DICTIONARY_SIZE_2048 0xA0 100 #define DICTIONARY_SIZE_4096 0xC0 101 #define FILE_IS_DIRECTORY 0xE0 102 #define DICTIONARY_MASK FILE_IS_DIRECTORY 103 104 /* OS Flags */ 105 #define OS_MSDOS 0 106 #define OS_OS2 1 107 #define OS_WIN32 2 108 #define OS_UNIX 3 109 #define OS_MAC_OS 4 110 #define OS_BEOS 5 111 112 /* Compression Methods */ 113 #define COMPRESS_METHOD_STORE 0x30 114 /* LZSS */ 115 #define COMPRESS_METHOD_FASTEST 0x31 116 #define COMPRESS_METHOD_FAST 0x32 117 #define COMPRESS_METHOD_NORMAL 0x33 118 /* PPMd Variant H */ 119 #define COMPRESS_METHOD_GOOD 0x34 120 #define COMPRESS_METHOD_BEST 0x35 121 122 #define CRC_POLYNOMIAL 0xEDB88320 123 124 #define NS_UNIT 10000000 125 126 #define DICTIONARY_MAX_SIZE 0x400000 127 128 #define MAINCODE_SIZE 299 129 #define OFFSETCODE_SIZE 60 130 #define LOWOFFSETCODE_SIZE 17 131 #define LENGTHCODE_SIZE 28 132 #define HUFFMAN_TABLE_SIZE \ 133 MAINCODE_SIZE + OFFSETCODE_SIZE + LOWOFFSETCODE_SIZE + LENGTHCODE_SIZE 134 135 #define MAX_SYMBOL_LENGTH 0xF 136 #define MAX_SYMBOLS 20 137 138 /* Virtual Machine Properties */ 139 #define VM_MEMORY_SIZE 0x40000 140 #define VM_MEMORY_MASK (VM_MEMORY_SIZE - 1) 141 #define PROGRAM_WORK_SIZE 0x3C000 142 #define PROGRAM_GLOBAL_SIZE 0x2000 143 #define PROGRAM_SYSTEM_GLOBAL_ADDRESS PROGRAM_WORK_SIZE 144 #define PROGRAM_SYSTEM_GLOBAL_SIZE 0x40 145 #define PROGRAM_USER_GLOBAL_ADDRESS (PROGRAM_SYSTEM_GLOBAL_ADDRESS + PROGRAM_SYSTEM_GLOBAL_SIZE) 146 #define PROGRAM_USER_GLOBAL_SIZE (PROGRAM_GLOBAL_SIZE - PROGRAM_SYSTEM_GLOBAL_SIZE) 147 148 /* 149 * Considering L1,L2 cache miss and a calling of write system-call, 150 * the best size of the output buffer(uncompressed buffer) is 128K. 151 * If the structure of extracting process is changed, this value 152 * might be researched again. 153 */ 154 #define UNP_BUFFER_SIZE (128 * 1024) 155 156 /* Define this here for non-Windows platforms */ 157 #if !((defined(__WIN32__) || defined(_WIN32) || defined(__WIN32)) && !defined(__CYGWIN__)) 158 #define FILE_ATTRIBUTE_DIRECTORY 0x10 159 #endif 160 161 #undef minimum 162 #define minimum(a, b) ((a)<(b)?(a):(b)) 163 164 /* Stack overflow check */ 165 #define MAX_COMPRESS_DEPTH 1024 166 167 /* Fields common to all headers */ 168 struct rar_header 169 { 170 char crc[2]; 171 char type; 172 char flags[2]; 173 char size[2]; 174 }; 175 176 /* Fields common to all file headers */ 177 struct rar_file_header 178 { 179 char pack_size[4]; 180 char unp_size[4]; 181 char host_os; 182 char file_crc[4]; 183 char file_time[4]; 184 char unp_ver; 185 char method; 186 char name_size[2]; 187 char file_attr[4]; 188 }; 189 190 struct huffman_tree_node 191 { 192 int branches[2]; 193 }; 194 195 struct huffman_table_entry 196 { 197 unsigned int length; 198 int value; 199 }; 200 201 struct huffman_code 202 { 203 struct huffman_tree_node *tree; 204 int numentries; 205 int numallocatedentries; 206 int minlength; 207 int maxlength; 208 int tablesize; 209 struct huffman_table_entry *table; 210 }; 211 212 struct lzss 213 { 214 unsigned char *window; 215 int mask; 216 int64_t position; 217 }; 218 219 struct data_block_offsets 220 { 221 int64_t header_size; 222 int64_t start_offset; 223 int64_t end_offset; 224 }; 225 226 struct rar_program_code 227 { 228 uint8_t *staticdata; 229 uint32_t staticdatalen; 230 uint8_t *globalbackup; 231 uint32_t globalbackuplen; 232 uint64_t fingerprint; 233 uint32_t usagecount; 234 uint32_t oldfilterlength; 235 struct rar_program_code *next; 236 }; 237 238 struct rar_filter 239 { 240 struct rar_program_code *prog; 241 uint32_t initialregisters[8]; 242 uint8_t *globaldata; 243 uint32_t globaldatalen; 244 size_t blockstartpos; 245 uint32_t blocklength; 246 uint32_t filteredblockaddress; 247 uint32_t filteredblocklength; 248 struct rar_filter *next; 249 }; 250 251 struct memory_bit_reader 252 { 253 const uint8_t *bytes; 254 size_t length; 255 size_t offset; 256 uint64_t bits; 257 int available; 258 int at_eof; 259 }; 260 261 struct rar_virtual_machine 262 { 263 uint32_t registers[8]; 264 uint8_t memory[VM_MEMORY_SIZE + sizeof(uint32_t)]; 265 }; 266 267 struct rar_filters 268 { 269 struct rar_virtual_machine *vm; 270 struct rar_program_code *progs; 271 struct rar_filter *stack; 272 int64_t filterstart; 273 uint32_t lastfilternum; 274 int64_t lastend; 275 uint8_t *bytes; 276 size_t bytes_ready; 277 }; 278 279 struct audio_state 280 { 281 int8_t weight[5]; 282 int16_t delta[4]; 283 int8_t lastdelta; 284 int error[11]; 285 int count; 286 uint8_t lastbyte; 287 }; 288 289 struct rar 290 { 291 /* Entries from main RAR header */ 292 unsigned main_flags; 293 unsigned long file_crc; 294 char reserved1[2]; 295 char reserved2[4]; 296 char encryptver; 297 298 /* File header entries */ 299 char compression_method; 300 unsigned file_flags; 301 int64_t packed_size; 302 int64_t unp_size; 303 time_t mtime; 304 long mnsec; 305 mode_t mode; 306 char *filename; 307 char *filename_save; 308 size_t filename_save_size; 309 size_t filename_allocated; 310 311 /* File header optional entries */ 312 char salt[8]; 313 time_t atime; 314 long ansec; 315 time_t ctime; 316 long cnsec; 317 time_t arctime; 318 long arcnsec; 319 320 /* Fields to help with tracking decompression of files. */ 321 int64_t bytes_unconsumed; 322 int64_t bytes_remaining; 323 int64_t bytes_uncopied; 324 int64_t offset; 325 int64_t offset_outgoing; 326 int64_t offset_seek; 327 char valid; 328 unsigned int unp_offset; 329 unsigned int unp_buffer_size; 330 unsigned char *unp_buffer; 331 unsigned int dictionary_size; 332 char start_new_block; 333 char entry_eof; 334 unsigned long crc_calculated; 335 int found_first_header; 336 char has_endarc_header; 337 struct data_block_offsets *dbo; 338 unsigned int cursor; 339 unsigned int nodes; 340 char filename_must_match; 341 342 /* LZSS members */ 343 struct huffman_code maincode; 344 struct huffman_code offsetcode; 345 struct huffman_code lowoffsetcode; 346 struct huffman_code lengthcode; 347 unsigned char lengthtable[HUFFMAN_TABLE_SIZE]; 348 struct lzss lzss; 349 unsigned int lastlength; 350 unsigned int lastoffset; 351 unsigned int oldoffset[4]; 352 unsigned int lastlowoffset; 353 unsigned int numlowoffsetrepeats; 354 char start_new_table; 355 356 /* Filters */ 357 struct rar_filters filters; 358 359 /* PPMd Variant H members */ 360 char ppmd_valid; 361 char ppmd_eod; 362 char is_ppmd_block; 363 int ppmd_escape; 364 CPpmd7 ppmd7_context; 365 CPpmd7z_RangeDec range_dec; 366 IByteIn bytein; 367 368 /* 369 * String conversion object. 370 */ 371 int init_default_conversion; 372 struct archive_string_conv *sconv_default; 373 struct archive_string_conv *opt_sconv; 374 struct archive_string_conv *sconv_utf8; 375 struct archive_string_conv *sconv_utf16be; 376 377 /* 378 * Bit stream reader. 379 */ 380 struct rar_br { 381 #define CACHE_TYPE uint64_t 382 #define CACHE_BITS (8 * sizeof(CACHE_TYPE)) 383 /* Cache buffer. */ 384 CACHE_TYPE cache_buffer; 385 /* Indicates how many bits avail in cache_buffer. */ 386 int cache_avail; 387 ssize_t avail_in; 388 const unsigned char *next_in; 389 } br; 390 391 /* 392 * Custom field to denote that this archive contains encrypted entries 393 */ 394 int has_encrypted_entries; 395 }; 396 397 static int archive_read_support_format_rar_capabilities(struct archive_read *); 398 static int archive_read_format_rar_has_encrypted_entries(struct archive_read *); 399 static int archive_read_format_rar_bid(struct archive_read *, int); 400 static int archive_read_format_rar_options(struct archive_read *, 401 const char *, const char *); 402 static int archive_read_format_rar_read_header(struct archive_read *, 403 struct archive_entry *); 404 static int archive_read_format_rar_read_data(struct archive_read *, 405 const void **, size_t *, int64_t *); 406 static int archive_read_format_rar_read_data_skip(struct archive_read *a); 407 static int64_t archive_read_format_rar_seek_data(struct archive_read *, int64_t, 408 int); 409 static int archive_read_format_rar_cleanup(struct archive_read *); 410 411 /* Support functions */ 412 static int read_header(struct archive_read *, struct archive_entry *, char); 413 static time_t get_time(int); 414 static int read_exttime(const char *, struct rar *, const char *); 415 static int read_symlink_stored(struct archive_read *, struct archive_entry *, 416 struct archive_string_conv *); 417 static int read_data_stored(struct archive_read *, const void **, size_t *, 418 int64_t *); 419 static int read_data_compressed(struct archive_read *, const void **, size_t *, 420 int64_t *, size_t); 421 static int rar_br_preparation(struct archive_read *, struct rar_br *); 422 static int parse_codes(struct archive_read *); 423 static void free_codes(struct archive_read *); 424 static int read_next_symbol(struct archive_read *, struct huffman_code *); 425 static int create_code(struct archive_read *, struct huffman_code *, 426 unsigned char *, int, char); 427 static int add_value(struct archive_read *, struct huffman_code *, int, int, 428 int); 429 static int new_node(struct huffman_code *); 430 static int make_table(struct archive_read *, struct huffman_code *); 431 static int make_table_recurse(struct archive_read *, struct huffman_code *, int, 432 struct huffman_table_entry *, int, int); 433 static int expand(struct archive_read *, int64_t *); 434 static int copy_from_lzss_window_to_unp(struct archive_read *, const void **, 435 int64_t, int); 436 static const void *rar_read_ahead(struct archive_read *, size_t, ssize_t *); 437 static int parse_filter(struct archive_read *, const uint8_t *, uint16_t, 438 uint8_t); 439 static int run_filters(struct archive_read *); 440 static void clear_filters(struct rar_filters *); 441 static struct rar_filter *create_filter(struct rar_program_code *, 442 const uint8_t *, uint32_t, 443 uint32_t[8], size_t, uint32_t); 444 static void delete_filter(struct rar_filter *filter); 445 static struct rar_program_code *compile_program(const uint8_t *, size_t); 446 static void delete_program_code(struct rar_program_code *prog); 447 static uint32_t membr_next_rarvm_number(struct memory_bit_reader *br); 448 static inline uint32_t membr_bits(struct memory_bit_reader *br, int bits); 449 static int membr_fill(struct memory_bit_reader *br, int bits); 450 static int read_filter(struct archive_read *, int64_t *); 451 static int rar_decode_byte(struct archive_read*, uint8_t *); 452 static int execute_filter(struct archive_read*, struct rar_filter *, 453 struct rar_virtual_machine *, size_t); 454 static int copy_from_lzss_window(struct archive_read *, void *, int64_t, int); 455 static inline void vm_write_32(struct rar_virtual_machine*, size_t, uint32_t); 456 static inline uint32_t vm_read_32(struct rar_virtual_machine*, size_t); 457 458 /* 459 * Bit stream reader. 460 */ 461 /* Check that the cache buffer has enough bits. */ 462 #define rar_br_has(br, n) ((br)->cache_avail >= n) 463 /* Get compressed data by bit. */ 464 #define rar_br_bits(br, n) \ 465 (((uint32_t)((br)->cache_buffer >> \ 466 ((br)->cache_avail - (n)))) & cache_masks[n]) 467 #define rar_br_bits_forced(br, n) \ 468 (((uint32_t)((br)->cache_buffer << \ 469 ((n) - (br)->cache_avail))) & cache_masks[n]) 470 /* Read ahead to make sure the cache buffer has enough compressed data we 471 * will use. 472 * True : completed, there is enough data in the cache buffer. 473 * False : there is no data in the stream. */ 474 #define rar_br_read_ahead(a, br, n) \ 475 ((rar_br_has(br, (n)) || rar_br_fillup(a, br)) || rar_br_has(br, (n))) 476 /* Notify how many bits we consumed. */ 477 #define rar_br_consume(br, n) ((br)->cache_avail -= (n)) 478 #define rar_br_consume_unalined_bits(br) ((br)->cache_avail &= ~7) 479 480 static const uint32_t cache_masks[] = { 481 0x00000000, 0x00000001, 0x00000003, 0x00000007, 482 0x0000000F, 0x0000001F, 0x0000003F, 0x0000007F, 483 0x000000FF, 0x000001FF, 0x000003FF, 0x000007FF, 484 0x00000FFF, 0x00001FFF, 0x00003FFF, 0x00007FFF, 485 0x0000FFFF, 0x0001FFFF, 0x0003FFFF, 0x0007FFFF, 486 0x000FFFFF, 0x001FFFFF, 0x003FFFFF, 0x007FFFFF, 487 0x00FFFFFF, 0x01FFFFFF, 0x03FFFFFF, 0x07FFFFFF, 488 0x0FFFFFFF, 0x1FFFFFFF, 0x3FFFFFFF, 0x7FFFFFFF, 489 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF 490 }; 491 492 /* 493 * Shift away used bits in the cache data and fill it up with following bits. 494 * Call this when cache buffer does not have enough bits you need. 495 * 496 * Returns 1 if the cache buffer is full. 497 * Returns 0 if the cache buffer is not full; input buffer is empty. 498 */ 499 static int 500 rar_br_fillup(struct archive_read *a, struct rar_br *br) 501 { 502 struct rar *rar = (struct rar *)(a->format->data); 503 int n = CACHE_BITS - br->cache_avail; 504 505 for (;;) { 506 switch (n >> 3) { 507 case 8: 508 if (br->avail_in >= 8) { 509 br->cache_buffer = 510 ((uint64_t)br->next_in[0]) << 56 | 511 ((uint64_t)br->next_in[1]) << 48 | 512 ((uint64_t)br->next_in[2]) << 40 | 513 ((uint64_t)br->next_in[3]) << 32 | 514 ((uint32_t)br->next_in[4]) << 24 | 515 ((uint32_t)br->next_in[5]) << 16 | 516 ((uint32_t)br->next_in[6]) << 8 | 517 (uint32_t)br->next_in[7]; 518 br->next_in += 8; 519 br->avail_in -= 8; 520 br->cache_avail += 8 * 8; 521 rar->bytes_unconsumed += 8; 522 rar->bytes_remaining -= 8; 523 return (1); 524 } 525 break; 526 case 7: 527 if (br->avail_in >= 7) { 528 br->cache_buffer = 529 (br->cache_buffer << 56) | 530 ((uint64_t)br->next_in[0]) << 48 | 531 ((uint64_t)br->next_in[1]) << 40 | 532 ((uint64_t)br->next_in[2]) << 32 | 533 ((uint32_t)br->next_in[3]) << 24 | 534 ((uint32_t)br->next_in[4]) << 16 | 535 ((uint32_t)br->next_in[5]) << 8 | 536 (uint32_t)br->next_in[6]; 537 br->next_in += 7; 538 br->avail_in -= 7; 539 br->cache_avail += 7 * 8; 540 rar->bytes_unconsumed += 7; 541 rar->bytes_remaining -= 7; 542 return (1); 543 } 544 break; 545 case 6: 546 if (br->avail_in >= 6) { 547 br->cache_buffer = 548 (br->cache_buffer << 48) | 549 ((uint64_t)br->next_in[0]) << 40 | 550 ((uint64_t)br->next_in[1]) << 32 | 551 ((uint32_t)br->next_in[2]) << 24 | 552 ((uint32_t)br->next_in[3]) << 16 | 553 ((uint32_t)br->next_in[4]) << 8 | 554 (uint32_t)br->next_in[5]; 555 br->next_in += 6; 556 br->avail_in -= 6; 557 br->cache_avail += 6 * 8; 558 rar->bytes_unconsumed += 6; 559 rar->bytes_remaining -= 6; 560 return (1); 561 } 562 break; 563 case 0: 564 /* We have enough compressed data in 565 * the cache buffer.*/ 566 return (1); 567 default: 568 break; 569 } 570 if (br->avail_in <= 0) { 571 572 if (rar->bytes_unconsumed > 0) { 573 /* Consume as much as the decompressor 574 * actually used. */ 575 __archive_read_consume(a, rar->bytes_unconsumed); 576 rar->bytes_unconsumed = 0; 577 } 578 br->next_in = rar_read_ahead(a, 1, &(br->avail_in)); 579 if (br->next_in == NULL) 580 return (0); 581 if (br->avail_in == 0) 582 return (0); 583 } 584 br->cache_buffer = 585 (br->cache_buffer << 8) | *br->next_in++; 586 br->avail_in--; 587 br->cache_avail += 8; 588 n -= 8; 589 rar->bytes_unconsumed++; 590 rar->bytes_remaining--; 591 } 592 } 593 594 static int 595 rar_br_preparation(struct archive_read *a, struct rar_br *br) 596 { 597 struct rar *rar = (struct rar *)(a->format->data); 598 599 if (rar->bytes_remaining > 0) { 600 br->next_in = rar_read_ahead(a, 1, &(br->avail_in)); 601 if (br->next_in == NULL) { 602 archive_set_error(&a->archive, 603 ARCHIVE_ERRNO_FILE_FORMAT, 604 "Truncated RAR file data"); 605 return (ARCHIVE_FATAL); 606 } 607 if (br->cache_avail == 0) 608 (void)rar_br_fillup(a, br); 609 } 610 return (ARCHIVE_OK); 611 } 612 613 /* Find last bit set */ 614 static inline int 615 rar_fls(unsigned int word) 616 { 617 word |= (word >> 1); 618 word |= (word >> 2); 619 word |= (word >> 4); 620 word |= (word >> 8); 621 word |= (word >> 16); 622 return word - (word >> 1); 623 } 624 625 /* LZSS functions */ 626 static inline int64_t 627 lzss_position(struct lzss *lzss) 628 { 629 return lzss->position; 630 } 631 632 static inline int 633 lzss_mask(struct lzss *lzss) 634 { 635 return lzss->mask; 636 } 637 638 static inline int 639 lzss_size(struct lzss *lzss) 640 { 641 return lzss->mask + 1; 642 } 643 644 static inline int 645 lzss_offset_for_position(struct lzss *lzss, int64_t pos) 646 { 647 return (int)(pos & lzss->mask); 648 } 649 650 static inline unsigned char * 651 lzss_pointer_for_position(struct lzss *lzss, int64_t pos) 652 { 653 return &lzss->window[lzss_offset_for_position(lzss, pos)]; 654 } 655 656 static inline int 657 lzss_current_offset(struct lzss *lzss) 658 { 659 return lzss_offset_for_position(lzss, lzss->position); 660 } 661 662 static inline uint8_t * 663 lzss_current_pointer(struct lzss *lzss) 664 { 665 return lzss_pointer_for_position(lzss, lzss->position); 666 } 667 668 static inline void 669 lzss_emit_literal(struct rar *rar, uint8_t literal) 670 { 671 *lzss_current_pointer(&rar->lzss) = literal; 672 rar->lzss.position++; 673 } 674 675 static inline void 676 lzss_emit_match(struct rar *rar, int offset, int length) 677 { 678 int dstoffs = lzss_current_offset(&rar->lzss); 679 int srcoffs = (dstoffs - offset) & lzss_mask(&rar->lzss); 680 int l, li, remaining; 681 unsigned char *d, *s; 682 683 remaining = length; 684 while (remaining > 0) { 685 l = remaining; 686 if (dstoffs > srcoffs) { 687 if (l > lzss_size(&rar->lzss) - dstoffs) 688 l = lzss_size(&rar->lzss) - dstoffs; 689 } else { 690 if (l > lzss_size(&rar->lzss) - srcoffs) 691 l = lzss_size(&rar->lzss) - srcoffs; 692 } 693 d = &(rar->lzss.window[dstoffs]); 694 s = &(rar->lzss.window[srcoffs]); 695 if ((dstoffs + l < srcoffs) || (srcoffs + l < dstoffs)) 696 memcpy(d, s, l); 697 else { 698 for (li = 0; li < l; li++) 699 d[li] = s[li]; 700 } 701 remaining -= l; 702 dstoffs = (dstoffs + l) & lzss_mask(&(rar->lzss)); 703 srcoffs = (srcoffs + l) & lzss_mask(&(rar->lzss)); 704 } 705 rar->lzss.position += length; 706 } 707 708 static Byte 709 ppmd_read(void *p) 710 { 711 struct archive_read *a = ((IByteIn*)p)->a; 712 struct rar *rar = (struct rar *)(a->format->data); 713 struct rar_br *br = &(rar->br); 714 Byte b; 715 if (!rar_br_read_ahead(a, br, 8)) 716 { 717 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 718 "Truncated RAR file data"); 719 rar->valid = 0; 720 return 0; 721 } 722 b = rar_br_bits(br, 8); 723 rar_br_consume(br, 8); 724 return b; 725 } 726 727 int 728 archive_read_support_format_rar(struct archive *_a) 729 { 730 struct archive_read *a = (struct archive_read *)_a; 731 struct rar *rar; 732 int r; 733 734 archive_check_magic(_a, ARCHIVE_READ_MAGIC, ARCHIVE_STATE_NEW, 735 "archive_read_support_format_rar"); 736 737 rar = (struct rar *)calloc(sizeof(*rar), 1); 738 if (rar == NULL) 739 { 740 archive_set_error(&a->archive, ENOMEM, "Can't allocate rar data"); 741 return (ARCHIVE_FATAL); 742 } 743 744 /* 745 * Until enough data has been read, we cannot tell about 746 * any encrypted entries yet. 747 */ 748 rar->has_encrypted_entries = ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW; 749 750 r = __archive_read_register_format(a, 751 rar, 752 "rar", 753 archive_read_format_rar_bid, 754 archive_read_format_rar_options, 755 archive_read_format_rar_read_header, 756 archive_read_format_rar_read_data, 757 archive_read_format_rar_read_data_skip, 758 archive_read_format_rar_seek_data, 759 archive_read_format_rar_cleanup, 760 archive_read_support_format_rar_capabilities, 761 archive_read_format_rar_has_encrypted_entries); 762 763 if (r != ARCHIVE_OK) 764 free(rar); 765 return (r); 766 } 767 768 static int 769 archive_read_support_format_rar_capabilities(struct archive_read * a) 770 { 771 (void)a; /* UNUSED */ 772 return (ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA 773 | ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA); 774 } 775 776 static int 777 archive_read_format_rar_has_encrypted_entries(struct archive_read *_a) 778 { 779 if (_a && _a->format) { 780 struct rar * rar = (struct rar *)_a->format->data; 781 if (rar) { 782 return rar->has_encrypted_entries; 783 } 784 } 785 return ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW; 786 } 787 788 789 static int 790 archive_read_format_rar_bid(struct archive_read *a, int best_bid) 791 { 792 const char *p; 793 794 /* If there's already a bid > 30, we'll never win. */ 795 if (best_bid > 30) 796 return (-1); 797 798 if ((p = __archive_read_ahead(a, 7, NULL)) == NULL) 799 return (-1); 800 801 if (memcmp(p, RAR_SIGNATURE, 7) == 0) 802 return (30); 803 804 if ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0) { 805 /* This is a PE file */ 806 ssize_t offset = 0x10000; 807 ssize_t window = 4096; 808 ssize_t bytes_avail; 809 while (offset + window <= (1024 * 128)) { 810 const char *buff = __archive_read_ahead(a, offset + window, &bytes_avail); 811 if (buff == NULL) { 812 /* Remaining bytes are less than window. */ 813 window >>= 1; 814 if (window < 0x40) 815 return (0); 816 continue; 817 } 818 p = buff + offset; 819 while (p + 7 < buff + bytes_avail) { 820 if (memcmp(p, RAR_SIGNATURE, 7) == 0) 821 return (30); 822 p += 0x10; 823 } 824 offset = p - buff; 825 } 826 } 827 return (0); 828 } 829 830 static int 831 skip_sfx(struct archive_read *a) 832 { 833 const void *h; 834 const char *p, *q; 835 size_t skip, total; 836 ssize_t bytes, window; 837 838 total = 0; 839 window = 4096; 840 while (total + window <= (1024 * 128)) { 841 h = __archive_read_ahead(a, window, &bytes); 842 if (h == NULL) { 843 /* Remaining bytes are less than window. */ 844 window >>= 1; 845 if (window < 0x40) 846 goto fatal; 847 continue; 848 } 849 if (bytes < 0x40) 850 goto fatal; 851 p = h; 852 q = p + bytes; 853 854 /* 855 * Scan ahead until we find something that looks 856 * like the RAR header. 857 */ 858 while (p + 7 < q) { 859 if (memcmp(p, RAR_SIGNATURE, 7) == 0) { 860 skip = p - (const char *)h; 861 __archive_read_consume(a, skip); 862 return (ARCHIVE_OK); 863 } 864 p += 0x10; 865 } 866 skip = p - (const char *)h; 867 __archive_read_consume(a, skip); 868 total += skip; 869 } 870 fatal: 871 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 872 "Couldn't find out RAR header"); 873 return (ARCHIVE_FATAL); 874 } 875 876 static int 877 archive_read_format_rar_options(struct archive_read *a, 878 const char *key, const char *val) 879 { 880 struct rar *rar; 881 int ret = ARCHIVE_FAILED; 882 883 rar = (struct rar *)(a->format->data); 884 if (strcmp(key, "hdrcharset") == 0) { 885 if (val == NULL || val[0] == 0) 886 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 887 "rar: hdrcharset option needs a character-set name"); 888 else { 889 rar->opt_sconv = 890 archive_string_conversion_from_charset( 891 &a->archive, val, 0); 892 if (rar->opt_sconv != NULL) 893 ret = ARCHIVE_OK; 894 else 895 ret = ARCHIVE_FATAL; 896 } 897 return (ret); 898 } 899 900 /* Note: The "warn" return is just to inform the options 901 * supervisor that we didn't handle it. It will generate 902 * a suitable error if no one used this option. */ 903 return (ARCHIVE_WARN); 904 } 905 906 static int 907 archive_read_format_rar_read_header(struct archive_read *a, 908 struct archive_entry *entry) 909 { 910 const void *h; 911 const char *p; 912 struct rar *rar; 913 size_t skip; 914 char head_type; 915 int ret; 916 unsigned flags; 917 unsigned long crc32_expected; 918 919 a->archive.archive_format = ARCHIVE_FORMAT_RAR; 920 if (a->archive.archive_format_name == NULL) 921 a->archive.archive_format_name = "RAR"; 922 923 rar = (struct rar *)(a->format->data); 924 925 /* 926 * It should be sufficient to call archive_read_next_header() for 927 * a reader to determine if an entry is encrypted or not. If the 928 * encryption of an entry is only detectable when calling 929 * archive_read_data(), so be it. We'll do the same check there 930 * as well. 931 */ 932 if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) { 933 rar->has_encrypted_entries = 0; 934 } 935 936 /* RAR files can be generated without EOF headers, so return ARCHIVE_EOF if 937 * this fails. 938 */ 939 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL) 940 return (ARCHIVE_EOF); 941 942 p = h; 943 if (rar->found_first_header == 0 && 944 ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0)) { 945 /* This is an executable ? Must be self-extracting... */ 946 ret = skip_sfx(a); 947 if (ret < ARCHIVE_WARN) 948 return (ret); 949 } 950 rar->found_first_header = 1; 951 952 while (1) 953 { 954 unsigned long crc32_val; 955 956 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL) 957 return (ARCHIVE_FATAL); 958 p = h; 959 960 head_type = p[2]; 961 switch(head_type) 962 { 963 case MARK_HEAD: 964 if (memcmp(p, RAR_SIGNATURE, 7) != 0) { 965 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 966 "Invalid marker header"); 967 return (ARCHIVE_FATAL); 968 } 969 __archive_read_consume(a, 7); 970 break; 971 972 case MAIN_HEAD: 973 rar->main_flags = archive_le16dec(p + 3); 974 skip = archive_le16dec(p + 5); 975 if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)) { 976 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 977 "Invalid header size"); 978 return (ARCHIVE_FATAL); 979 } 980 if ((h = __archive_read_ahead(a, skip, NULL)) == NULL) 981 return (ARCHIVE_FATAL); 982 p = h; 983 memcpy(rar->reserved1, p + 7, sizeof(rar->reserved1)); 984 memcpy(rar->reserved2, p + 7 + sizeof(rar->reserved1), 985 sizeof(rar->reserved2)); 986 if (rar->main_flags & MHD_ENCRYPTVER) { 987 if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)+1) { 988 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 989 "Invalid header size"); 990 return (ARCHIVE_FATAL); 991 } 992 rar->encryptver = *(p + 7 + sizeof(rar->reserved1) + 993 sizeof(rar->reserved2)); 994 } 995 996 /* Main header is password encrypted, so we cannot read any 997 file names or any other info about files from the header. */ 998 if (rar->main_flags & MHD_PASSWORD) 999 { 1000 archive_entry_set_is_metadata_encrypted(entry, 1); 1001 archive_entry_set_is_data_encrypted(entry, 1); 1002 rar->has_encrypted_entries = 1; 1003 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1004 "RAR encryption support unavailable."); 1005 return (ARCHIVE_FATAL); 1006 } 1007 1008 crc32_val = crc32(0, (const unsigned char *)p + 2, (unsigned)skip - 2); 1009 if ((crc32_val & 0xffff) != archive_le16dec(p)) { 1010 #ifndef DONT_FAIL_ON_CRC_ERROR 1011 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1012 "Header CRC error"); 1013 return (ARCHIVE_FATAL); 1014 #endif 1015 } 1016 __archive_read_consume(a, skip); 1017 break; 1018 1019 case FILE_HEAD: 1020 return read_header(a, entry, head_type); 1021 1022 case COMM_HEAD: 1023 case AV_HEAD: 1024 case SUB_HEAD: 1025 case PROTECT_HEAD: 1026 case SIGN_HEAD: 1027 case ENDARC_HEAD: 1028 flags = archive_le16dec(p + 3); 1029 skip = archive_le16dec(p + 5); 1030 if (skip < 7) { 1031 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1032 "Invalid header size too small"); 1033 return (ARCHIVE_FATAL); 1034 } 1035 if (flags & HD_ADD_SIZE_PRESENT) 1036 { 1037 if (skip < 7 + 4) { 1038 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1039 "Invalid header size too small"); 1040 return (ARCHIVE_FATAL); 1041 } 1042 if ((h = __archive_read_ahead(a, skip, NULL)) == NULL) 1043 return (ARCHIVE_FATAL); 1044 p = h; 1045 skip += archive_le32dec(p + 7); 1046 } 1047 1048 /* Skip over the 2-byte CRC at the beginning of the header. */ 1049 crc32_expected = archive_le16dec(p); 1050 __archive_read_consume(a, 2); 1051 skip -= 2; 1052 1053 /* Skim the entire header and compute the CRC. */ 1054 crc32_val = 0; 1055 while (skip > 0) { 1056 size_t to_read = skip; 1057 if (to_read > 32 * 1024) 1058 to_read = 32 * 1024; 1059 if ((h = __archive_read_ahead(a, to_read, NULL)) == NULL) { 1060 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1061 "Bad RAR file"); 1062 return (ARCHIVE_FATAL); 1063 } 1064 p = h; 1065 crc32_val = crc32(crc32_val, (const unsigned char *)p, (unsigned int)to_read); 1066 __archive_read_consume(a, to_read); 1067 skip -= to_read; 1068 } 1069 if ((crc32_val & 0xffff) != crc32_expected) { 1070 #ifndef DONT_FAIL_ON_CRC_ERROR 1071 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1072 "Header CRC error"); 1073 return (ARCHIVE_FATAL); 1074 #endif 1075 } 1076 if (head_type == ENDARC_HEAD) 1077 return (ARCHIVE_EOF); 1078 break; 1079 1080 case NEWSUB_HEAD: 1081 if ((ret = read_header(a, entry, head_type)) < ARCHIVE_WARN) 1082 return ret; 1083 break; 1084 1085 default: 1086 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1087 "Bad RAR file"); 1088 return (ARCHIVE_FATAL); 1089 } 1090 } 1091 } 1092 1093 static int 1094 archive_read_format_rar_read_data(struct archive_read *a, const void **buff, 1095 size_t *size, int64_t *offset) 1096 { 1097 struct rar *rar = (struct rar *)(a->format->data); 1098 int ret; 1099 1100 if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) { 1101 rar->has_encrypted_entries = 0; 1102 } 1103 1104 if (rar->bytes_unconsumed > 0) { 1105 /* Consume as much as the decompressor actually used. */ 1106 __archive_read_consume(a, rar->bytes_unconsumed); 1107 rar->bytes_unconsumed = 0; 1108 } 1109 1110 *buff = NULL; 1111 if (rar->entry_eof || rar->offset_seek >= rar->unp_size) { 1112 *size = 0; 1113 *offset = rar->offset; 1114 if (*offset < rar->unp_size) 1115 *offset = rar->unp_size; 1116 return (ARCHIVE_EOF); 1117 } 1118 1119 switch (rar->compression_method) 1120 { 1121 case COMPRESS_METHOD_STORE: 1122 ret = read_data_stored(a, buff, size, offset); 1123 break; 1124 1125 case COMPRESS_METHOD_FASTEST: 1126 case COMPRESS_METHOD_FAST: 1127 case COMPRESS_METHOD_NORMAL: 1128 case COMPRESS_METHOD_GOOD: 1129 case COMPRESS_METHOD_BEST: 1130 ret = read_data_compressed(a, buff, size, offset, 0); 1131 if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) { 1132 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); 1133 rar->start_new_table = 1; 1134 rar->ppmd_valid = 0; 1135 } 1136 break; 1137 1138 default: 1139 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1140 "Unsupported compression method for RAR file."); 1141 ret = ARCHIVE_FATAL; 1142 break; 1143 } 1144 return (ret); 1145 } 1146 1147 static int 1148 archive_read_format_rar_read_data_skip(struct archive_read *a) 1149 { 1150 struct rar *rar; 1151 int64_t bytes_skipped; 1152 int ret; 1153 1154 rar = (struct rar *)(a->format->data); 1155 1156 if (rar->bytes_unconsumed > 0) { 1157 /* Consume as much as the decompressor actually used. */ 1158 __archive_read_consume(a, rar->bytes_unconsumed); 1159 rar->bytes_unconsumed = 0; 1160 } 1161 1162 if (rar->bytes_remaining > 0) { 1163 bytes_skipped = __archive_read_consume(a, rar->bytes_remaining); 1164 if (bytes_skipped < 0) 1165 return (ARCHIVE_FATAL); 1166 } 1167 1168 /* Compressed data to skip must be read from each header in a multivolume 1169 * archive. 1170 */ 1171 if (rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER) 1172 { 1173 ret = archive_read_format_rar_read_header(a, a->entry); 1174 if (ret == (ARCHIVE_EOF)) 1175 ret = archive_read_format_rar_read_header(a, a->entry); 1176 if (ret != (ARCHIVE_OK)) 1177 return ret; 1178 return archive_read_format_rar_read_data_skip(a); 1179 } 1180 1181 return (ARCHIVE_OK); 1182 } 1183 1184 static int64_t 1185 archive_read_format_rar_seek_data(struct archive_read *a, int64_t offset, 1186 int whence) 1187 { 1188 int64_t client_offset, ret; 1189 unsigned int i; 1190 struct rar *rar = (struct rar *)(a->format->data); 1191 1192 if (rar->compression_method == COMPRESS_METHOD_STORE) 1193 { 1194 /* Modify the offset for use with SEEK_SET */ 1195 switch (whence) 1196 { 1197 case SEEK_CUR: 1198 client_offset = rar->offset_seek; 1199 break; 1200 case SEEK_END: 1201 client_offset = rar->unp_size; 1202 break; 1203 case SEEK_SET: 1204 default: 1205 client_offset = 0; 1206 } 1207 client_offset += offset; 1208 if (client_offset < 0) 1209 { 1210 /* Can't seek past beginning of data block */ 1211 return -1; 1212 } 1213 else if (client_offset > rar->unp_size) 1214 { 1215 /* 1216 * Set the returned offset but only seek to the end of 1217 * the data block. 1218 */ 1219 rar->offset_seek = client_offset; 1220 client_offset = rar->unp_size; 1221 } 1222 1223 client_offset += rar->dbo[0].start_offset; 1224 i = 0; 1225 while (i < rar->cursor) 1226 { 1227 i++; 1228 client_offset += rar->dbo[i].start_offset - rar->dbo[i-1].end_offset; 1229 } 1230 if (rar->main_flags & MHD_VOLUME) 1231 { 1232 /* Find the appropriate offset among the multivolume archive */ 1233 while (1) 1234 { 1235 if (client_offset < rar->dbo[rar->cursor].start_offset && 1236 rar->file_flags & FHD_SPLIT_BEFORE) 1237 { 1238 /* Search backwards for the correct data block */ 1239 if (rar->cursor == 0) 1240 { 1241 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1242 "Attempt to seek past beginning of RAR data block"); 1243 return (ARCHIVE_FAILED); 1244 } 1245 rar->cursor--; 1246 client_offset -= rar->dbo[rar->cursor+1].start_offset - 1247 rar->dbo[rar->cursor].end_offset; 1248 if (client_offset < rar->dbo[rar->cursor].start_offset) 1249 continue; 1250 ret = __archive_read_seek(a, rar->dbo[rar->cursor].start_offset - 1251 rar->dbo[rar->cursor].header_size, SEEK_SET); 1252 if (ret < (ARCHIVE_OK)) 1253 return ret; 1254 ret = archive_read_format_rar_read_header(a, a->entry); 1255 if (ret != (ARCHIVE_OK)) 1256 { 1257 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1258 "Error during seek of RAR file"); 1259 return (ARCHIVE_FAILED); 1260 } 1261 rar->cursor--; 1262 break; 1263 } 1264 else if (client_offset > rar->dbo[rar->cursor].end_offset && 1265 rar->file_flags & FHD_SPLIT_AFTER) 1266 { 1267 /* Search forward for the correct data block */ 1268 rar->cursor++; 1269 if (rar->cursor < rar->nodes && 1270 client_offset > rar->dbo[rar->cursor].end_offset) 1271 { 1272 client_offset += rar->dbo[rar->cursor].start_offset - 1273 rar->dbo[rar->cursor-1].end_offset; 1274 continue; 1275 } 1276 rar->cursor--; 1277 ret = __archive_read_seek(a, rar->dbo[rar->cursor].end_offset, 1278 SEEK_SET); 1279 if (ret < (ARCHIVE_OK)) 1280 return ret; 1281 ret = archive_read_format_rar_read_header(a, a->entry); 1282 if (ret == (ARCHIVE_EOF)) 1283 { 1284 rar->has_endarc_header = 1; 1285 ret = archive_read_format_rar_read_header(a, a->entry); 1286 } 1287 if (ret != (ARCHIVE_OK)) 1288 { 1289 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1290 "Error during seek of RAR file"); 1291 return (ARCHIVE_FAILED); 1292 } 1293 client_offset += rar->dbo[rar->cursor].start_offset - 1294 rar->dbo[rar->cursor-1].end_offset; 1295 continue; 1296 } 1297 break; 1298 } 1299 } 1300 1301 ret = __archive_read_seek(a, client_offset, SEEK_SET); 1302 if (ret < (ARCHIVE_OK)) 1303 return ret; 1304 rar->bytes_remaining = rar->dbo[rar->cursor].end_offset - ret; 1305 i = rar->cursor; 1306 while (i > 0) 1307 { 1308 i--; 1309 ret -= rar->dbo[i+1].start_offset - rar->dbo[i].end_offset; 1310 } 1311 ret -= rar->dbo[0].start_offset; 1312 1313 /* Always restart reading the file after a seek */ 1314 __archive_reset_read_data(&a->archive); 1315 1316 rar->bytes_unconsumed = 0; 1317 rar->offset = 0; 1318 1319 /* 1320 * If a seek past the end of file was requested, return the requested 1321 * offset. 1322 */ 1323 if (ret == rar->unp_size && rar->offset_seek > rar->unp_size) 1324 return rar->offset_seek; 1325 1326 /* Return the new offset */ 1327 rar->offset_seek = ret; 1328 return rar->offset_seek; 1329 } 1330 else 1331 { 1332 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1333 "Seeking of compressed RAR files is unsupported"); 1334 } 1335 return (ARCHIVE_FAILED); 1336 } 1337 1338 static int 1339 archive_read_format_rar_cleanup(struct archive_read *a) 1340 { 1341 struct rar *rar; 1342 1343 rar = (struct rar *)(a->format->data); 1344 free_codes(a); 1345 clear_filters(&rar->filters); 1346 free(rar->filename); 1347 free(rar->filename_save); 1348 free(rar->dbo); 1349 free(rar->unp_buffer); 1350 free(rar->lzss.window); 1351 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); 1352 free(rar); 1353 (a->format->data) = NULL; 1354 return (ARCHIVE_OK); 1355 } 1356 1357 static int 1358 read_header(struct archive_read *a, struct archive_entry *entry, 1359 char head_type) 1360 { 1361 const void *h; 1362 const char *p, *endp; 1363 struct rar *rar; 1364 struct rar_header rar_header; 1365 struct rar_file_header file_header; 1366 int64_t header_size; 1367 unsigned filename_size, end; 1368 char *filename; 1369 char *strp; 1370 char packed_size[8]; 1371 char unp_size[8]; 1372 int ttime; 1373 struct archive_string_conv *sconv, *fn_sconv; 1374 unsigned long crc32_val; 1375 int ret = (ARCHIVE_OK), ret2; 1376 1377 rar = (struct rar *)(a->format->data); 1378 1379 /* Setup a string conversion object for non-rar-unicode filenames. */ 1380 sconv = rar->opt_sconv; 1381 if (sconv == NULL) { 1382 if (!rar->init_default_conversion) { 1383 rar->sconv_default = 1384 archive_string_default_conversion_for_read( 1385 &(a->archive)); 1386 rar->init_default_conversion = 1; 1387 } 1388 sconv = rar->sconv_default; 1389 } 1390 1391 1392 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL) 1393 return (ARCHIVE_FATAL); 1394 p = h; 1395 memcpy(&rar_header, p, sizeof(rar_header)); 1396 rar->file_flags = archive_le16dec(rar_header.flags); 1397 header_size = archive_le16dec(rar_header.size); 1398 if (header_size < (int64_t)sizeof(file_header) + 7) { 1399 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1400 "Invalid header size"); 1401 return (ARCHIVE_FATAL); 1402 } 1403 crc32_val = crc32(0, (const unsigned char *)p + 2, 7 - 2); 1404 __archive_read_consume(a, 7); 1405 1406 if (!(rar->file_flags & FHD_SOLID)) 1407 { 1408 rar->compression_method = 0; 1409 rar->packed_size = 0; 1410 rar->unp_size = 0; 1411 rar->mtime = 0; 1412 rar->ctime = 0; 1413 rar->atime = 0; 1414 rar->arctime = 0; 1415 rar->mode = 0; 1416 memset(&rar->salt, 0, sizeof(rar->salt)); 1417 rar->atime = 0; 1418 rar->ansec = 0; 1419 rar->ctime = 0; 1420 rar->cnsec = 0; 1421 rar->mtime = 0; 1422 rar->mnsec = 0; 1423 rar->arctime = 0; 1424 rar->arcnsec = 0; 1425 } 1426 else 1427 { 1428 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1429 "RAR solid archive support unavailable."); 1430 return (ARCHIVE_FATAL); 1431 } 1432 1433 if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL) 1434 return (ARCHIVE_FATAL); 1435 1436 /* File Header CRC check. */ 1437 crc32_val = crc32(crc32_val, h, (unsigned)(header_size - 7)); 1438 if ((crc32_val & 0xffff) != archive_le16dec(rar_header.crc)) { 1439 #ifndef DONT_FAIL_ON_CRC_ERROR 1440 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1441 "Header CRC error"); 1442 return (ARCHIVE_FATAL); 1443 #endif 1444 } 1445 /* If no CRC error, Go on parsing File Header. */ 1446 p = h; 1447 endp = p + header_size - 7; 1448 memcpy(&file_header, p, sizeof(file_header)); 1449 p += sizeof(file_header); 1450 1451 rar->compression_method = file_header.method; 1452 1453 ttime = archive_le32dec(file_header.file_time); 1454 rar->mtime = get_time(ttime); 1455 1456 rar->file_crc = archive_le32dec(file_header.file_crc); 1457 1458 if (rar->file_flags & FHD_PASSWORD) 1459 { 1460 archive_entry_set_is_data_encrypted(entry, 1); 1461 rar->has_encrypted_entries = 1; 1462 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1463 "RAR encryption support unavailable."); 1464 /* Since it is only the data part itself that is encrypted we can at least 1465 extract information about the currently processed entry and don't need 1466 to return ARCHIVE_FATAL here. */ 1467 /*return (ARCHIVE_FATAL);*/ 1468 } 1469 1470 if (rar->file_flags & FHD_LARGE) 1471 { 1472 memcpy(packed_size, file_header.pack_size, 4); 1473 memcpy(packed_size + 4, p, 4); /* High pack size */ 1474 p += 4; 1475 memcpy(unp_size, file_header.unp_size, 4); 1476 memcpy(unp_size + 4, p, 4); /* High unpack size */ 1477 p += 4; 1478 rar->packed_size = archive_le64dec(&packed_size); 1479 rar->unp_size = archive_le64dec(&unp_size); 1480 } 1481 else 1482 { 1483 rar->packed_size = archive_le32dec(file_header.pack_size); 1484 rar->unp_size = archive_le32dec(file_header.unp_size); 1485 } 1486 1487 if (rar->packed_size < 0 || rar->unp_size < 0) 1488 { 1489 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1490 "Invalid sizes specified."); 1491 return (ARCHIVE_FATAL); 1492 } 1493 1494 rar->bytes_remaining = rar->packed_size; 1495 1496 /* TODO: RARv3 subblocks contain comments. For now the complete block is 1497 * consumed at the end. 1498 */ 1499 if (head_type == NEWSUB_HEAD) { 1500 size_t distance = p - (const char *)h; 1501 header_size += rar->packed_size; 1502 /* Make sure we have the extended data. */ 1503 if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL) 1504 return (ARCHIVE_FATAL); 1505 p = h; 1506 endp = p + header_size - 7; 1507 p += distance; 1508 } 1509 1510 filename_size = archive_le16dec(file_header.name_size); 1511 if (p + filename_size > endp) { 1512 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1513 "Invalid filename size"); 1514 return (ARCHIVE_FATAL); 1515 } 1516 if (rar->filename_allocated < filename_size * 2 + 2) { 1517 char *newptr; 1518 size_t newsize = filename_size * 2 + 2; 1519 newptr = realloc(rar->filename, newsize); 1520 if (newptr == NULL) { 1521 archive_set_error(&a->archive, ENOMEM, 1522 "Couldn't allocate memory."); 1523 return (ARCHIVE_FATAL); 1524 } 1525 rar->filename = newptr; 1526 rar->filename_allocated = newsize; 1527 } 1528 filename = rar->filename; 1529 memcpy(filename, p, filename_size); 1530 filename[filename_size] = '\0'; 1531 if (rar->file_flags & FHD_UNICODE) 1532 { 1533 if (filename_size != strlen(filename)) 1534 { 1535 unsigned char highbyte, flagbits, flagbyte; 1536 unsigned fn_end, offset; 1537 1538 end = filename_size; 1539 fn_end = filename_size * 2; 1540 filename_size = 0; 1541 offset = (unsigned)strlen(filename) + 1; 1542 highbyte = *(p + offset++); 1543 flagbits = 0; 1544 flagbyte = 0; 1545 while (offset < end && filename_size < fn_end) 1546 { 1547 if (!flagbits) 1548 { 1549 flagbyte = *(p + offset++); 1550 flagbits = 8; 1551 } 1552 1553 flagbits -= 2; 1554 switch((flagbyte >> flagbits) & 3) 1555 { 1556 case 0: 1557 filename[filename_size++] = '\0'; 1558 filename[filename_size++] = *(p + offset++); 1559 break; 1560 case 1: 1561 filename[filename_size++] = highbyte; 1562 filename[filename_size++] = *(p + offset++); 1563 break; 1564 case 2: 1565 filename[filename_size++] = *(p + offset + 1); 1566 filename[filename_size++] = *(p + offset); 1567 offset += 2; 1568 break; 1569 case 3: 1570 { 1571 char extra, high; 1572 uint8_t length = *(p + offset++); 1573 1574 if (length & 0x80) { 1575 extra = *(p + offset++); 1576 high = (char)highbyte; 1577 } else 1578 extra = high = 0; 1579 length = (length & 0x7f) + 2; 1580 while (length && filename_size < fn_end) { 1581 unsigned cp = filename_size >> 1; 1582 filename[filename_size++] = high; 1583 filename[filename_size++] = p[cp] + extra; 1584 length--; 1585 } 1586 } 1587 break; 1588 } 1589 } 1590 if (filename_size > fn_end) { 1591 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1592 "Invalid filename"); 1593 return (ARCHIVE_FATAL); 1594 } 1595 filename[filename_size++] = '\0'; 1596 /* 1597 * Do not increment filename_size here as the computations below 1598 * add the space for the terminating NUL explicitly. 1599 */ 1600 filename[filename_size] = '\0'; 1601 1602 /* Decoded unicode form is UTF-16BE, so we have to update a string 1603 * conversion object for it. */ 1604 if (rar->sconv_utf16be == NULL) { 1605 rar->sconv_utf16be = archive_string_conversion_from_charset( 1606 &a->archive, "UTF-16BE", 1); 1607 if (rar->sconv_utf16be == NULL) 1608 return (ARCHIVE_FATAL); 1609 } 1610 fn_sconv = rar->sconv_utf16be; 1611 1612 strp = filename; 1613 while (memcmp(strp, "\x00\x00", 2)) 1614 { 1615 if (!memcmp(strp, "\x00\\", 2)) 1616 *(strp + 1) = '/'; 1617 strp += 2; 1618 } 1619 p += offset; 1620 } else { 1621 /* 1622 * If FHD_UNICODE is set but no unicode data, this file name form 1623 * is UTF-8, so we have to update a string conversion object for 1624 * it accordingly. 1625 */ 1626 if (rar->sconv_utf8 == NULL) { 1627 rar->sconv_utf8 = archive_string_conversion_from_charset( 1628 &a->archive, "UTF-8", 1); 1629 if (rar->sconv_utf8 == NULL) 1630 return (ARCHIVE_FATAL); 1631 } 1632 fn_sconv = rar->sconv_utf8; 1633 while ((strp = strchr(filename, '\\')) != NULL) 1634 *strp = '/'; 1635 p += filename_size; 1636 } 1637 } 1638 else 1639 { 1640 fn_sconv = sconv; 1641 while ((strp = strchr(filename, '\\')) != NULL) 1642 *strp = '/'; 1643 p += filename_size; 1644 } 1645 1646 /* Split file in multivolume RAR. No more need to process header. */ 1647 if (rar->filename_save && 1648 filename_size == rar->filename_save_size && 1649 !memcmp(rar->filename, rar->filename_save, filename_size + 1)) 1650 { 1651 __archive_read_consume(a, header_size - 7); 1652 rar->cursor++; 1653 if (rar->cursor >= rar->nodes) 1654 { 1655 rar->nodes++; 1656 if ((rar->dbo = 1657 realloc(rar->dbo, sizeof(*rar->dbo) * rar->nodes)) == NULL) 1658 { 1659 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory."); 1660 return (ARCHIVE_FATAL); 1661 } 1662 rar->dbo[rar->cursor].header_size = header_size; 1663 rar->dbo[rar->cursor].start_offset = -1; 1664 rar->dbo[rar->cursor].end_offset = -1; 1665 } 1666 if (rar->dbo[rar->cursor].start_offset < 0) 1667 { 1668 rar->dbo[rar->cursor].start_offset = a->filter->position; 1669 rar->dbo[rar->cursor].end_offset = rar->dbo[rar->cursor].start_offset + 1670 rar->packed_size; 1671 } 1672 return ret; 1673 } 1674 else if (rar->filename_must_match) 1675 { 1676 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1677 "Mismatch of file parts split across multi-volume archive"); 1678 return (ARCHIVE_FATAL); 1679 } 1680 1681 rar->filename_save = (char*)realloc(rar->filename_save, 1682 filename_size + 1); 1683 memcpy(rar->filename_save, rar->filename, filename_size + 1); 1684 rar->filename_save_size = filename_size; 1685 1686 /* Set info for seeking */ 1687 free(rar->dbo); 1688 if ((rar->dbo = calloc(1, sizeof(*rar->dbo))) == NULL) 1689 { 1690 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory."); 1691 return (ARCHIVE_FATAL); 1692 } 1693 rar->dbo[0].header_size = header_size; 1694 rar->dbo[0].start_offset = -1; 1695 rar->dbo[0].end_offset = -1; 1696 rar->cursor = 0; 1697 rar->nodes = 1; 1698 1699 if (rar->file_flags & FHD_SALT) 1700 { 1701 if (p + 8 > endp) { 1702 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1703 "Invalid header size"); 1704 return (ARCHIVE_FATAL); 1705 } 1706 memcpy(rar->salt, p, 8); 1707 p += 8; 1708 } 1709 1710 if (rar->file_flags & FHD_EXTTIME) { 1711 if (read_exttime(p, rar, endp) < 0) { 1712 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1713 "Invalid header size"); 1714 return (ARCHIVE_FATAL); 1715 } 1716 } 1717 1718 __archive_read_consume(a, header_size - 7); 1719 rar->dbo[0].start_offset = a->filter->position; 1720 rar->dbo[0].end_offset = rar->dbo[0].start_offset + rar->packed_size; 1721 1722 switch(file_header.host_os) 1723 { 1724 case OS_MSDOS: 1725 case OS_OS2: 1726 case OS_WIN32: 1727 rar->mode = archive_le32dec(file_header.file_attr); 1728 if (rar->mode & FILE_ATTRIBUTE_DIRECTORY) 1729 rar->mode = AE_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH; 1730 else 1731 rar->mode = AE_IFREG; 1732 rar->mode |= S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH; 1733 break; 1734 1735 case OS_UNIX: 1736 case OS_MAC_OS: 1737 case OS_BEOS: 1738 rar->mode = archive_le32dec(file_header.file_attr); 1739 break; 1740 1741 default: 1742 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1743 "Unknown file attributes from RAR file's host OS"); 1744 return (ARCHIVE_FATAL); 1745 } 1746 1747 rar->bytes_uncopied = rar->bytes_unconsumed = 0; 1748 rar->lzss.position = rar->offset = 0; 1749 rar->offset_seek = 0; 1750 rar->dictionary_size = 0; 1751 rar->offset_outgoing = 0; 1752 rar->br.cache_avail = 0; 1753 rar->br.avail_in = 0; 1754 rar->crc_calculated = 0; 1755 rar->entry_eof = 0; 1756 rar->valid = 1; 1757 rar->is_ppmd_block = 0; 1758 rar->start_new_table = 1; 1759 free(rar->unp_buffer); 1760 rar->unp_buffer = NULL; 1761 rar->unp_offset = 0; 1762 rar->unp_buffer_size = UNP_BUFFER_SIZE; 1763 memset(rar->lengthtable, 0, sizeof(rar->lengthtable)); 1764 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); 1765 rar->ppmd_valid = rar->ppmd_eod = 0; 1766 rar->filters.filterstart = INT64_MAX; 1767 1768 /* Don't set any archive entries for non-file header types */ 1769 if (head_type == NEWSUB_HEAD) 1770 return ret; 1771 1772 archive_entry_set_mtime(entry, rar->mtime, rar->mnsec); 1773 archive_entry_set_ctime(entry, rar->ctime, rar->cnsec); 1774 archive_entry_set_atime(entry, rar->atime, rar->ansec); 1775 archive_entry_set_size(entry, rar->unp_size); 1776 archive_entry_set_mode(entry, rar->mode); 1777 1778 if (archive_entry_copy_pathname_l(entry, filename, filename_size, fn_sconv)) 1779 { 1780 if (errno == ENOMEM) 1781 { 1782 archive_set_error(&a->archive, ENOMEM, 1783 "Can't allocate memory for Pathname"); 1784 return (ARCHIVE_FATAL); 1785 } 1786 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1787 "Pathname cannot be converted from %s to current locale.", 1788 archive_string_conversion_charset_name(fn_sconv)); 1789 ret = (ARCHIVE_WARN); 1790 } 1791 1792 if (((rar->mode) & AE_IFMT) == AE_IFLNK) 1793 { 1794 /* Make sure a symbolic-link file does not have its body. */ 1795 rar->bytes_remaining = 0; 1796 archive_entry_set_size(entry, 0); 1797 1798 /* Read a symbolic-link name. */ 1799 if ((ret2 = read_symlink_stored(a, entry, sconv)) < (ARCHIVE_WARN)) 1800 return ret2; 1801 if (ret > ret2) 1802 ret = ret2; 1803 } 1804 1805 if (rar->bytes_remaining == 0) 1806 rar->entry_eof = 1; 1807 1808 return ret; 1809 } 1810 1811 static time_t 1812 get_time(int ttime) 1813 { 1814 struct tm tm; 1815 tm.tm_sec = 2 * (ttime & 0x1f); 1816 tm.tm_min = (ttime >> 5) & 0x3f; 1817 tm.tm_hour = (ttime >> 11) & 0x1f; 1818 tm.tm_mday = (ttime >> 16) & 0x1f; 1819 tm.tm_mon = ((ttime >> 21) & 0x0f) - 1; 1820 tm.tm_year = ((ttime >> 25) & 0x7f) + 80; 1821 tm.tm_isdst = -1; 1822 return mktime(&tm); 1823 } 1824 1825 static int 1826 read_exttime(const char *p, struct rar *rar, const char *endp) 1827 { 1828 unsigned rmode, flags, rem, j, count; 1829 int ttime, i; 1830 struct tm *tm; 1831 time_t t; 1832 long nsec; 1833 #if defined(HAVE_LOCALTIME_R) || defined(HAVE_LOCALTIME_S) 1834 struct tm tmbuf; 1835 #endif 1836 1837 if (p + 2 > endp) 1838 return (-1); 1839 flags = archive_le16dec(p); 1840 p += 2; 1841 1842 for (i = 3; i >= 0; i--) 1843 { 1844 t = 0; 1845 if (i == 3) 1846 t = rar->mtime; 1847 rmode = flags >> i * 4; 1848 if (rmode & 8) 1849 { 1850 if (!t) 1851 { 1852 if (p + 4 > endp) 1853 return (-1); 1854 ttime = archive_le32dec(p); 1855 t = get_time(ttime); 1856 p += 4; 1857 } 1858 rem = 0; 1859 count = rmode & 3; 1860 if (p + count > endp) 1861 return (-1); 1862 for (j = 0; j < count; j++) 1863 { 1864 rem = (((unsigned)(unsigned char)*p) << 16) | (rem >> 8); 1865 p++; 1866 } 1867 #if defined(HAVE_LOCALTIME_S) 1868 tm = localtime_s(&tmbuf, &t) ? NULL : &tmbuf; 1869 #elif defined(HAVE_LOCALTIME_R) 1870 tm = localtime_r(&t, &tmbuf); 1871 #else 1872 tm = localtime(&t); 1873 #endif 1874 nsec = tm->tm_sec + rem / NS_UNIT; 1875 if (rmode & 4) 1876 { 1877 tm->tm_sec++; 1878 t = mktime(tm); 1879 } 1880 if (i == 3) 1881 { 1882 rar->mtime = t; 1883 rar->mnsec = nsec; 1884 } 1885 else if (i == 2) 1886 { 1887 rar->ctime = t; 1888 rar->cnsec = nsec; 1889 } 1890 else if (i == 1) 1891 { 1892 rar->atime = t; 1893 rar->ansec = nsec; 1894 } 1895 else 1896 { 1897 rar->arctime = t; 1898 rar->arcnsec = nsec; 1899 } 1900 } 1901 } 1902 return (0); 1903 } 1904 1905 static int 1906 read_symlink_stored(struct archive_read *a, struct archive_entry *entry, 1907 struct archive_string_conv *sconv) 1908 { 1909 const void *h; 1910 const char *p; 1911 struct rar *rar; 1912 int ret = (ARCHIVE_OK); 1913 1914 rar = (struct rar *)(a->format->data); 1915 if ((h = rar_read_ahead(a, (size_t)rar->packed_size, NULL)) == NULL) 1916 return (ARCHIVE_FATAL); 1917 p = h; 1918 1919 if (archive_entry_copy_symlink_l(entry, 1920 p, (size_t)rar->packed_size, sconv)) 1921 { 1922 if (errno == ENOMEM) 1923 { 1924 archive_set_error(&a->archive, ENOMEM, 1925 "Can't allocate memory for link"); 1926 return (ARCHIVE_FATAL); 1927 } 1928 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1929 "link cannot be converted from %s to current locale.", 1930 archive_string_conversion_charset_name(sconv)); 1931 ret = (ARCHIVE_WARN); 1932 } 1933 __archive_read_consume(a, rar->packed_size); 1934 return ret; 1935 } 1936 1937 static int 1938 read_data_stored(struct archive_read *a, const void **buff, size_t *size, 1939 int64_t *offset) 1940 { 1941 struct rar *rar; 1942 ssize_t bytes_avail; 1943 1944 rar = (struct rar *)(a->format->data); 1945 if (rar->bytes_remaining == 0 && 1946 !(rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER)) 1947 { 1948 *buff = NULL; 1949 *size = 0; 1950 *offset = rar->offset; 1951 if (rar->file_crc != rar->crc_calculated) { 1952 #ifndef DONT_FAIL_ON_CRC_ERROR 1953 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1954 "File CRC error"); 1955 return (ARCHIVE_FATAL); 1956 #endif 1957 } 1958 rar->entry_eof = 1; 1959 return (ARCHIVE_EOF); 1960 } 1961 1962 *buff = rar_read_ahead(a, 1, &bytes_avail); 1963 if (bytes_avail <= 0) 1964 { 1965 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1966 "Truncated RAR file data"); 1967 return (ARCHIVE_FATAL); 1968 } 1969 1970 *size = bytes_avail; 1971 *offset = rar->offset; 1972 rar->offset += bytes_avail; 1973 rar->offset_seek += bytes_avail; 1974 rar->bytes_remaining -= bytes_avail; 1975 rar->bytes_unconsumed = bytes_avail; 1976 /* Calculate File CRC. */ 1977 rar->crc_calculated = crc32(rar->crc_calculated, *buff, 1978 (unsigned)bytes_avail); 1979 return (ARCHIVE_OK); 1980 } 1981 1982 static int 1983 read_data_compressed(struct archive_read *a, const void **buff, size_t *size, 1984 int64_t *offset, size_t looper) 1985 { 1986 if (looper++ > MAX_COMPRESS_DEPTH) 1987 return (ARCHIVE_FATAL); 1988 1989 struct rar *rar; 1990 int64_t start, end; 1991 size_t bs; 1992 int ret = (ARCHIVE_OK), sym, code, lzss_offset, length, i; 1993 1994 rar = (struct rar *)(a->format->data); 1995 1996 do { 1997 if (!rar->valid) 1998 return (ARCHIVE_FATAL); 1999 2000 if (rar->filters.bytes_ready > 0) 2001 { 2002 /* Flush unp_buffer first */ 2003 if (rar->unp_offset > 0) 2004 { 2005 *buff = rar->unp_buffer; 2006 *size = rar->unp_offset; 2007 rar->unp_offset = 0; 2008 *offset = rar->offset_outgoing; 2009 rar->offset_outgoing += *size; 2010 } 2011 else 2012 { 2013 *buff = rar->filters.bytes; 2014 *size = rar->filters.bytes_ready; 2015 2016 rar->offset += *size; 2017 *offset = rar->offset_outgoing; 2018 rar->offset_outgoing += *size; 2019 2020 rar->filters.bytes_ready -= *size; 2021 rar->filters.bytes += *size; 2022 } 2023 goto ending_block; 2024 } 2025 2026 if (rar->ppmd_eod || 2027 (rar->dictionary_size && rar->offset >= rar->unp_size)) 2028 { 2029 if (rar->unp_offset > 0) { 2030 /* 2031 * We have unprocessed extracted data. write it out. 2032 */ 2033 *buff = rar->unp_buffer; 2034 *size = rar->unp_offset; 2035 *offset = rar->offset_outgoing; 2036 rar->offset_outgoing += *size; 2037 /* Calculate File CRC. */ 2038 rar->crc_calculated = crc32(rar->crc_calculated, *buff, 2039 (unsigned)*size); 2040 rar->unp_offset = 0; 2041 return (ARCHIVE_OK); 2042 } 2043 *buff = NULL; 2044 *size = 0; 2045 *offset = rar->offset; 2046 if (rar->file_crc != rar->crc_calculated) { 2047 #ifndef DONT_FAIL_ON_CRC_ERROR 2048 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2049 "File CRC error"); 2050 return (ARCHIVE_FATAL); 2051 #endif 2052 } 2053 rar->entry_eof = 1; 2054 return (ARCHIVE_EOF); 2055 } 2056 2057 if (!rar->is_ppmd_block && rar->dictionary_size && rar->bytes_uncopied > 0) 2058 { 2059 if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset)) 2060 bs = rar->unp_buffer_size - rar->unp_offset; 2061 else 2062 bs = (size_t)rar->bytes_uncopied; 2063 ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs); 2064 if (ret != ARCHIVE_OK) 2065 return (ret); 2066 rar->offset += bs; 2067 rar->bytes_uncopied -= bs; 2068 if (*buff != NULL) { 2069 rar->unp_offset = 0; 2070 *size = rar->unp_buffer_size; 2071 *offset = rar->offset_outgoing; 2072 rar->offset_outgoing += *size; 2073 /* Calculate File CRC. */ 2074 rar->crc_calculated = crc32(rar->crc_calculated, *buff, 2075 (unsigned)*size); 2076 return (ret); 2077 } 2078 continue; 2079 } 2080 2081 if (rar->filters.lastend == rar->filters.filterstart) 2082 { 2083 if (!run_filters(a)) 2084 return (ARCHIVE_FATAL); 2085 continue; 2086 } 2087 2088 if (!rar->br.next_in && 2089 (ret = rar_br_preparation(a, &(rar->br))) < ARCHIVE_WARN) 2090 return (ret); 2091 if (rar->start_new_table && ((ret = parse_codes(a)) < (ARCHIVE_WARN))) 2092 return (ret); 2093 2094 if (rar->is_ppmd_block) 2095 { 2096 if ((sym = __archive_ppmd7_functions.Ppmd7_DecodeSymbol( 2097 &rar->ppmd7_context, &rar->range_dec.p)) < 0) 2098 { 2099 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2100 "Invalid symbol"); 2101 return (ARCHIVE_FATAL); 2102 } 2103 if(sym != rar->ppmd_escape) 2104 { 2105 lzss_emit_literal(rar, sym); 2106 rar->bytes_uncopied++; 2107 } 2108 else 2109 { 2110 if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol( 2111 &rar->ppmd7_context, &rar->range_dec.p)) < 0) 2112 { 2113 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2114 "Invalid symbol"); 2115 return (ARCHIVE_FATAL); 2116 } 2117 2118 switch(code) 2119 { 2120 case 0: 2121 rar->start_new_table = 1; 2122 return read_data_compressed(a, buff, size, offset, looper); 2123 2124 case 2: 2125 rar->ppmd_eod = 1;/* End Of ppmd Data. */ 2126 continue; 2127 2128 case 3: 2129 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 2130 "Parsing filters is unsupported."); 2131 return (ARCHIVE_FAILED); 2132 2133 case 4: 2134 lzss_offset = 0; 2135 for (i = 2; i >= 0; i--) 2136 { 2137 if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol( 2138 &rar->ppmd7_context, &rar->range_dec.p)) < 0) 2139 { 2140 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2141 "Invalid symbol"); 2142 return (ARCHIVE_FATAL); 2143 } 2144 lzss_offset |= code << (i * 8); 2145 } 2146 if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol( 2147 &rar->ppmd7_context, &rar->range_dec.p)) < 0) 2148 { 2149 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2150 "Invalid symbol"); 2151 return (ARCHIVE_FATAL); 2152 } 2153 lzss_emit_match(rar, lzss_offset + 2, length + 32); 2154 rar->bytes_uncopied += length + 32; 2155 break; 2156 2157 case 5: 2158 if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol( 2159 &rar->ppmd7_context, &rar->range_dec.p)) < 0) 2160 { 2161 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2162 "Invalid symbol"); 2163 return (ARCHIVE_FATAL); 2164 } 2165 lzss_emit_match(rar, 1, length + 4); 2166 rar->bytes_uncopied += length + 4; 2167 break; 2168 2169 default: 2170 lzss_emit_literal(rar, sym); 2171 rar->bytes_uncopied++; 2172 } 2173 } 2174 } 2175 else 2176 { 2177 start = rar->offset; 2178 end = start + rar->dictionary_size; 2179 if (rar->filters.filterstart < end) { 2180 end = rar->filters.filterstart; 2181 } 2182 2183 ret = expand(a, &end); 2184 if (ret != ARCHIVE_OK) 2185 return (ret); 2186 2187 rar->bytes_uncopied = end - start; 2188 rar->filters.lastend = end; 2189 if (rar->filters.lastend != rar->filters.filterstart && rar->bytes_uncopied == 0) { 2190 /* Broken RAR files cause this case. 2191 * NOTE: If this case were possible on a normal RAR file 2192 * we would find out where it was actually bad and 2193 * what we would do to solve it. */ 2194 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2195 "Internal error extracting RAR file"); 2196 return (ARCHIVE_FATAL); 2197 } 2198 } 2199 if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset)) 2200 bs = rar->unp_buffer_size - rar->unp_offset; 2201 else 2202 bs = (size_t)rar->bytes_uncopied; 2203 ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs); 2204 if (ret != ARCHIVE_OK) 2205 return (ret); 2206 rar->offset += bs; 2207 rar->bytes_uncopied -= bs; 2208 /* 2209 * If *buff is NULL, it means unp_buffer is not full. 2210 * So we have to continue extracting a RAR file. 2211 */ 2212 } while (*buff == NULL); 2213 2214 rar->unp_offset = 0; 2215 *size = rar->unp_buffer_size; 2216 *offset = rar->offset_outgoing; 2217 rar->offset_outgoing += *size; 2218 ending_block: 2219 /* Calculate File CRC. */ 2220 rar->crc_calculated = crc32(rar->crc_calculated, *buff, (unsigned)*size); 2221 return ret; 2222 } 2223 2224 static int 2225 parse_codes(struct archive_read *a) 2226 { 2227 int i, j, val, n, r; 2228 unsigned char bitlengths[MAX_SYMBOLS], zerocount, ppmd_flags; 2229 unsigned int maxorder; 2230 struct huffman_code precode; 2231 struct rar *rar = (struct rar *)(a->format->data); 2232 struct rar_br *br = &(rar->br); 2233 2234 free_codes(a); 2235 2236 /* Skip to the next byte */ 2237 rar_br_consume_unalined_bits(br); 2238 2239 /* PPMd block flag */ 2240 if (!rar_br_read_ahead(a, br, 1)) 2241 goto truncated_data; 2242 if ((rar->is_ppmd_block = rar_br_bits(br, 1)) != 0) 2243 { 2244 rar_br_consume(br, 1); 2245 if (!rar_br_read_ahead(a, br, 7)) 2246 goto truncated_data; 2247 ppmd_flags = rar_br_bits(br, 7); 2248 rar_br_consume(br, 7); 2249 2250 /* Memory is allocated in MB */ 2251 if (ppmd_flags & 0x20) 2252 { 2253 if (!rar_br_read_ahead(a, br, 8)) 2254 goto truncated_data; 2255 rar->dictionary_size = (rar_br_bits(br, 8) + 1) << 20; 2256 rar_br_consume(br, 8); 2257 } 2258 2259 if (ppmd_flags & 0x40) 2260 { 2261 if (!rar_br_read_ahead(a, br, 8)) 2262 goto truncated_data; 2263 rar->ppmd_escape = rar->ppmd7_context.InitEsc = rar_br_bits(br, 8); 2264 rar_br_consume(br, 8); 2265 } 2266 else 2267 rar->ppmd_escape = 2; 2268 2269 if (ppmd_flags & 0x20) 2270 { 2271 maxorder = (ppmd_flags & 0x1F) + 1; 2272 if(maxorder > 16) 2273 maxorder = 16 + (maxorder - 16) * 3; 2274 2275 if (maxorder == 1) 2276 { 2277 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2278 "Truncated RAR file data"); 2279 return (ARCHIVE_FATAL); 2280 } 2281 2282 /* Make sure ppmd7_contest is freed before Ppmd7_Construct 2283 * because reading a broken file cause this abnormal sequence. */ 2284 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); 2285 2286 rar->bytein.a = a; 2287 rar->bytein.Read = &ppmd_read; 2288 __archive_ppmd7_functions.PpmdRAR_RangeDec_CreateVTable(&rar->range_dec); 2289 rar->range_dec.Stream = &rar->bytein; 2290 __archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context); 2291 2292 if (rar->dictionary_size == 0) { 2293 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2294 "Invalid zero dictionary size"); 2295 return (ARCHIVE_FATAL); 2296 } 2297 2298 if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context, 2299 rar->dictionary_size)) 2300 { 2301 archive_set_error(&a->archive, ENOMEM, 2302 "Out of memory"); 2303 return (ARCHIVE_FATAL); 2304 } 2305 if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec)) 2306 { 2307 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2308 "Unable to initialize PPMd range decoder"); 2309 return (ARCHIVE_FATAL); 2310 } 2311 __archive_ppmd7_functions.Ppmd7_Init(&rar->ppmd7_context, maxorder); 2312 rar->ppmd_valid = 1; 2313 } 2314 else 2315 { 2316 if (!rar->ppmd_valid) { 2317 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2318 "Invalid PPMd sequence"); 2319 return (ARCHIVE_FATAL); 2320 } 2321 if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec)) 2322 { 2323 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2324 "Unable to initialize PPMd range decoder"); 2325 return (ARCHIVE_FATAL); 2326 } 2327 } 2328 } 2329 else 2330 { 2331 rar_br_consume(br, 1); 2332 2333 /* Keep existing table flag */ 2334 if (!rar_br_read_ahead(a, br, 1)) 2335 goto truncated_data; 2336 if (!rar_br_bits(br, 1)) 2337 memset(rar->lengthtable, 0, sizeof(rar->lengthtable)); 2338 rar_br_consume(br, 1); 2339 2340 memset(&bitlengths, 0, sizeof(bitlengths)); 2341 for (i = 0; i < MAX_SYMBOLS;) 2342 { 2343 if (!rar_br_read_ahead(a, br, 4)) 2344 goto truncated_data; 2345 bitlengths[i++] = rar_br_bits(br, 4); 2346 rar_br_consume(br, 4); 2347 if (bitlengths[i-1] == 0xF) 2348 { 2349 if (!rar_br_read_ahead(a, br, 4)) 2350 goto truncated_data; 2351 zerocount = rar_br_bits(br, 4); 2352 rar_br_consume(br, 4); 2353 if (zerocount) 2354 { 2355 i--; 2356 for (j = 0; j < zerocount + 2 && i < MAX_SYMBOLS; j++) 2357 bitlengths[i++] = 0; 2358 } 2359 } 2360 } 2361 2362 memset(&precode, 0, sizeof(precode)); 2363 r = create_code(a, &precode, bitlengths, MAX_SYMBOLS, MAX_SYMBOL_LENGTH); 2364 if (r != ARCHIVE_OK) { 2365 free(precode.tree); 2366 free(precode.table); 2367 return (r); 2368 } 2369 2370 for (i = 0; i < HUFFMAN_TABLE_SIZE;) 2371 { 2372 if ((val = read_next_symbol(a, &precode)) < 0) { 2373 free(precode.tree); 2374 free(precode.table); 2375 return (ARCHIVE_FATAL); 2376 } 2377 if (val < 16) 2378 { 2379 rar->lengthtable[i] = (rar->lengthtable[i] + val) & 0xF; 2380 i++; 2381 } 2382 else if (val < 18) 2383 { 2384 if (i == 0) 2385 { 2386 free(precode.tree); 2387 free(precode.table); 2388 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2389 "Internal error extracting RAR file."); 2390 return (ARCHIVE_FATAL); 2391 } 2392 2393 if(val == 16) { 2394 if (!rar_br_read_ahead(a, br, 3)) { 2395 free(precode.tree); 2396 free(precode.table); 2397 goto truncated_data; 2398 } 2399 n = rar_br_bits(br, 3) + 3; 2400 rar_br_consume(br, 3); 2401 } else { 2402 if (!rar_br_read_ahead(a, br, 7)) { 2403 free(precode.tree); 2404 free(precode.table); 2405 goto truncated_data; 2406 } 2407 n = rar_br_bits(br, 7) + 11; 2408 rar_br_consume(br, 7); 2409 } 2410 2411 for (j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++) 2412 { 2413 rar->lengthtable[i] = rar->lengthtable[i-1]; 2414 i++; 2415 } 2416 } 2417 else 2418 { 2419 if(val == 18) { 2420 if (!rar_br_read_ahead(a, br, 3)) { 2421 free(precode.tree); 2422 free(precode.table); 2423 goto truncated_data; 2424 } 2425 n = rar_br_bits(br, 3) + 3; 2426 rar_br_consume(br, 3); 2427 } else { 2428 if (!rar_br_read_ahead(a, br, 7)) { 2429 free(precode.tree); 2430 free(precode.table); 2431 goto truncated_data; 2432 } 2433 n = rar_br_bits(br, 7) + 11; 2434 rar_br_consume(br, 7); 2435 } 2436 2437 for(j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++) 2438 rar->lengthtable[i++] = 0; 2439 } 2440 } 2441 free(precode.tree); 2442 free(precode.table); 2443 2444 r = create_code(a, &rar->maincode, &rar->lengthtable[0], MAINCODE_SIZE, 2445 MAX_SYMBOL_LENGTH); 2446 if (r != ARCHIVE_OK) 2447 return (r); 2448 r = create_code(a, &rar->offsetcode, &rar->lengthtable[MAINCODE_SIZE], 2449 OFFSETCODE_SIZE, MAX_SYMBOL_LENGTH); 2450 if (r != ARCHIVE_OK) 2451 return (r); 2452 r = create_code(a, &rar->lowoffsetcode, 2453 &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE], 2454 LOWOFFSETCODE_SIZE, MAX_SYMBOL_LENGTH); 2455 if (r != ARCHIVE_OK) 2456 return (r); 2457 r = create_code(a, &rar->lengthcode, 2458 &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE + 2459 LOWOFFSETCODE_SIZE], LENGTHCODE_SIZE, MAX_SYMBOL_LENGTH); 2460 if (r != ARCHIVE_OK) 2461 return (r); 2462 } 2463 2464 if (!rar->dictionary_size || !rar->lzss.window) 2465 { 2466 /* Seems as though dictionary sizes are not used. Even so, minimize 2467 * memory usage as much as possible. 2468 */ 2469 void *new_window; 2470 unsigned int new_size; 2471 2472 if (rar->unp_size >= DICTIONARY_MAX_SIZE) 2473 new_size = DICTIONARY_MAX_SIZE; 2474 else 2475 new_size = rar_fls((unsigned int)rar->unp_size) << 1; 2476 if (new_size == 0) { 2477 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2478 "Zero window size is invalid."); 2479 return (ARCHIVE_FATAL); 2480 } 2481 new_window = realloc(rar->lzss.window, new_size); 2482 if (new_window == NULL) { 2483 archive_set_error(&a->archive, ENOMEM, 2484 "Unable to allocate memory for uncompressed data."); 2485 return (ARCHIVE_FATAL); 2486 } 2487 rar->lzss.window = (unsigned char *)new_window; 2488 rar->dictionary_size = new_size; 2489 memset(rar->lzss.window, 0, rar->dictionary_size); 2490 rar->lzss.mask = rar->dictionary_size - 1; 2491 } 2492 2493 rar->start_new_table = 0; 2494 return (ARCHIVE_OK); 2495 truncated_data: 2496 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2497 "Truncated RAR file data"); 2498 rar->valid = 0; 2499 return (ARCHIVE_FATAL); 2500 } 2501 2502 static void 2503 free_codes(struct archive_read *a) 2504 { 2505 struct rar *rar = (struct rar *)(a->format->data); 2506 free(rar->maincode.tree); 2507 free(rar->offsetcode.tree); 2508 free(rar->lowoffsetcode.tree); 2509 free(rar->lengthcode.tree); 2510 free(rar->maincode.table); 2511 free(rar->offsetcode.table); 2512 free(rar->lowoffsetcode.table); 2513 free(rar->lengthcode.table); 2514 memset(&rar->maincode, 0, sizeof(rar->maincode)); 2515 memset(&rar->offsetcode, 0, sizeof(rar->offsetcode)); 2516 memset(&rar->lowoffsetcode, 0, sizeof(rar->lowoffsetcode)); 2517 memset(&rar->lengthcode, 0, sizeof(rar->lengthcode)); 2518 } 2519 2520 2521 static int 2522 read_next_symbol(struct archive_read *a, struct huffman_code *code) 2523 { 2524 unsigned char bit; 2525 unsigned int bits; 2526 int length, value, node; 2527 struct rar *rar; 2528 struct rar_br *br; 2529 2530 if (!code->table) 2531 { 2532 if (make_table(a, code) != (ARCHIVE_OK)) 2533 return -1; 2534 } 2535 2536 rar = (struct rar *)(a->format->data); 2537 br = &(rar->br); 2538 2539 /* Look ahead (peek) at bits */ 2540 if (!rar_br_read_ahead(a, br, code->tablesize)) { 2541 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2542 "Truncated RAR file data"); 2543 rar->valid = 0; 2544 return -1; 2545 } 2546 bits = rar_br_bits(br, code->tablesize); 2547 2548 length = code->table[bits].length; 2549 value = code->table[bits].value; 2550 2551 if (length < 0) 2552 { 2553 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2554 "Invalid prefix code in bitstream"); 2555 return -1; 2556 } 2557 2558 if (length <= code->tablesize) 2559 { 2560 /* Skip length bits */ 2561 rar_br_consume(br, length); 2562 return value; 2563 } 2564 2565 /* Skip tablesize bits */ 2566 rar_br_consume(br, code->tablesize); 2567 2568 node = value; 2569 while (!(code->tree[node].branches[0] == 2570 code->tree[node].branches[1])) 2571 { 2572 if (!rar_br_read_ahead(a, br, 1)) { 2573 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2574 "Truncated RAR file data"); 2575 rar->valid = 0; 2576 return -1; 2577 } 2578 bit = rar_br_bits(br, 1); 2579 rar_br_consume(br, 1); 2580 2581 if (code->tree[node].branches[bit] < 0) 2582 { 2583 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2584 "Invalid prefix code in bitstream"); 2585 return -1; 2586 } 2587 node = code->tree[node].branches[bit]; 2588 } 2589 2590 return code->tree[node].branches[0]; 2591 } 2592 2593 static int 2594 create_code(struct archive_read *a, struct huffman_code *code, 2595 unsigned char *lengths, int numsymbols, char maxlength) 2596 { 2597 int i, j, codebits = 0, symbolsleft = numsymbols; 2598 2599 code->numentries = 0; 2600 code->numallocatedentries = 0; 2601 if (new_node(code) < 0) { 2602 archive_set_error(&a->archive, ENOMEM, 2603 "Unable to allocate memory for node data."); 2604 return (ARCHIVE_FATAL); 2605 } 2606 code->numentries = 1; 2607 code->minlength = INT_MAX; 2608 code->maxlength = INT_MIN; 2609 codebits = 0; 2610 for(i = 1; i <= maxlength; i++) 2611 { 2612 for(j = 0; j < numsymbols; j++) 2613 { 2614 if (lengths[j] != i) continue; 2615 if (add_value(a, code, j, codebits, i) != ARCHIVE_OK) 2616 return (ARCHIVE_FATAL); 2617 codebits++; 2618 if (--symbolsleft <= 0) 2619 break; 2620 } 2621 if (symbolsleft <= 0) 2622 break; 2623 codebits <<= 1; 2624 } 2625 return (ARCHIVE_OK); 2626 } 2627 2628 static int 2629 add_value(struct archive_read *a, struct huffman_code *code, int value, 2630 int codebits, int length) 2631 { 2632 int lastnode, bitpos, bit; 2633 /* int repeatpos, repeatnode, nextnode; */ 2634 2635 free(code->table); 2636 code->table = NULL; 2637 2638 if(length > code->maxlength) 2639 code->maxlength = length; 2640 if(length < code->minlength) 2641 code->minlength = length; 2642 2643 /* 2644 * Dead code, repeatpos was is -1 2645 * 2646 repeatpos = -1; 2647 if (repeatpos == 0 || (repeatpos >= 0 2648 && (((codebits >> (repeatpos - 1)) & 3) == 0 2649 || ((codebits >> (repeatpos - 1)) & 3) == 3))) 2650 { 2651 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2652 "Invalid repeat position"); 2653 return (ARCHIVE_FATAL); 2654 } 2655 */ 2656 2657 lastnode = 0; 2658 for (bitpos = length - 1; bitpos >= 0; bitpos--) 2659 { 2660 bit = (codebits >> bitpos) & 1; 2661 2662 /* Leaf node check */ 2663 if (code->tree[lastnode].branches[0] == 2664 code->tree[lastnode].branches[1]) 2665 { 2666 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2667 "Prefix found"); 2668 return (ARCHIVE_FATAL); 2669 } 2670 2671 /* 2672 * Dead code, repeatpos was -1, bitpos >=0 2673 * 2674 if (bitpos == repeatpos) 2675 { 2676 * Open branch check * 2677 if (!(code->tree[lastnode].branches[bit] < 0)) 2678 { 2679 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2680 "Invalid repeating code"); 2681 return (ARCHIVE_FATAL); 2682 } 2683 2684 if ((repeatnode = new_node(code)) < 0) { 2685 archive_set_error(&a->archive, ENOMEM, 2686 "Unable to allocate memory for node data."); 2687 return (ARCHIVE_FATAL); 2688 } 2689 if ((nextnode = new_node(code)) < 0) { 2690 archive_set_error(&a->archive, ENOMEM, 2691 "Unable to allocate memory for node data."); 2692 return (ARCHIVE_FATAL); 2693 } 2694 2695 * Set branches * 2696 code->tree[lastnode].branches[bit] = repeatnode; 2697 code->tree[repeatnode].branches[bit] = repeatnode; 2698 code->tree[repeatnode].branches[bit^1] = nextnode; 2699 lastnode = nextnode; 2700 2701 bitpos++; * terminating bit already handled, skip it * 2702 } 2703 else 2704 { 2705 */ 2706 /* Open branch check */ 2707 if (code->tree[lastnode].branches[bit] < 0) 2708 { 2709 if (new_node(code) < 0) { 2710 archive_set_error(&a->archive, ENOMEM, 2711 "Unable to allocate memory for node data."); 2712 return (ARCHIVE_FATAL); 2713 } 2714 code->tree[lastnode].branches[bit] = code->numentries++; 2715 } 2716 2717 /* set to branch */ 2718 lastnode = code->tree[lastnode].branches[bit]; 2719 /* } */ 2720 } 2721 2722 if (!(code->tree[lastnode].branches[0] == -1 2723 && code->tree[lastnode].branches[1] == -2)) 2724 { 2725 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2726 "Prefix found"); 2727 return (ARCHIVE_FATAL); 2728 } 2729 2730 /* Set leaf value */ 2731 code->tree[lastnode].branches[0] = value; 2732 code->tree[lastnode].branches[1] = value; 2733 2734 return (ARCHIVE_OK); 2735 } 2736 2737 static int 2738 new_node(struct huffman_code *code) 2739 { 2740 void *new_tree; 2741 if (code->numallocatedentries == code->numentries) { 2742 int new_num_entries = 256; 2743 if (code->numentries > 0) { 2744 new_num_entries = code->numentries * 2; 2745 } 2746 new_tree = realloc(code->tree, new_num_entries * sizeof(*code->tree)); 2747 if (new_tree == NULL) 2748 return (-1); 2749 code->tree = (struct huffman_tree_node *)new_tree; 2750 code->numallocatedentries = new_num_entries; 2751 } 2752 code->tree[code->numentries].branches[0] = -1; 2753 code->tree[code->numentries].branches[1] = -2; 2754 return 1; 2755 } 2756 2757 static int 2758 make_table(struct archive_read *a, struct huffman_code *code) 2759 { 2760 if (code->maxlength < code->minlength || code->maxlength > 10) 2761 code->tablesize = 10; 2762 else 2763 code->tablesize = code->maxlength; 2764 2765 code->table = 2766 (struct huffman_table_entry *)calloc(1, sizeof(*code->table) 2767 * ((size_t)1 << code->tablesize)); 2768 2769 return make_table_recurse(a, code, 0, code->table, 0, code->tablesize); 2770 } 2771 2772 static int 2773 make_table_recurse(struct archive_read *a, struct huffman_code *code, int node, 2774 struct huffman_table_entry *table, int depth, 2775 int maxdepth) 2776 { 2777 int currtablesize, i, ret = (ARCHIVE_OK); 2778 2779 if (!code->tree) 2780 { 2781 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2782 "Huffman tree was not created."); 2783 return (ARCHIVE_FATAL); 2784 } 2785 if (node < 0 || node >= code->numentries) 2786 { 2787 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2788 "Invalid location to Huffman tree specified."); 2789 return (ARCHIVE_FATAL); 2790 } 2791 2792 currtablesize = 1 << (maxdepth - depth); 2793 2794 if (code->tree[node].branches[0] == 2795 code->tree[node].branches[1]) 2796 { 2797 for(i = 0; i < currtablesize; i++) 2798 { 2799 table[i].length = depth; 2800 table[i].value = code->tree[node].branches[0]; 2801 } 2802 } 2803 /* 2804 * Dead code, node >= 0 2805 * 2806 else if (node < 0) 2807 { 2808 for(i = 0; i < currtablesize; i++) 2809 table[i].length = -1; 2810 } 2811 */ 2812 else 2813 { 2814 if(depth == maxdepth) 2815 { 2816 table[0].length = maxdepth + 1; 2817 table[0].value = node; 2818 } 2819 else 2820 { 2821 ret |= make_table_recurse(a, code, code->tree[node].branches[0], table, 2822 depth + 1, maxdepth); 2823 ret |= make_table_recurse(a, code, code->tree[node].branches[1], 2824 table + currtablesize / 2, depth + 1, maxdepth); 2825 } 2826 } 2827 return ret; 2828 } 2829 2830 static int 2831 expand(struct archive_read *a, int64_t *end) 2832 { 2833 static const unsigned char lengthbases[] = 2834 { 0, 1, 2, 3, 4, 5, 6, 2835 7, 8, 10, 12, 14, 16, 20, 2836 24, 28, 32, 40, 48, 56, 64, 2837 80, 96, 112, 128, 160, 192, 224 }; 2838 static const unsigned char lengthbits[] = 2839 { 0, 0, 0, 0, 0, 0, 0, 2840 0, 1, 1, 1, 1, 2, 2, 2841 2, 2, 3, 3, 3, 3, 4, 2842 4, 4, 4, 5, 5, 5, 5 }; 2843 static const int lengthb_min = minimum( 2844 (int)(sizeof(lengthbases)/sizeof(lengthbases[0])), 2845 (int)(sizeof(lengthbits)/sizeof(lengthbits[0])) 2846 ); 2847 static const unsigned int offsetbases[] = 2848 { 0, 1, 2, 3, 4, 6, 2849 8, 12, 16, 24, 32, 48, 2850 64, 96, 128, 192, 256, 384, 2851 512, 768, 1024, 1536, 2048, 3072, 2852 4096, 6144, 8192, 12288, 16384, 24576, 2853 32768, 49152, 65536, 98304, 131072, 196608, 2854 262144, 327680, 393216, 458752, 524288, 589824, 2855 655360, 720896, 786432, 851968, 917504, 983040, 2856 1048576, 1310720, 1572864, 1835008, 2097152, 2359296, 2857 2621440, 2883584, 3145728, 3407872, 3670016, 3932160 }; 2858 static const unsigned char offsetbits[] = 2859 { 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 2860 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 2861 11, 11, 12, 12, 13, 13, 14, 14, 15, 15, 16, 16, 2862 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 2863 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18 }; 2864 static const int offsetb_min = minimum( 2865 (int)(sizeof(offsetbases)/sizeof(offsetbases[0])), 2866 (int)(sizeof(offsetbits)/sizeof(offsetbits[0])) 2867 ); 2868 static const unsigned char shortbases[] = 2869 { 0, 4, 8, 16, 32, 64, 128, 192 }; 2870 static const unsigned char shortbits[] = 2871 { 2, 2, 3, 4, 5, 6, 6, 6 }; 2872 2873 int symbol, offs, len, offsindex, lensymbol, i, offssymbol, lowoffsetsymbol; 2874 unsigned char newfile; 2875 struct rar *rar = (struct rar *)(a->format->data); 2876 struct rar_br *br = &(rar->br); 2877 2878 if (rar->filters.filterstart < *end) 2879 *end = rar->filters.filterstart; 2880 2881 while (1) 2882 { 2883 if(lzss_position(&rar->lzss) >= *end) { 2884 return (ARCHIVE_OK); 2885 } 2886 2887 if(rar->is_ppmd_block) { 2888 *end = lzss_position(&rar->lzss); 2889 return (ARCHIVE_OK); 2890 } 2891 2892 if ((symbol = read_next_symbol(a, &rar->maincode)) < 0) 2893 return (ARCHIVE_FATAL); 2894 2895 if (symbol < 256) 2896 { 2897 lzss_emit_literal(rar, symbol); 2898 continue; 2899 } 2900 else if (symbol == 256) 2901 { 2902 if (!rar_br_read_ahead(a, br, 1)) 2903 goto truncated_data; 2904 newfile = !rar_br_bits(br, 1); 2905 rar_br_consume(br, 1); 2906 2907 if(newfile) 2908 { 2909 rar->start_new_block = 1; 2910 if (!rar_br_read_ahead(a, br, 1)) 2911 goto truncated_data; 2912 rar->start_new_table = rar_br_bits(br, 1); 2913 rar_br_consume(br, 1); 2914 *end = lzss_position(&rar->lzss); 2915 return (ARCHIVE_OK); 2916 } 2917 else 2918 { 2919 if (parse_codes(a) != ARCHIVE_OK) 2920 return (ARCHIVE_FATAL); 2921 continue; 2922 } 2923 } 2924 else if(symbol==257) 2925 { 2926 if (!read_filter(a, end)) 2927 return (ARCHIVE_FATAL); 2928 continue; 2929 } 2930 else if(symbol==258) 2931 { 2932 if(rar->lastlength == 0) 2933 continue; 2934 2935 offs = rar->lastoffset; 2936 len = rar->lastlength; 2937 } 2938 else if (symbol <= 262) 2939 { 2940 offsindex = symbol - 259; 2941 offs = rar->oldoffset[offsindex]; 2942 2943 if ((lensymbol = read_next_symbol(a, &rar->lengthcode)) < 0) 2944 goto bad_data; 2945 if (lensymbol > lengthb_min) 2946 goto bad_data; 2947 len = lengthbases[lensymbol] + 2; 2948 if (lengthbits[lensymbol] > 0) { 2949 if (!rar_br_read_ahead(a, br, lengthbits[lensymbol])) 2950 goto truncated_data; 2951 len += rar_br_bits(br, lengthbits[lensymbol]); 2952 rar_br_consume(br, lengthbits[lensymbol]); 2953 } 2954 2955 for (i = offsindex; i > 0; i--) 2956 rar->oldoffset[i] = rar->oldoffset[i-1]; 2957 rar->oldoffset[0] = offs; 2958 } 2959 else if(symbol<=270) 2960 { 2961 offs = shortbases[symbol-263] + 1; 2962 if(shortbits[symbol-263] > 0) { 2963 if (!rar_br_read_ahead(a, br, shortbits[symbol-263])) 2964 goto truncated_data; 2965 offs += rar_br_bits(br, shortbits[symbol-263]); 2966 rar_br_consume(br, shortbits[symbol-263]); 2967 } 2968 2969 len = 2; 2970 2971 for(i = 3; i > 0; i--) 2972 rar->oldoffset[i] = rar->oldoffset[i-1]; 2973 rar->oldoffset[0] = offs; 2974 } 2975 else 2976 { 2977 if (symbol-271 > lengthb_min) 2978 goto bad_data; 2979 len = lengthbases[symbol-271]+3; 2980 if(lengthbits[symbol-271] > 0) { 2981 if (!rar_br_read_ahead(a, br, lengthbits[symbol-271])) 2982 goto truncated_data; 2983 len += rar_br_bits(br, lengthbits[symbol-271]); 2984 rar_br_consume(br, lengthbits[symbol-271]); 2985 } 2986 2987 if ((offssymbol = read_next_symbol(a, &rar->offsetcode)) < 0) 2988 goto bad_data; 2989 if (offssymbol > offsetb_min) 2990 goto bad_data; 2991 offs = offsetbases[offssymbol]+1; 2992 if(offsetbits[offssymbol] > 0) 2993 { 2994 if(offssymbol > 9) 2995 { 2996 if(offsetbits[offssymbol] > 4) { 2997 if (!rar_br_read_ahead(a, br, offsetbits[offssymbol] - 4)) 2998 goto truncated_data; 2999 offs += rar_br_bits(br, offsetbits[offssymbol] - 4) << 4; 3000 rar_br_consume(br, offsetbits[offssymbol] - 4); 3001 } 3002 3003 if(rar->numlowoffsetrepeats > 0) 3004 { 3005 rar->numlowoffsetrepeats--; 3006 offs += rar->lastlowoffset; 3007 } 3008 else 3009 { 3010 if ((lowoffsetsymbol = 3011 read_next_symbol(a, &rar->lowoffsetcode)) < 0) 3012 return (ARCHIVE_FATAL); 3013 if(lowoffsetsymbol == 16) 3014 { 3015 rar->numlowoffsetrepeats = 15; 3016 offs += rar->lastlowoffset; 3017 } 3018 else 3019 { 3020 offs += lowoffsetsymbol; 3021 rar->lastlowoffset = lowoffsetsymbol; 3022 } 3023 } 3024 } 3025 else { 3026 if (!rar_br_read_ahead(a, br, offsetbits[offssymbol])) 3027 goto truncated_data; 3028 offs += rar_br_bits(br, offsetbits[offssymbol]); 3029 rar_br_consume(br, offsetbits[offssymbol]); 3030 } 3031 } 3032 3033 if (offs >= 0x40000) 3034 len++; 3035 if (offs >= 0x2000) 3036 len++; 3037 3038 for(i = 3; i > 0; i--) 3039 rar->oldoffset[i] = rar->oldoffset[i-1]; 3040 rar->oldoffset[0] = offs; 3041 } 3042 3043 rar->lastoffset = offs; 3044 rar->lastlength = len; 3045 3046 lzss_emit_match(rar, rar->lastoffset, rar->lastlength); 3047 } 3048 truncated_data: 3049 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 3050 "Truncated RAR file data"); 3051 rar->valid = 0; 3052 return (ARCHIVE_FATAL); 3053 bad_data: 3054 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 3055 "Bad RAR file data"); 3056 return (ARCHIVE_FATAL); 3057 } 3058 3059 static int 3060 copy_from_lzss_window(struct archive_read *a, void *buffer, 3061 int64_t startpos, int length) 3062 { 3063 int windowoffs, firstpart; 3064 struct rar *rar = (struct rar *)(a->format->data); 3065 3066 windowoffs = lzss_offset_for_position(&rar->lzss, startpos); 3067 firstpart = lzss_size(&rar->lzss) - windowoffs; 3068 if (firstpart < 0) { 3069 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 3070 "Bad RAR file data"); 3071 return (ARCHIVE_FATAL); 3072 } 3073 if (firstpart < length) { 3074 memcpy(buffer, &rar->lzss.window[windowoffs], firstpart); 3075 memcpy(buffer, &rar->lzss.window[0], length - firstpart); 3076 } else { 3077 memcpy(buffer, &rar->lzss.window[windowoffs], length); 3078 } 3079 return (ARCHIVE_OK); 3080 } 3081 3082 static int 3083 copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer, 3084 int64_t startpos, int length) 3085 { 3086 int windowoffs, firstpart; 3087 struct rar *rar = (struct rar *)(a->format->data); 3088 3089 if (!rar->unp_buffer) 3090 { 3091 if ((rar->unp_buffer = malloc(rar->unp_buffer_size)) == NULL) 3092 { 3093 archive_set_error(&a->archive, ENOMEM, 3094 "Unable to allocate memory for uncompressed data."); 3095 return (ARCHIVE_FATAL); 3096 } 3097 } 3098 3099 windowoffs = lzss_offset_for_position(&rar->lzss, startpos); 3100 if(windowoffs + length <= lzss_size(&rar->lzss)) { 3101 memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs], 3102 length); 3103 } else if (length <= lzss_size(&rar->lzss)) { 3104 firstpart = lzss_size(&rar->lzss) - windowoffs; 3105 if (firstpart < 0) { 3106 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 3107 "Bad RAR file data"); 3108 return (ARCHIVE_FATAL); 3109 } 3110 if (firstpart < length) { 3111 memcpy(&rar->unp_buffer[rar->unp_offset], 3112 &rar->lzss.window[windowoffs], firstpart); 3113 memcpy(&rar->unp_buffer[rar->unp_offset + firstpart], 3114 &rar->lzss.window[0], length - firstpart); 3115 } else { 3116 memcpy(&rar->unp_buffer[rar->unp_offset], 3117 &rar->lzss.window[windowoffs], length); 3118 } 3119 } else { 3120 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 3121 "Bad RAR file data"); 3122 return (ARCHIVE_FATAL); 3123 } 3124 rar->unp_offset += length; 3125 if (rar->unp_offset >= rar->unp_buffer_size) 3126 *buffer = rar->unp_buffer; 3127 else 3128 *buffer = NULL; 3129 return (ARCHIVE_OK); 3130 } 3131 3132 static const void * 3133 rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail) 3134 { 3135 struct rar *rar = (struct rar *)(a->format->data); 3136 const void *h = __archive_read_ahead(a, min, avail); 3137 int ret; 3138 if (avail) 3139 { 3140 if (a->archive.read_data_is_posix_read && *avail > (ssize_t)a->archive.read_data_requested) 3141 *avail = a->archive.read_data_requested; 3142 if (*avail > rar->bytes_remaining) 3143 *avail = (ssize_t)rar->bytes_remaining; 3144 if (*avail < 0) 3145 return NULL; 3146 else if (*avail == 0 && rar->main_flags & MHD_VOLUME && 3147 rar->file_flags & FHD_SPLIT_AFTER) 3148 { 3149 rar->filename_must_match = 1; 3150 ret = archive_read_format_rar_read_header(a, a->entry); 3151 if (ret == (ARCHIVE_EOF)) 3152 { 3153 rar->has_endarc_header = 1; 3154 ret = archive_read_format_rar_read_header(a, a->entry); 3155 } 3156 rar->filename_must_match = 0; 3157 if (ret != (ARCHIVE_OK)) 3158 return NULL; 3159 return rar_read_ahead(a, min, avail); 3160 } 3161 } 3162 return h; 3163 } 3164 3165 static int 3166 parse_filter(struct archive_read *a, const uint8_t *bytes, uint16_t length, uint8_t flags) 3167 { 3168 struct rar *rar = (struct rar *)(a->format->data); 3169 struct rar_filters *filters = &rar->filters; 3170 3171 struct memory_bit_reader br = { 0 }; 3172 struct rar_program_code *prog; 3173 struct rar_filter *filter, **nextfilter; 3174 3175 uint32_t numprogs, num, blocklength, globaldatalen; 3176 uint8_t *globaldata; 3177 size_t blockstartpos; 3178 uint32_t registers[8] = { 0 }; 3179 uint32_t i; 3180 3181 br.bytes = bytes; 3182 br.length = length; 3183 3184 numprogs = 0; 3185 for (prog = filters->progs; prog; prog = prog->next) 3186 numprogs++; 3187 3188 if ((flags & 0x80)) 3189 { 3190 num = membr_next_rarvm_number(&br); 3191 if (num == 0) 3192 { 3193 delete_filter(filters->stack); 3194 filters->stack = NULL; 3195 delete_program_code(filters->progs); 3196 filters->progs = NULL; 3197 } 3198 else 3199 num--; 3200 if (num > numprogs) { 3201 return 0; 3202 } 3203 filters->lastfilternum = num; 3204 } 3205 else 3206 num = filters->lastfilternum; 3207 3208 prog = filters->progs; 3209 for (i = 0; i < num; i++) 3210 prog = prog->next; 3211 if (prog) 3212 prog->usagecount++; 3213 3214 blockstartpos = membr_next_rarvm_number(&br) + (size_t)lzss_position(&rar->lzss); 3215 if ((flags & 0x40)) 3216 blockstartpos += 258; 3217 if ((flags & 0x20)) 3218 blocklength = membr_next_rarvm_number(&br); 3219 else 3220 blocklength = prog ? prog->oldfilterlength : 0; 3221 3222 registers[3] = PROGRAM_SYSTEM_GLOBAL_ADDRESS; 3223 registers[4] = blocklength; 3224 registers[5] = prog ? prog->usagecount : 0; 3225 registers[7] = VM_MEMORY_SIZE; 3226 3227 if ((flags & 0x10)) 3228 { 3229 uint8_t mask = (uint8_t)membr_bits(&br, 7); 3230 for (i = 0; i < 7; i++) 3231 if ((mask & (1 << i))) 3232 registers[i] = membr_next_rarvm_number(&br); 3233 } 3234 3235 if (!prog) 3236 { 3237 uint32_t len = membr_next_rarvm_number(&br); 3238 uint8_t *bytecode; 3239 struct rar_program_code **next; 3240 3241 if (len == 0 || len > 0x10000) 3242 return 0; 3243 bytecode = malloc(len); 3244 if (!bytecode) 3245 return 0; 3246 for (i = 0; i < len; i++) 3247 bytecode[i] = (uint8_t)membr_bits(&br, 8); 3248 prog = compile_program(bytecode, len); 3249 if (!prog) { 3250 free(bytecode); 3251 return 0; 3252 } 3253 free(bytecode); 3254 next = &filters->progs; 3255 while (*next) 3256 next = &(*next)->next; 3257 *next = prog; 3258 } 3259 prog->oldfilterlength = blocklength; 3260 3261 globaldata = NULL; 3262 globaldatalen = 0; 3263 if ((flags & 0x08)) 3264 { 3265 globaldatalen = membr_next_rarvm_number(&br); 3266 if (globaldatalen > PROGRAM_USER_GLOBAL_SIZE) 3267 return 0; 3268 globaldata = malloc(globaldatalen + PROGRAM_SYSTEM_GLOBAL_SIZE); 3269 if (!globaldata) 3270 return 0; 3271 for (i = 0; i < globaldatalen; i++) 3272 globaldata[i + PROGRAM_SYSTEM_GLOBAL_SIZE] = (uint8_t)membr_bits(&br, 8); 3273 } 3274 3275 if (br.at_eof) 3276 { 3277 free(globaldata); 3278 return 0; 3279 } 3280 3281 filter = create_filter(prog, globaldata, globaldatalen, registers, blockstartpos, blocklength); 3282 free(globaldata); 3283 if (!filter) 3284 return 0; 3285 3286 for (i = 0; i < 7; i++) 3287 archive_le32enc(&filter->globaldata[i * 4], registers[i]); 3288 archive_le32enc(&filter->globaldata[0x1C], blocklength); 3289 archive_le32enc(&filter->globaldata[0x20], 0); 3290 archive_le32enc(&filter->globaldata[0x2C], prog->usagecount); 3291 3292 nextfilter = &filters->stack; 3293 while (*nextfilter) 3294 nextfilter = &(*nextfilter)->next; 3295 *nextfilter = filter; 3296 3297 if (!filters->stack->next) 3298 filters->filterstart = blockstartpos; 3299 3300 return 1; 3301 } 3302 3303 static struct rar_filter * 3304 create_filter(struct rar_program_code *prog, const uint8_t *globaldata, uint32_t globaldatalen, uint32_t registers[8], size_t startpos, uint32_t length) 3305 { 3306 struct rar_filter *filter; 3307 3308 filter = calloc(1, sizeof(*filter)); 3309 if (!filter) 3310 return NULL; 3311 filter->prog = prog; 3312 filter->globaldatalen = globaldatalen > PROGRAM_SYSTEM_GLOBAL_SIZE ? globaldatalen : PROGRAM_SYSTEM_GLOBAL_SIZE; 3313 filter->globaldata = calloc(1, filter->globaldatalen); 3314 if (!filter->globaldata) 3315 return NULL; 3316 if (globaldata) 3317 memcpy(filter->globaldata, globaldata, globaldatalen); 3318 if (registers) 3319 memcpy(filter->initialregisters, registers, sizeof(filter->initialregisters)); 3320 filter->blockstartpos = startpos; 3321 filter->blocklength = length; 3322 3323 return filter; 3324 } 3325 3326 static int 3327 run_filters(struct archive_read *a) 3328 { 3329 struct rar *rar = (struct rar *)(a->format->data); 3330 struct rar_filters *filters = &rar->filters; 3331 struct rar_filter *filter = filters->stack; 3332 struct rar_filter *f; 3333 size_t start, end; 3334 int64_t tend; 3335 uint32_t lastfilteraddress; 3336 uint32_t lastfilterlength; 3337 int ret; 3338 3339 if (filters == NULL || filter == NULL) 3340 return (0); 3341 3342 start = filters->filterstart; 3343 end = start + filter->blocklength; 3344 3345 filters->filterstart = INT64_MAX; 3346 tend = (int64_t)end; 3347 ret = expand(a, &tend); 3348 if (ret != ARCHIVE_OK) 3349 return 0; 3350 3351 /* Check if filter stack was modified in expand() */ 3352 ret = ARCHIVE_FATAL; 3353 f = filters->stack; 3354 while (f) 3355 { 3356 if (f == filter) 3357 { 3358 ret = ARCHIVE_OK; 3359 break; 3360 } 3361 f = f->next; 3362 } 3363 if (ret != ARCHIVE_OK) 3364 return 0; 3365 3366 if (tend < 0) 3367 return 0; 3368 end = (size_t)tend; 3369 if (end != start + filter->blocklength) 3370 return 0; 3371 3372 if (!filters->vm) 3373 { 3374 filters->vm = calloc(1, sizeof(*filters->vm)); 3375 if (!filters->vm) 3376 return 0; 3377 } 3378 3379 ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength); 3380 if (ret != ARCHIVE_OK) 3381 return 0; 3382 if (!execute_filter(a, filter, filters->vm, rar->offset)) 3383 return 0; 3384 3385 lastfilteraddress = filter->filteredblockaddress; 3386 lastfilterlength = filter->filteredblocklength; 3387 filters->stack = filter->next; 3388 filter->next = NULL; 3389 delete_filter(filter); 3390 3391 while ((filter = filters->stack) != NULL && (int64_t)filter->blockstartpos == filters->filterstart && filter->blocklength == lastfilterlength) 3392 { 3393 memmove(&filters->vm->memory[0], &filters->vm->memory[lastfilteraddress], lastfilterlength); 3394 if (!execute_filter(a, filter, filters->vm, rar->offset)) 3395 return 0; 3396 3397 lastfilteraddress = filter->filteredblockaddress; 3398 lastfilterlength = filter->filteredblocklength; 3399 filters->stack = filter->next; 3400 filter->next = NULL; 3401 delete_filter(filter); 3402 } 3403 3404 if (filters->stack) 3405 { 3406 if (filters->stack->blockstartpos < end) 3407 return 0; 3408 filters->filterstart = filters->stack->blockstartpos; 3409 } 3410 3411 filters->lastend = end; 3412 filters->bytes = &filters->vm->memory[lastfilteraddress]; 3413 filters->bytes_ready = lastfilterlength; 3414 3415 return 1; 3416 } 3417 3418 static struct rar_program_code * 3419 compile_program(const uint8_t *bytes, size_t length) 3420 { 3421 struct memory_bit_reader br = { 0 }; 3422 struct rar_program_code *prog; 3423 // uint32_t instrcount = 0; 3424 uint8_t xor; 3425 size_t i; 3426 3427 xor = 0; 3428 for (i = 1; i < length; i++) 3429 xor ^= bytes[i]; 3430 if (!length || xor != bytes[0]) 3431 return NULL; 3432 3433 br.bytes = bytes; 3434 br.length = length; 3435 br.offset = 1; 3436 3437 prog = calloc(1, sizeof(*prog)); 3438 if (!prog) 3439 return NULL; 3440 prog->fingerprint = crc32(0, bytes, (unsigned int)length) | ((uint64_t)length << 32); 3441 3442 if (membr_bits(&br, 1)) 3443 { 3444 prog->staticdatalen = membr_next_rarvm_number(&br) + 1; 3445 prog->staticdata = malloc(prog->staticdatalen); 3446 if (!prog->staticdata) 3447 { 3448 delete_program_code(prog); 3449 return NULL; 3450 } 3451 for (i = 0; i < prog->staticdatalen; i++) 3452 prog->staticdata[i] = (uint8_t)membr_bits(&br, 8); 3453 } 3454 3455 return prog; 3456 } 3457 3458 static void 3459 delete_filter(struct rar_filter *filter) 3460 { 3461 while (filter) 3462 { 3463 struct rar_filter *next = filter->next; 3464 free(filter->globaldata); 3465 free(filter); 3466 filter = next; 3467 } 3468 } 3469 3470 static void 3471 clear_filters(struct rar_filters *filters) 3472 { 3473 delete_filter(filters->stack); 3474 delete_program_code(filters->progs); 3475 free(filters->vm); 3476 } 3477 3478 static void 3479 delete_program_code(struct rar_program_code *prog) 3480 { 3481 while (prog) 3482 { 3483 struct rar_program_code *next = prog->next; 3484 free(prog->staticdata); 3485 free(prog->globalbackup); 3486 free(prog); 3487 prog = next; 3488 } 3489 } 3490 3491 static uint32_t 3492 membr_next_rarvm_number(struct memory_bit_reader *br) 3493 { 3494 uint32_t val; 3495 switch (membr_bits(br, 2)) 3496 { 3497 case 0: 3498 return membr_bits(br, 4); 3499 case 1: 3500 val = membr_bits(br, 8); 3501 if (val >= 16) 3502 return val; 3503 return 0xFFFFFF00 | (val << 4) | membr_bits(br, 4); 3504 case 2: 3505 return membr_bits(br, 16); 3506 default: 3507 return membr_bits(br, 32); 3508 } 3509 } 3510 3511 static inline uint32_t 3512 membr_bits(struct memory_bit_reader *br, int bits) 3513 { 3514 if (bits > br->available && (br->at_eof || !membr_fill(br, bits))) 3515 return 0; 3516 return (uint32_t)((br->bits >> (br->available -= bits)) & (((uint64_t)1 << bits) - 1)); 3517 } 3518 3519 static int 3520 membr_fill(struct memory_bit_reader *br, int bits) 3521 { 3522 while (br->available < bits && br->offset < br->length) 3523 { 3524 br->bits = (br->bits << 8) | br->bytes[br->offset++]; 3525 br->available += 8; 3526 } 3527 if (bits > br->available) 3528 { 3529 br->at_eof = 1; 3530 return 0; 3531 } 3532 return 1; 3533 } 3534 3535 static int 3536 read_filter(struct archive_read *a, int64_t *end) 3537 { 3538 struct rar *rar = (struct rar *)(a->format->data); 3539 uint8_t flags, val, *code; 3540 uint16_t length, i; 3541 3542 if (!rar_decode_byte(a, &flags)) 3543 return 0; 3544 length = (flags & 0x07) + 1; 3545 if (length == 7) 3546 { 3547 if (!rar_decode_byte(a, &val)) 3548 return 0; 3549 length = val + 7; 3550 } 3551 else if (length == 8) 3552 { 3553 if (!rar_decode_byte(a, &val)) 3554 return 0; 3555 length = val << 8; 3556 if (!rar_decode_byte(a, &val)) 3557 return 0; 3558 length |= val; 3559 } 3560 3561 code = malloc(length); 3562 if (!code) 3563 return 0; 3564 for (i = 0; i < length; i++) 3565 { 3566 if (!rar_decode_byte(a, &code[i])) 3567 { 3568 free(code); 3569 return 0; 3570 } 3571 } 3572 if (!parse_filter(a, code, length, flags)) 3573 { 3574 free(code); 3575 return 0; 3576 } 3577 free(code); 3578 3579 if (rar->filters.filterstart < *end) 3580 *end = rar->filters.filterstart; 3581 3582 return 1; 3583 } 3584 3585 static int 3586 execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm) 3587 { 3588 uint32_t length = filter->initialregisters[4]; 3589 uint32_t numchannels = filter->initialregisters[0]; 3590 uint8_t *src, *dst; 3591 uint32_t i, idx; 3592 3593 if (length > PROGRAM_WORK_SIZE / 2) 3594 return 0; 3595 3596 src = &vm->memory[0]; 3597 dst = &vm->memory[length]; 3598 for (i = 0; i < numchannels; i++) 3599 { 3600 uint8_t lastbyte = 0; 3601 for (idx = i; idx < length; idx += numchannels) 3602 lastbyte = dst[idx] = lastbyte - *src++; 3603 } 3604 3605 filter->filteredblockaddress = length; 3606 filter->filteredblocklength = length; 3607 3608 return 1; 3609 } 3610 3611 static int 3612 execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, size_t pos, int e9also) 3613 { 3614 uint32_t length = filter->initialregisters[4]; 3615 uint32_t filesize = 0x1000000; 3616 uint32_t i; 3617 3618 if (length > PROGRAM_WORK_SIZE || length < 4) 3619 return 0; 3620 3621 for (i = 0; i <= length - 5; i++) 3622 { 3623 if (vm->memory[i] == 0xE8 || (e9also && vm->memory[i] == 0xE9)) 3624 { 3625 uint32_t currpos = (uint32_t)pos + i + 1; 3626 int32_t address = (int32_t)vm_read_32(vm, i + 1); 3627 if (address < 0 && currpos >= (uint32_t)-address) 3628 vm_write_32(vm, i + 1, address + filesize); 3629 else if (address >= 0 && (uint32_t)address < filesize) 3630 vm_write_32(vm, i + 1, address - currpos); 3631 i += 4; 3632 } 3633 } 3634 3635 filter->filteredblockaddress = 0; 3636 filter->filteredblocklength = length; 3637 3638 return 1; 3639 } 3640 3641 static int 3642 execute_filter_rgb(struct rar_filter *filter, struct rar_virtual_machine *vm) 3643 { 3644 uint32_t stride = filter->initialregisters[0]; 3645 uint32_t byteoffset = filter->initialregisters[1]; 3646 uint32_t blocklength = filter->initialregisters[4]; 3647 uint8_t *src, *dst; 3648 uint32_t i, j; 3649 3650 if (blocklength > PROGRAM_WORK_SIZE / 2 || stride > blocklength) 3651 return 0; 3652 3653 src = &vm->memory[0]; 3654 dst = &vm->memory[blocklength]; 3655 for (i = 0; i < 3; i++) { 3656 uint8_t byte = 0; 3657 uint8_t *prev = dst + i - stride; 3658 for (j = i; j < blocklength; j += 3) 3659 { 3660 if (prev >= dst) 3661 { 3662 uint32_t delta1 = abs(prev[3] - prev[0]); 3663 uint32_t delta2 = abs(byte - prev[0]); 3664 uint32_t delta3 = abs(prev[3] - prev[0] + byte - prev[0]); 3665 if (delta1 > delta2 || delta1 > delta3) 3666 byte = delta2 <= delta3 ? prev[3] : prev[0]; 3667 } 3668 byte -= *src++; 3669 dst[j] = byte; 3670 prev += 3; 3671 } 3672 } 3673 for (i = byteoffset; i < blocklength - 2; i += 3) 3674 { 3675 dst[i] += dst[i + 1]; 3676 dst[i + 2] += dst[i + 1]; 3677 } 3678 3679 filter->filteredblockaddress = blocklength; 3680 filter->filteredblocklength = blocklength; 3681 3682 return 1; 3683 } 3684 3685 static int 3686 execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm) 3687 { 3688 uint32_t length = filter->initialregisters[4]; 3689 uint32_t numchannels = filter->initialregisters[0]; 3690 uint8_t *src, *dst; 3691 uint32_t i, j; 3692 3693 if (length > PROGRAM_WORK_SIZE / 2) 3694 return 0; 3695 3696 src = &vm->memory[0]; 3697 dst = &vm->memory[length]; 3698 for (i = 0; i < numchannels; i++) 3699 { 3700 struct audio_state state; 3701 memset(&state, 0, sizeof(state)); 3702 for (j = i; j < length; j += numchannels) 3703 { 3704 int8_t delta = (int8_t)*src++; 3705 uint8_t predbyte, byte; 3706 int prederror; 3707 state.delta[2] = state.delta[1]; 3708 state.delta[1] = state.lastdelta - state.delta[0]; 3709 state.delta[0] = state.lastdelta; 3710 predbyte = ((8 * state.lastbyte + state.weight[0] * state.delta[0] + state.weight[1] * state.delta[1] + state.weight[2] * state.delta[2]) >> 3) & 0xFF; 3711 byte = (predbyte - delta) & 0xFF; 3712 prederror = delta << 3; 3713 state.error[0] += abs(prederror); 3714 state.error[1] += abs(prederror - state.delta[0]); state.error[2] += abs(prederror + state.delta[0]); 3715 state.error[3] += abs(prederror - state.delta[1]); state.error[4] += abs(prederror + state.delta[1]); 3716 state.error[5] += abs(prederror - state.delta[2]); state.error[6] += abs(prederror + state.delta[2]); 3717 state.lastdelta = (int8_t)(byte - state.lastbyte); 3718 dst[j] = state.lastbyte = byte; 3719 if (!(state.count++ & 0x1F)) 3720 { 3721 uint8_t k, idx = 0; 3722 for (k = 1; k < 7; k++) 3723 { 3724 if (state.error[k] < state.error[idx]) 3725 idx = k; 3726 } 3727 memset(state.error, 0, sizeof(state.error)); 3728 switch (idx) 3729 { 3730 case 1: if (state.weight[0] >= -16) state.weight[0]--; break; 3731 case 2: if (state.weight[0] < 16) state.weight[0]++; break; 3732 case 3: if (state.weight[1] >= -16) state.weight[1]--; break; 3733 case 4: if (state.weight[1] < 16) state.weight[1]++; break; 3734 case 5: if (state.weight[2] >= -16) state.weight[2]--; break; 3735 case 6: if (state.weight[2] < 16) state.weight[2]++; break; 3736 } 3737 } 3738 } 3739 } 3740 3741 filter->filteredblockaddress = length; 3742 filter->filteredblocklength = length; 3743 3744 return 1; 3745 } 3746 3747 3748 static int 3749 execute_filter(struct archive_read *a, struct rar_filter *filter, struct rar_virtual_machine *vm, size_t pos) 3750 { 3751 if (filter->prog->fingerprint == 0x1D0E06077D) 3752 return execute_filter_delta(filter, vm); 3753 if (filter->prog->fingerprint == 0x35AD576887) 3754 return execute_filter_e8(filter, vm, pos, 0); 3755 if (filter->prog->fingerprint == 0x393CD7E57E) 3756 return execute_filter_e8(filter, vm, pos, 1); 3757 if (filter->prog->fingerprint == 0x951C2C5DC8) 3758 return execute_filter_rgb(filter, vm); 3759 if (filter->prog->fingerprint == 0xD8BC85E701) 3760 return execute_filter_audio(filter, vm); 3761 3762 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "No support for RAR VM program filter"); 3763 return 0; 3764 } 3765 3766 static int 3767 rar_decode_byte(struct archive_read *a, uint8_t *byte) 3768 { 3769 struct rar *rar = (struct rar *)(a->format->data); 3770 struct rar_br *br = &(rar->br); 3771 if (!rar_br_read_ahead(a, br, 8)) 3772 return 0; 3773 *byte = (uint8_t)rar_br_bits(br, 8); 3774 rar_br_consume(br, 8); 3775 return 1; 3776 } 3777 3778 static inline void 3779 vm_write_32(struct rar_virtual_machine* vm, size_t offset, uint32_t u32) 3780 { 3781 archive_le32enc(vm->memory + offset, u32); 3782 } 3783 3784 static inline uint32_t 3785 vm_read_32(struct rar_virtual_machine* vm, size_t offset) 3786 { 3787 return archive_le32dec(vm->memory + offset); 3788 } 3789