1 /*- 2 * Copyright (c) 2003-2007 Tim Kientzle 3 * Copyright (c) 2011 Andres Mejia 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include "archive_platform.h" 28 29 #ifdef HAVE_ERRNO_H 30 #include <errno.h> 31 #endif 32 #include <time.h> 33 #include <limits.h> 34 #ifdef HAVE_ZLIB_H 35 #include <zlib.h> /* crc32 */ 36 #endif 37 38 #include "archive.h" 39 #ifndef HAVE_ZLIB_H 40 #include "archive_crc32.h" 41 #endif 42 #include "archive_endian.h" 43 #include "archive_entry.h" 44 #include "archive_entry_locale.h" 45 #include "archive_ppmd7_private.h" 46 #include "archive_private.h" 47 #include "archive_read_private.h" 48 49 /* RAR signature, also known as the mark header */ 50 #define RAR_SIGNATURE "\x52\x61\x72\x21\x1A\x07\x00" 51 52 /* Header types */ 53 #define MARK_HEAD 0x72 54 #define MAIN_HEAD 0x73 55 #define FILE_HEAD 0x74 56 #define COMM_HEAD 0x75 57 #define AV_HEAD 0x76 58 #define SUB_HEAD 0x77 59 #define PROTECT_HEAD 0x78 60 #define SIGN_HEAD 0x79 61 #define NEWSUB_HEAD 0x7a 62 #define ENDARC_HEAD 0x7b 63 64 /* Main Header Flags */ 65 #define MHD_VOLUME 0x0001 66 #define MHD_COMMENT 0x0002 67 #define MHD_LOCK 0x0004 68 #define MHD_SOLID 0x0008 69 #define MHD_NEWNUMBERING 0x0010 70 #define MHD_AV 0x0020 71 #define MHD_PROTECT 0x0040 72 #define MHD_PASSWORD 0x0080 73 #define MHD_FIRSTVOLUME 0x0100 74 #define MHD_ENCRYPTVER 0x0200 75 76 /* Flags common to all headers */ 77 #define HD_MARKDELETION 0x4000 78 #define HD_ADD_SIZE_PRESENT 0x8000 79 80 /* File Header Flags */ 81 #define FHD_SPLIT_BEFORE 0x0001 82 #define FHD_SPLIT_AFTER 0x0002 83 #define FHD_PASSWORD 0x0004 84 #define FHD_COMMENT 0x0008 85 #define FHD_SOLID 0x0010 86 #define FHD_LARGE 0x0100 87 #define FHD_UNICODE 0x0200 88 #define FHD_SALT 0x0400 89 #define FHD_VERSION 0x0800 90 #define FHD_EXTTIME 0x1000 91 #define FHD_EXTFLAGS 0x2000 92 93 /* File dictionary sizes */ 94 #define DICTIONARY_SIZE_64 0x00 95 #define DICTIONARY_SIZE_128 0x20 96 #define DICTIONARY_SIZE_256 0x40 97 #define DICTIONARY_SIZE_512 0x60 98 #define DICTIONARY_SIZE_1024 0x80 99 #define DICTIONARY_SIZE_2048 0xA0 100 #define DICTIONARY_SIZE_4096 0xC0 101 #define FILE_IS_DIRECTORY 0xE0 102 #define DICTIONARY_MASK FILE_IS_DIRECTORY 103 104 /* OS Flags */ 105 #define OS_MSDOS 0 106 #define OS_OS2 1 107 #define OS_WIN32 2 108 #define OS_UNIX 3 109 #define OS_MAC_OS 4 110 #define OS_BEOS 5 111 112 /* Compression Methods */ 113 #define COMPRESS_METHOD_STORE 0x30 114 /* LZSS */ 115 #define COMPRESS_METHOD_FASTEST 0x31 116 #define COMPRESS_METHOD_FAST 0x32 117 #define COMPRESS_METHOD_NORMAL 0x33 118 /* PPMd Variant H */ 119 #define COMPRESS_METHOD_GOOD 0x34 120 #define COMPRESS_METHOD_BEST 0x35 121 122 #define CRC_POLYNOMIAL 0xEDB88320 123 124 #define NS_UNIT 10000000 125 126 #define DICTIONARY_MAX_SIZE 0x400000 127 128 #define MAINCODE_SIZE 299 129 #define OFFSETCODE_SIZE 60 130 #define LOWOFFSETCODE_SIZE 17 131 #define LENGTHCODE_SIZE 28 132 #define HUFFMAN_TABLE_SIZE \ 133 MAINCODE_SIZE + OFFSETCODE_SIZE + LOWOFFSETCODE_SIZE + LENGTHCODE_SIZE 134 135 #define MAX_SYMBOL_LENGTH 0xF 136 #define MAX_SYMBOLS 20 137 138 /* Virtual Machine Properties */ 139 #define VM_MEMORY_SIZE 0x40000 140 #define VM_MEMORY_MASK (VM_MEMORY_SIZE - 1) 141 #define PROGRAM_WORK_SIZE 0x3C000 142 #define PROGRAM_GLOBAL_SIZE 0x2000 143 #define PROGRAM_SYSTEM_GLOBAL_ADDRESS PROGRAM_WORK_SIZE 144 #define PROGRAM_SYSTEM_GLOBAL_SIZE 0x40 145 #define PROGRAM_USER_GLOBAL_ADDRESS (PROGRAM_SYSTEM_GLOBAL_ADDRESS + PROGRAM_SYSTEM_GLOBAL_SIZE) 146 #define PROGRAM_USER_GLOBAL_SIZE (PROGRAM_GLOBAL_SIZE - PROGRAM_SYSTEM_GLOBAL_SIZE) 147 148 /* 149 * Considering L1,L2 cache miss and a calling of write system-call, 150 * the best size of the output buffer(uncompressed buffer) is 128K. 151 * If the structure of extracting process is changed, this value 152 * might be researched again. 153 */ 154 #define UNP_BUFFER_SIZE (128 * 1024) 155 156 /* Define this here for non-Windows platforms */ 157 #if !((defined(__WIN32__) || defined(_WIN32) || defined(__WIN32)) && !defined(__CYGWIN__)) 158 #define FILE_ATTRIBUTE_DIRECTORY 0x10 159 #endif 160 161 #undef minimum 162 #define minimum(a, b) ((a)<(b)?(a):(b)) 163 164 /* Stack overflow check */ 165 #define MAX_COMPRESS_DEPTH 1024 166 167 /* Fields common to all headers */ 168 struct rar_header 169 { 170 char crc[2]; 171 char type; 172 char flags[2]; 173 char size[2]; 174 }; 175 176 /* Fields common to all file headers */ 177 struct rar_file_header 178 { 179 char pack_size[4]; 180 char unp_size[4]; 181 char host_os; 182 char file_crc[4]; 183 char file_time[4]; 184 char unp_ver; 185 char method; 186 char name_size[2]; 187 char file_attr[4]; 188 }; 189 190 struct huffman_tree_node 191 { 192 int branches[2]; 193 }; 194 195 struct huffman_table_entry 196 { 197 unsigned int length; 198 int value; 199 }; 200 201 struct huffman_code 202 { 203 struct huffman_tree_node *tree; 204 int numentries; 205 int numallocatedentries; 206 int minlength; 207 int maxlength; 208 int tablesize; 209 struct huffman_table_entry *table; 210 }; 211 212 struct lzss 213 { 214 unsigned char *window; 215 int mask; 216 int64_t position; 217 }; 218 219 struct data_block_offsets 220 { 221 int64_t header_size; 222 int64_t start_offset; 223 int64_t end_offset; 224 }; 225 226 struct rar_program_code 227 { 228 uint8_t *staticdata; 229 uint32_t staticdatalen; 230 uint8_t *globalbackup; 231 uint32_t globalbackuplen; 232 uint64_t fingerprint; 233 uint32_t usagecount; 234 uint32_t oldfilterlength; 235 struct rar_program_code *next; 236 }; 237 238 struct rar_filter 239 { 240 struct rar_program_code *prog; 241 uint32_t initialregisters[8]; 242 uint8_t *globaldata; 243 uint32_t globaldatalen; 244 size_t blockstartpos; 245 uint32_t blocklength; 246 uint32_t filteredblockaddress; 247 uint32_t filteredblocklength; 248 struct rar_filter *next; 249 }; 250 251 struct memory_bit_reader 252 { 253 const uint8_t *bytes; 254 size_t length; 255 size_t offset; 256 uint64_t bits; 257 int available; 258 int at_eof; 259 }; 260 261 struct rar_virtual_machine 262 { 263 uint32_t registers[8]; 264 uint8_t memory[VM_MEMORY_SIZE + sizeof(uint32_t)]; 265 }; 266 267 struct rar_filters 268 { 269 struct rar_virtual_machine *vm; 270 struct rar_program_code *progs; 271 struct rar_filter *stack; 272 int64_t filterstart; 273 uint32_t lastfilternum; 274 int64_t lastend; 275 uint8_t *bytes; 276 size_t bytes_ready; 277 }; 278 279 struct audio_state 280 { 281 int8_t weight[5]; 282 int16_t delta[4]; 283 int8_t lastdelta; 284 int error[11]; 285 int count; 286 uint8_t lastbyte; 287 }; 288 289 struct rar 290 { 291 /* Entries from main RAR header */ 292 unsigned main_flags; 293 unsigned long file_crc; 294 char reserved1[2]; 295 char reserved2[4]; 296 char encryptver; 297 298 /* File header entries */ 299 char compression_method; 300 unsigned file_flags; 301 int64_t packed_size; 302 int64_t unp_size; 303 time_t mtime; 304 long mnsec; 305 mode_t mode; 306 char *filename; 307 char *filename_save; 308 size_t filename_save_size; 309 size_t filename_allocated; 310 311 /* File header optional entries */ 312 char salt[8]; 313 time_t atime; 314 long ansec; 315 time_t ctime; 316 long cnsec; 317 time_t arctime; 318 long arcnsec; 319 320 /* Fields to help with tracking decompression of files. */ 321 int64_t bytes_unconsumed; 322 int64_t bytes_remaining; 323 int64_t bytes_uncopied; 324 int64_t offset; 325 int64_t offset_outgoing; 326 int64_t offset_seek; 327 char valid; 328 unsigned int unp_offset; 329 unsigned int unp_buffer_size; 330 unsigned char *unp_buffer; 331 unsigned int dictionary_size; 332 char start_new_block; 333 char entry_eof; 334 unsigned long crc_calculated; 335 int found_first_header; 336 char has_endarc_header; 337 struct data_block_offsets *dbo; 338 unsigned int cursor; 339 unsigned int nodes; 340 char filename_must_match; 341 342 /* LZSS members */ 343 struct huffman_code maincode; 344 struct huffman_code offsetcode; 345 struct huffman_code lowoffsetcode; 346 struct huffman_code lengthcode; 347 unsigned char lengthtable[HUFFMAN_TABLE_SIZE]; 348 struct lzss lzss; 349 unsigned int lastlength; 350 unsigned int lastoffset; 351 unsigned int oldoffset[4]; 352 unsigned int lastlowoffset; 353 unsigned int numlowoffsetrepeats; 354 char start_new_table; 355 356 /* Filters */ 357 struct rar_filters filters; 358 359 /* PPMd Variant H members */ 360 char ppmd_valid; 361 char ppmd_eod; 362 char is_ppmd_block; 363 int ppmd_escape; 364 CPpmd7 ppmd7_context; 365 CPpmd7z_RangeDec range_dec; 366 IByteIn bytein; 367 368 /* 369 * String conversion object. 370 */ 371 int init_default_conversion; 372 struct archive_string_conv *sconv_default; 373 struct archive_string_conv *opt_sconv; 374 struct archive_string_conv *sconv_utf8; 375 struct archive_string_conv *sconv_utf16be; 376 377 /* 378 * Bit stream reader. 379 */ 380 struct rar_br { 381 #define CACHE_TYPE uint64_t 382 #define CACHE_BITS (8 * sizeof(CACHE_TYPE)) 383 /* Cache buffer. */ 384 CACHE_TYPE cache_buffer; 385 /* Indicates how many bits avail in cache_buffer. */ 386 int cache_avail; 387 ssize_t avail_in; 388 const unsigned char *next_in; 389 } br; 390 391 /* 392 * Custom field to denote that this archive contains encrypted entries 393 */ 394 int has_encrypted_entries; 395 }; 396 397 static int archive_read_support_format_rar_capabilities(struct archive_read *); 398 static int archive_read_format_rar_has_encrypted_entries(struct archive_read *); 399 static int archive_read_format_rar_bid(struct archive_read *, int); 400 static int archive_read_format_rar_options(struct archive_read *, 401 const char *, const char *); 402 static int archive_read_format_rar_read_header(struct archive_read *, 403 struct archive_entry *); 404 static int archive_read_format_rar_read_data(struct archive_read *, 405 const void **, size_t *, int64_t *); 406 static int archive_read_format_rar_read_data_skip(struct archive_read *a); 407 static int64_t archive_read_format_rar_seek_data(struct archive_read *, int64_t, 408 int); 409 static int archive_read_format_rar_cleanup(struct archive_read *); 410 411 /* Support functions */ 412 static int read_header(struct archive_read *, struct archive_entry *, char); 413 static time_t get_time(int); 414 static int read_exttime(const char *, struct rar *, const char *); 415 static int read_symlink_stored(struct archive_read *, struct archive_entry *, 416 struct archive_string_conv *); 417 static int read_data_stored(struct archive_read *, const void **, size_t *, 418 int64_t *); 419 static int read_data_compressed(struct archive_read *, const void **, size_t *, 420 int64_t *, size_t); 421 static int rar_br_preparation(struct archive_read *, struct rar_br *); 422 static int parse_codes(struct archive_read *); 423 static void free_codes(struct archive_read *); 424 static int read_next_symbol(struct archive_read *, struct huffman_code *); 425 static int create_code(struct archive_read *, struct huffman_code *, 426 unsigned char *, int, char); 427 static int add_value(struct archive_read *, struct huffman_code *, int, int, 428 int); 429 static int new_node(struct huffman_code *); 430 static int make_table(struct archive_read *, struct huffman_code *); 431 static int make_table_recurse(struct archive_read *, struct huffman_code *, int, 432 struct huffman_table_entry *, int, int); 433 static int expand(struct archive_read *, int64_t *); 434 static int copy_from_lzss_window_to_unp(struct archive_read *, const void **, 435 int64_t, int); 436 static const void *rar_read_ahead(struct archive_read *, size_t, ssize_t *); 437 static int parse_filter(struct archive_read *, const uint8_t *, uint16_t, 438 uint8_t); 439 static int run_filters(struct archive_read *); 440 static void clear_filters(struct rar_filters *); 441 static struct rar_filter *create_filter(struct rar_program_code *, 442 const uint8_t *, uint32_t, 443 uint32_t[8], size_t, uint32_t); 444 static void delete_filter(struct rar_filter *filter); 445 static struct rar_program_code *compile_program(const uint8_t *, size_t); 446 static void delete_program_code(struct rar_program_code *prog); 447 static uint32_t membr_next_rarvm_number(struct memory_bit_reader *br); 448 static inline uint32_t membr_bits(struct memory_bit_reader *br, int bits); 449 static int membr_fill(struct memory_bit_reader *br, int bits); 450 static int read_filter(struct archive_read *, int64_t *); 451 static int rar_decode_byte(struct archive_read*, uint8_t *); 452 static int execute_filter(struct archive_read*, struct rar_filter *, 453 struct rar_virtual_machine *, size_t); 454 static int copy_from_lzss_window(struct archive_read *, void *, int64_t, int); 455 static inline void vm_write_32(struct rar_virtual_machine*, size_t, uint32_t); 456 static inline uint32_t vm_read_32(struct rar_virtual_machine*, size_t); 457 458 /* 459 * Bit stream reader. 460 */ 461 /* Check that the cache buffer has enough bits. */ 462 #define rar_br_has(br, n) ((br)->cache_avail >= n) 463 /* Get compressed data by bit. */ 464 #define rar_br_bits(br, n) \ 465 (((uint32_t)((br)->cache_buffer >> \ 466 ((br)->cache_avail - (n)))) & cache_masks[n]) 467 #define rar_br_bits_forced(br, n) \ 468 (((uint32_t)((br)->cache_buffer << \ 469 ((n) - (br)->cache_avail))) & cache_masks[n]) 470 /* Read ahead to make sure the cache buffer has enough compressed data we 471 * will use. 472 * True : completed, there is enough data in the cache buffer. 473 * False : there is no data in the stream. */ 474 #define rar_br_read_ahead(a, br, n) \ 475 ((rar_br_has(br, (n)) || rar_br_fillup(a, br)) || rar_br_has(br, (n))) 476 /* Notify how many bits we consumed. */ 477 #define rar_br_consume(br, n) ((br)->cache_avail -= (n)) 478 #define rar_br_consume_unalined_bits(br) ((br)->cache_avail &= ~7) 479 480 static const uint32_t cache_masks[] = { 481 0x00000000, 0x00000001, 0x00000003, 0x00000007, 482 0x0000000F, 0x0000001F, 0x0000003F, 0x0000007F, 483 0x000000FF, 0x000001FF, 0x000003FF, 0x000007FF, 484 0x00000FFF, 0x00001FFF, 0x00003FFF, 0x00007FFF, 485 0x0000FFFF, 0x0001FFFF, 0x0003FFFF, 0x0007FFFF, 486 0x000FFFFF, 0x001FFFFF, 0x003FFFFF, 0x007FFFFF, 487 0x00FFFFFF, 0x01FFFFFF, 0x03FFFFFF, 0x07FFFFFF, 488 0x0FFFFFFF, 0x1FFFFFFF, 0x3FFFFFFF, 0x7FFFFFFF, 489 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF 490 }; 491 492 /* 493 * Shift away used bits in the cache data and fill it up with following bits. 494 * Call this when cache buffer does not have enough bits you need. 495 * 496 * Returns 1 if the cache buffer is full. 497 * Returns 0 if the cache buffer is not full; input buffer is empty. 498 */ 499 static int 500 rar_br_fillup(struct archive_read *a, struct rar_br *br) 501 { 502 struct rar *rar = (struct rar *)(a->format->data); 503 int n = CACHE_BITS - br->cache_avail; 504 505 for (;;) { 506 switch (n >> 3) { 507 case 8: 508 if (br->avail_in >= 8) { 509 br->cache_buffer = 510 ((uint64_t)br->next_in[0]) << 56 | 511 ((uint64_t)br->next_in[1]) << 48 | 512 ((uint64_t)br->next_in[2]) << 40 | 513 ((uint64_t)br->next_in[3]) << 32 | 514 ((uint32_t)br->next_in[4]) << 24 | 515 ((uint32_t)br->next_in[5]) << 16 | 516 ((uint32_t)br->next_in[6]) << 8 | 517 (uint32_t)br->next_in[7]; 518 br->next_in += 8; 519 br->avail_in -= 8; 520 br->cache_avail += 8 * 8; 521 rar->bytes_unconsumed += 8; 522 rar->bytes_remaining -= 8; 523 return (1); 524 } 525 break; 526 case 7: 527 if (br->avail_in >= 7) { 528 br->cache_buffer = 529 (br->cache_buffer << 56) | 530 ((uint64_t)br->next_in[0]) << 48 | 531 ((uint64_t)br->next_in[1]) << 40 | 532 ((uint64_t)br->next_in[2]) << 32 | 533 ((uint32_t)br->next_in[3]) << 24 | 534 ((uint32_t)br->next_in[4]) << 16 | 535 ((uint32_t)br->next_in[5]) << 8 | 536 (uint32_t)br->next_in[6]; 537 br->next_in += 7; 538 br->avail_in -= 7; 539 br->cache_avail += 7 * 8; 540 rar->bytes_unconsumed += 7; 541 rar->bytes_remaining -= 7; 542 return (1); 543 } 544 break; 545 case 6: 546 if (br->avail_in >= 6) { 547 br->cache_buffer = 548 (br->cache_buffer << 48) | 549 ((uint64_t)br->next_in[0]) << 40 | 550 ((uint64_t)br->next_in[1]) << 32 | 551 ((uint32_t)br->next_in[2]) << 24 | 552 ((uint32_t)br->next_in[3]) << 16 | 553 ((uint32_t)br->next_in[4]) << 8 | 554 (uint32_t)br->next_in[5]; 555 br->next_in += 6; 556 br->avail_in -= 6; 557 br->cache_avail += 6 * 8; 558 rar->bytes_unconsumed += 6; 559 rar->bytes_remaining -= 6; 560 return (1); 561 } 562 break; 563 case 0: 564 /* We have enough compressed data in 565 * the cache buffer.*/ 566 return (1); 567 default: 568 break; 569 } 570 if (br->avail_in <= 0) { 571 572 if (rar->bytes_unconsumed > 0) { 573 /* Consume as much as the decompressor 574 * actually used. */ 575 __archive_read_consume(a, rar->bytes_unconsumed); 576 rar->bytes_unconsumed = 0; 577 } 578 br->next_in = rar_read_ahead(a, 1, &(br->avail_in)); 579 if (br->next_in == NULL) 580 return (0); 581 if (br->avail_in == 0) 582 return (0); 583 } 584 br->cache_buffer = 585 (br->cache_buffer << 8) | *br->next_in++; 586 br->avail_in--; 587 br->cache_avail += 8; 588 n -= 8; 589 rar->bytes_unconsumed++; 590 rar->bytes_remaining--; 591 } 592 } 593 594 static int 595 rar_br_preparation(struct archive_read *a, struct rar_br *br) 596 { 597 struct rar *rar = (struct rar *)(a->format->data); 598 599 if (rar->bytes_remaining > 0) { 600 br->next_in = rar_read_ahead(a, 1, &(br->avail_in)); 601 if (br->next_in == NULL) { 602 archive_set_error(&a->archive, 603 ARCHIVE_ERRNO_FILE_FORMAT, 604 "Truncated RAR file data"); 605 return (ARCHIVE_FATAL); 606 } 607 if (br->cache_avail == 0) 608 (void)rar_br_fillup(a, br); 609 } 610 return (ARCHIVE_OK); 611 } 612 613 /* Find last bit set */ 614 static inline int 615 rar_fls(unsigned int word) 616 { 617 word |= (word >> 1); 618 word |= (word >> 2); 619 word |= (word >> 4); 620 word |= (word >> 8); 621 word |= (word >> 16); 622 return word - (word >> 1); 623 } 624 625 /* LZSS functions */ 626 static inline int64_t 627 lzss_position(struct lzss *lzss) 628 { 629 return lzss->position; 630 } 631 632 static inline int 633 lzss_mask(struct lzss *lzss) 634 { 635 return lzss->mask; 636 } 637 638 static inline int 639 lzss_size(struct lzss *lzss) 640 { 641 return lzss->mask + 1; 642 } 643 644 static inline int 645 lzss_offset_for_position(struct lzss *lzss, int64_t pos) 646 { 647 return (int)(pos & lzss->mask); 648 } 649 650 static inline unsigned char * 651 lzss_pointer_for_position(struct lzss *lzss, int64_t pos) 652 { 653 return &lzss->window[lzss_offset_for_position(lzss, pos)]; 654 } 655 656 static inline int 657 lzss_current_offset(struct lzss *lzss) 658 { 659 return lzss_offset_for_position(lzss, lzss->position); 660 } 661 662 static inline uint8_t * 663 lzss_current_pointer(struct lzss *lzss) 664 { 665 return lzss_pointer_for_position(lzss, lzss->position); 666 } 667 668 static inline void 669 lzss_emit_literal(struct rar *rar, uint8_t literal) 670 { 671 *lzss_current_pointer(&rar->lzss) = literal; 672 rar->lzss.position++; 673 } 674 675 static inline void 676 lzss_emit_match(struct rar *rar, int offset, int length) 677 { 678 int dstoffs = lzss_current_offset(&rar->lzss); 679 int srcoffs = (dstoffs - offset) & lzss_mask(&rar->lzss); 680 int l, li, remaining; 681 unsigned char *d, *s; 682 683 remaining = length; 684 while (remaining > 0) { 685 l = remaining; 686 if (dstoffs > srcoffs) { 687 if (l > lzss_size(&rar->lzss) - dstoffs) 688 l = lzss_size(&rar->lzss) - dstoffs; 689 } else { 690 if (l > lzss_size(&rar->lzss) - srcoffs) 691 l = lzss_size(&rar->lzss) - srcoffs; 692 } 693 d = &(rar->lzss.window[dstoffs]); 694 s = &(rar->lzss.window[srcoffs]); 695 if ((dstoffs + l < srcoffs) || (srcoffs + l < dstoffs)) 696 memcpy(d, s, l); 697 else { 698 for (li = 0; li < l; li++) 699 d[li] = s[li]; 700 } 701 remaining -= l; 702 dstoffs = (dstoffs + l) & lzss_mask(&(rar->lzss)); 703 srcoffs = (srcoffs + l) & lzss_mask(&(rar->lzss)); 704 } 705 rar->lzss.position += length; 706 } 707 708 static Byte 709 ppmd_read(void *p) 710 { 711 struct archive_read *a = ((IByteIn*)p)->a; 712 struct rar *rar = (struct rar *)(a->format->data); 713 struct rar_br *br = &(rar->br); 714 Byte b; 715 if (!rar_br_read_ahead(a, br, 8)) 716 { 717 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 718 "Truncated RAR file data"); 719 rar->valid = 0; 720 return 0; 721 } 722 b = rar_br_bits(br, 8); 723 rar_br_consume(br, 8); 724 return b; 725 } 726 727 int 728 archive_read_support_format_rar(struct archive *_a) 729 { 730 struct archive_read *a = (struct archive_read *)_a; 731 struct rar *rar; 732 int r; 733 734 archive_check_magic(_a, ARCHIVE_READ_MAGIC, ARCHIVE_STATE_NEW, 735 "archive_read_support_format_rar"); 736 737 rar = (struct rar *)calloc(sizeof(*rar), 1); 738 if (rar == NULL) 739 { 740 archive_set_error(&a->archive, ENOMEM, "Can't allocate rar data"); 741 return (ARCHIVE_FATAL); 742 } 743 744 /* 745 * Until enough data has been read, we cannot tell about 746 * any encrypted entries yet. 747 */ 748 rar->has_encrypted_entries = ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW; 749 750 r = __archive_read_register_format(a, 751 rar, 752 "rar", 753 archive_read_format_rar_bid, 754 archive_read_format_rar_options, 755 archive_read_format_rar_read_header, 756 archive_read_format_rar_read_data, 757 archive_read_format_rar_read_data_skip, 758 archive_read_format_rar_seek_data, 759 archive_read_format_rar_cleanup, 760 archive_read_support_format_rar_capabilities, 761 archive_read_format_rar_has_encrypted_entries); 762 763 if (r != ARCHIVE_OK) 764 free(rar); 765 return (r); 766 } 767 768 static int 769 archive_read_support_format_rar_capabilities(struct archive_read * a) 770 { 771 (void)a; /* UNUSED */ 772 return (ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA 773 | ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA); 774 } 775 776 static int 777 archive_read_format_rar_has_encrypted_entries(struct archive_read *_a) 778 { 779 if (_a && _a->format) { 780 struct rar * rar = (struct rar *)_a->format->data; 781 if (rar) { 782 return rar->has_encrypted_entries; 783 } 784 } 785 return ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW; 786 } 787 788 789 static int 790 archive_read_format_rar_bid(struct archive_read *a, int best_bid) 791 { 792 const char *p; 793 794 /* If there's already a bid > 30, we'll never win. */ 795 if (best_bid > 30) 796 return (-1); 797 798 if ((p = __archive_read_ahead(a, 7, NULL)) == NULL) 799 return (-1); 800 801 if (memcmp(p, RAR_SIGNATURE, 7) == 0) 802 return (30); 803 804 if ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0) { 805 /* This is a PE file */ 806 ssize_t offset = 0x10000; 807 ssize_t window = 4096; 808 ssize_t bytes_avail; 809 while (offset + window <= (1024 * 128)) { 810 const char *buff = __archive_read_ahead(a, offset + window, &bytes_avail); 811 if (buff == NULL) { 812 /* Remaining bytes are less than window. */ 813 window >>= 1; 814 if (window < 0x40) 815 return (0); 816 continue; 817 } 818 p = buff + offset; 819 while (p + 7 < buff + bytes_avail) { 820 if (memcmp(p, RAR_SIGNATURE, 7) == 0) 821 return (30); 822 p += 0x10; 823 } 824 offset = p - buff; 825 } 826 } 827 return (0); 828 } 829 830 static int 831 skip_sfx(struct archive_read *a) 832 { 833 const void *h; 834 const char *p, *q; 835 size_t skip, total; 836 ssize_t bytes, window; 837 838 total = 0; 839 window = 4096; 840 while (total + window <= (1024 * 128)) { 841 h = __archive_read_ahead(a, window, &bytes); 842 if (h == NULL) { 843 /* Remaining bytes are less than window. */ 844 window >>= 1; 845 if (window < 0x40) 846 goto fatal; 847 continue; 848 } 849 if (bytes < 0x40) 850 goto fatal; 851 p = h; 852 q = p + bytes; 853 854 /* 855 * Scan ahead until we find something that looks 856 * like the RAR header. 857 */ 858 while (p + 7 < q) { 859 if (memcmp(p, RAR_SIGNATURE, 7) == 0) { 860 skip = p - (const char *)h; 861 __archive_read_consume(a, skip); 862 return (ARCHIVE_OK); 863 } 864 p += 0x10; 865 } 866 skip = p - (const char *)h; 867 __archive_read_consume(a, skip); 868 total += skip; 869 } 870 fatal: 871 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 872 "Couldn't find out RAR header"); 873 return (ARCHIVE_FATAL); 874 } 875 876 static int 877 archive_read_format_rar_options(struct archive_read *a, 878 const char *key, const char *val) 879 { 880 struct rar *rar; 881 int ret = ARCHIVE_FAILED; 882 883 rar = (struct rar *)(a->format->data); 884 if (strcmp(key, "hdrcharset") == 0) { 885 if (val == NULL || val[0] == 0) 886 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 887 "rar: hdrcharset option needs a character-set name"); 888 else { 889 rar->opt_sconv = 890 archive_string_conversion_from_charset( 891 &a->archive, val, 0); 892 if (rar->opt_sconv != NULL) 893 ret = ARCHIVE_OK; 894 else 895 ret = ARCHIVE_FATAL; 896 } 897 return (ret); 898 } 899 900 /* Note: The "warn" return is just to inform the options 901 * supervisor that we didn't handle it. It will generate 902 * a suitable error if no one used this option. */ 903 return (ARCHIVE_WARN); 904 } 905 906 static int 907 archive_read_format_rar_read_header(struct archive_read *a, 908 struct archive_entry *entry) 909 { 910 const void *h; 911 const char *p; 912 struct rar *rar; 913 size_t skip; 914 char head_type; 915 int ret; 916 unsigned flags; 917 unsigned long crc32_expected; 918 919 a->archive.archive_format = ARCHIVE_FORMAT_RAR; 920 if (a->archive.archive_format_name == NULL) 921 a->archive.archive_format_name = "RAR"; 922 923 rar = (struct rar *)(a->format->data); 924 925 /* 926 * It should be sufficient to call archive_read_next_header() for 927 * a reader to determine if an entry is encrypted or not. If the 928 * encryption of an entry is only detectable when calling 929 * archive_read_data(), so be it. We'll do the same check there 930 * as well. 931 */ 932 if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) { 933 rar->has_encrypted_entries = 0; 934 } 935 936 /* RAR files can be generated without EOF headers, so return ARCHIVE_EOF if 937 * this fails. 938 */ 939 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL) 940 return (ARCHIVE_EOF); 941 942 p = h; 943 if (rar->found_first_header == 0 && 944 ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0)) { 945 /* This is an executable ? Must be self-extracting... */ 946 ret = skip_sfx(a); 947 if (ret < ARCHIVE_WARN) 948 return (ret); 949 } 950 rar->found_first_header = 1; 951 952 while (1) 953 { 954 unsigned long crc32_val; 955 956 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL) 957 return (ARCHIVE_FATAL); 958 p = h; 959 960 head_type = p[2]; 961 switch(head_type) 962 { 963 case MARK_HEAD: 964 if (memcmp(p, RAR_SIGNATURE, 7) != 0) { 965 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 966 "Invalid marker header"); 967 return (ARCHIVE_FATAL); 968 } 969 __archive_read_consume(a, 7); 970 break; 971 972 case MAIN_HEAD: 973 rar->main_flags = archive_le16dec(p + 3); 974 skip = archive_le16dec(p + 5); 975 if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)) { 976 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 977 "Invalid header size"); 978 return (ARCHIVE_FATAL); 979 } 980 if ((h = __archive_read_ahead(a, skip, NULL)) == NULL) 981 return (ARCHIVE_FATAL); 982 p = h; 983 memcpy(rar->reserved1, p + 7, sizeof(rar->reserved1)); 984 memcpy(rar->reserved2, p + 7 + sizeof(rar->reserved1), 985 sizeof(rar->reserved2)); 986 if (rar->main_flags & MHD_ENCRYPTVER) { 987 if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)+1) { 988 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 989 "Invalid header size"); 990 return (ARCHIVE_FATAL); 991 } 992 rar->encryptver = *(p + 7 + sizeof(rar->reserved1) + 993 sizeof(rar->reserved2)); 994 } 995 996 /* Main header is password encrypted, so we cannot read any 997 file names or any other info about files from the header. */ 998 if (rar->main_flags & MHD_PASSWORD) 999 { 1000 archive_entry_set_is_metadata_encrypted(entry, 1); 1001 archive_entry_set_is_data_encrypted(entry, 1); 1002 rar->has_encrypted_entries = 1; 1003 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1004 "RAR encryption support unavailable."); 1005 return (ARCHIVE_FATAL); 1006 } 1007 1008 crc32_val = crc32(0, (const unsigned char *)p + 2, (unsigned)skip - 2); 1009 if ((crc32_val & 0xffff) != archive_le16dec(p)) { 1010 #ifndef DONT_FAIL_ON_CRC_ERROR 1011 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1012 "Header CRC error"); 1013 return (ARCHIVE_FATAL); 1014 #endif 1015 } 1016 __archive_read_consume(a, skip); 1017 break; 1018 1019 case FILE_HEAD: 1020 return read_header(a, entry, head_type); 1021 1022 case COMM_HEAD: 1023 case AV_HEAD: 1024 case SUB_HEAD: 1025 case PROTECT_HEAD: 1026 case SIGN_HEAD: 1027 case ENDARC_HEAD: 1028 flags = archive_le16dec(p + 3); 1029 skip = archive_le16dec(p + 5); 1030 if (skip < 7) { 1031 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1032 "Invalid header size too small"); 1033 return (ARCHIVE_FATAL); 1034 } 1035 if (flags & HD_ADD_SIZE_PRESENT) 1036 { 1037 if (skip < 7 + 4) { 1038 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1039 "Invalid header size too small"); 1040 return (ARCHIVE_FATAL); 1041 } 1042 if ((h = __archive_read_ahead(a, skip, NULL)) == NULL) 1043 return (ARCHIVE_FATAL); 1044 p = h; 1045 skip += archive_le32dec(p + 7); 1046 } 1047 1048 /* Skip over the 2-byte CRC at the beginning of the header. */ 1049 crc32_expected = archive_le16dec(p); 1050 __archive_read_consume(a, 2); 1051 skip -= 2; 1052 1053 /* Skim the entire header and compute the CRC. */ 1054 crc32_val = 0; 1055 while (skip > 0) { 1056 size_t to_read = skip; 1057 if (to_read > 32 * 1024) 1058 to_read = 32 * 1024; 1059 if ((h = __archive_read_ahead(a, to_read, NULL)) == NULL) { 1060 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1061 "Bad RAR file"); 1062 return (ARCHIVE_FATAL); 1063 } 1064 p = h; 1065 crc32_val = crc32(crc32_val, (const unsigned char *)p, to_read); 1066 __archive_read_consume(a, to_read); 1067 skip -= to_read; 1068 } 1069 if ((crc32_val & 0xffff) != crc32_expected) { 1070 #ifndef DONT_FAIL_ON_CRC_ERROR 1071 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1072 "Header CRC error"); 1073 return (ARCHIVE_FATAL); 1074 #endif 1075 } 1076 if (head_type == ENDARC_HEAD) 1077 return (ARCHIVE_EOF); 1078 break; 1079 1080 case NEWSUB_HEAD: 1081 if ((ret = read_header(a, entry, head_type)) < ARCHIVE_WARN) 1082 return ret; 1083 break; 1084 1085 default: 1086 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1087 "Bad RAR file"); 1088 return (ARCHIVE_FATAL); 1089 } 1090 } 1091 } 1092 1093 static int 1094 archive_read_format_rar_read_data(struct archive_read *a, const void **buff, 1095 size_t *size, int64_t *offset) 1096 { 1097 struct rar *rar = (struct rar *)(a->format->data); 1098 int ret; 1099 1100 if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) { 1101 rar->has_encrypted_entries = 0; 1102 } 1103 1104 if (rar->bytes_unconsumed > 0) { 1105 /* Consume as much as the decompressor actually used. */ 1106 __archive_read_consume(a, rar->bytes_unconsumed); 1107 rar->bytes_unconsumed = 0; 1108 } 1109 1110 *buff = NULL; 1111 if (rar->entry_eof || rar->offset_seek >= rar->unp_size) { 1112 *size = 0; 1113 *offset = rar->offset; 1114 if (*offset < rar->unp_size) 1115 *offset = rar->unp_size; 1116 return (ARCHIVE_EOF); 1117 } 1118 1119 switch (rar->compression_method) 1120 { 1121 case COMPRESS_METHOD_STORE: 1122 ret = read_data_stored(a, buff, size, offset); 1123 break; 1124 1125 case COMPRESS_METHOD_FASTEST: 1126 case COMPRESS_METHOD_FAST: 1127 case COMPRESS_METHOD_NORMAL: 1128 case COMPRESS_METHOD_GOOD: 1129 case COMPRESS_METHOD_BEST: 1130 ret = read_data_compressed(a, buff, size, offset, 0); 1131 if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) { 1132 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); 1133 rar->start_new_table = 1; 1134 rar->ppmd_valid = 0; 1135 } 1136 break; 1137 1138 default: 1139 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1140 "Unsupported compression method for RAR file."); 1141 ret = ARCHIVE_FATAL; 1142 break; 1143 } 1144 return (ret); 1145 } 1146 1147 static int 1148 archive_read_format_rar_read_data_skip(struct archive_read *a) 1149 { 1150 struct rar *rar; 1151 int64_t bytes_skipped; 1152 int ret; 1153 1154 rar = (struct rar *)(a->format->data); 1155 1156 if (rar->bytes_unconsumed > 0) { 1157 /* Consume as much as the decompressor actually used. */ 1158 __archive_read_consume(a, rar->bytes_unconsumed); 1159 rar->bytes_unconsumed = 0; 1160 } 1161 1162 if (rar->bytes_remaining > 0) { 1163 bytes_skipped = __archive_read_consume(a, rar->bytes_remaining); 1164 if (bytes_skipped < 0) 1165 return (ARCHIVE_FATAL); 1166 } 1167 1168 /* Compressed data to skip must be read from each header in a multivolume 1169 * archive. 1170 */ 1171 if (rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER) 1172 { 1173 ret = archive_read_format_rar_read_header(a, a->entry); 1174 if (ret == (ARCHIVE_EOF)) 1175 ret = archive_read_format_rar_read_header(a, a->entry); 1176 if (ret != (ARCHIVE_OK)) 1177 return ret; 1178 return archive_read_format_rar_read_data_skip(a); 1179 } 1180 1181 return (ARCHIVE_OK); 1182 } 1183 1184 static int64_t 1185 archive_read_format_rar_seek_data(struct archive_read *a, int64_t offset, 1186 int whence) 1187 { 1188 int64_t client_offset, ret; 1189 unsigned int i; 1190 struct rar *rar = (struct rar *)(a->format->data); 1191 1192 if (rar->compression_method == COMPRESS_METHOD_STORE) 1193 { 1194 /* Modify the offset for use with SEEK_SET */ 1195 switch (whence) 1196 { 1197 case SEEK_CUR: 1198 client_offset = rar->offset_seek; 1199 break; 1200 case SEEK_END: 1201 client_offset = rar->unp_size; 1202 break; 1203 case SEEK_SET: 1204 default: 1205 client_offset = 0; 1206 } 1207 client_offset += offset; 1208 if (client_offset < 0) 1209 { 1210 /* Can't seek past beginning of data block */ 1211 return -1; 1212 } 1213 else if (client_offset > rar->unp_size) 1214 { 1215 /* 1216 * Set the returned offset but only seek to the end of 1217 * the data block. 1218 */ 1219 rar->offset_seek = client_offset; 1220 client_offset = rar->unp_size; 1221 } 1222 1223 client_offset += rar->dbo[0].start_offset; 1224 i = 0; 1225 while (i < rar->cursor) 1226 { 1227 i++; 1228 client_offset += rar->dbo[i].start_offset - rar->dbo[i-1].end_offset; 1229 } 1230 if (rar->main_flags & MHD_VOLUME) 1231 { 1232 /* Find the appropriate offset among the multivolume archive */ 1233 while (1) 1234 { 1235 if (client_offset < rar->dbo[rar->cursor].start_offset && 1236 rar->file_flags & FHD_SPLIT_BEFORE) 1237 { 1238 /* Search backwards for the correct data block */ 1239 if (rar->cursor == 0) 1240 { 1241 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1242 "Attempt to seek past beginning of RAR data block"); 1243 return (ARCHIVE_FAILED); 1244 } 1245 rar->cursor--; 1246 client_offset -= rar->dbo[rar->cursor+1].start_offset - 1247 rar->dbo[rar->cursor].end_offset; 1248 if (client_offset < rar->dbo[rar->cursor].start_offset) 1249 continue; 1250 ret = __archive_read_seek(a, rar->dbo[rar->cursor].start_offset - 1251 rar->dbo[rar->cursor].header_size, SEEK_SET); 1252 if (ret < (ARCHIVE_OK)) 1253 return ret; 1254 ret = archive_read_format_rar_read_header(a, a->entry); 1255 if (ret != (ARCHIVE_OK)) 1256 { 1257 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1258 "Error during seek of RAR file"); 1259 return (ARCHIVE_FAILED); 1260 } 1261 rar->cursor--; 1262 break; 1263 } 1264 else if (client_offset > rar->dbo[rar->cursor].end_offset && 1265 rar->file_flags & FHD_SPLIT_AFTER) 1266 { 1267 /* Search forward for the correct data block */ 1268 rar->cursor++; 1269 if (rar->cursor < rar->nodes && 1270 client_offset > rar->dbo[rar->cursor].end_offset) 1271 { 1272 client_offset += rar->dbo[rar->cursor].start_offset - 1273 rar->dbo[rar->cursor-1].end_offset; 1274 continue; 1275 } 1276 rar->cursor--; 1277 ret = __archive_read_seek(a, rar->dbo[rar->cursor].end_offset, 1278 SEEK_SET); 1279 if (ret < (ARCHIVE_OK)) 1280 return ret; 1281 ret = archive_read_format_rar_read_header(a, a->entry); 1282 if (ret == (ARCHIVE_EOF)) 1283 { 1284 rar->has_endarc_header = 1; 1285 ret = archive_read_format_rar_read_header(a, a->entry); 1286 } 1287 if (ret != (ARCHIVE_OK)) 1288 { 1289 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1290 "Error during seek of RAR file"); 1291 return (ARCHIVE_FAILED); 1292 } 1293 client_offset += rar->dbo[rar->cursor].start_offset - 1294 rar->dbo[rar->cursor-1].end_offset; 1295 continue; 1296 } 1297 break; 1298 } 1299 } 1300 1301 ret = __archive_read_seek(a, client_offset, SEEK_SET); 1302 if (ret < (ARCHIVE_OK)) 1303 return ret; 1304 rar->bytes_remaining = rar->dbo[rar->cursor].end_offset - ret; 1305 i = rar->cursor; 1306 while (i > 0) 1307 { 1308 i--; 1309 ret -= rar->dbo[i+1].start_offset - rar->dbo[i].end_offset; 1310 } 1311 ret -= rar->dbo[0].start_offset; 1312 1313 /* Always restart reading the file after a seek */ 1314 __archive_reset_read_data(&a->archive); 1315 1316 rar->bytes_unconsumed = 0; 1317 rar->offset = 0; 1318 1319 /* 1320 * If a seek past the end of file was requested, return the requested 1321 * offset. 1322 */ 1323 if (ret == rar->unp_size && rar->offset_seek > rar->unp_size) 1324 return rar->offset_seek; 1325 1326 /* Return the new offset */ 1327 rar->offset_seek = ret; 1328 return rar->offset_seek; 1329 } 1330 else 1331 { 1332 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1333 "Seeking of compressed RAR files is unsupported"); 1334 } 1335 return (ARCHIVE_FAILED); 1336 } 1337 1338 static int 1339 archive_read_format_rar_cleanup(struct archive_read *a) 1340 { 1341 struct rar *rar; 1342 1343 rar = (struct rar *)(a->format->data); 1344 free_codes(a); 1345 clear_filters(&rar->filters); 1346 free(rar->filename); 1347 free(rar->filename_save); 1348 free(rar->dbo); 1349 free(rar->unp_buffer); 1350 free(rar->lzss.window); 1351 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); 1352 free(rar); 1353 (a->format->data) = NULL; 1354 return (ARCHIVE_OK); 1355 } 1356 1357 static int 1358 read_header(struct archive_read *a, struct archive_entry *entry, 1359 char head_type) 1360 { 1361 const void *h; 1362 const char *p, *endp; 1363 struct rar *rar; 1364 struct rar_header rar_header; 1365 struct rar_file_header file_header; 1366 int64_t header_size; 1367 unsigned filename_size, end; 1368 char *filename; 1369 char *strp; 1370 char packed_size[8]; 1371 char unp_size[8]; 1372 int ttime; 1373 struct archive_string_conv *sconv, *fn_sconv; 1374 unsigned long crc32_val; 1375 int ret = (ARCHIVE_OK), ret2; 1376 1377 rar = (struct rar *)(a->format->data); 1378 1379 /* Setup a string conversion object for non-rar-unicode filenames. */ 1380 sconv = rar->opt_sconv; 1381 if (sconv == NULL) { 1382 if (!rar->init_default_conversion) { 1383 rar->sconv_default = 1384 archive_string_default_conversion_for_read( 1385 &(a->archive)); 1386 rar->init_default_conversion = 1; 1387 } 1388 sconv = rar->sconv_default; 1389 } 1390 1391 1392 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL) 1393 return (ARCHIVE_FATAL); 1394 p = h; 1395 memcpy(&rar_header, p, sizeof(rar_header)); 1396 rar->file_flags = archive_le16dec(rar_header.flags); 1397 header_size = archive_le16dec(rar_header.size); 1398 if (header_size < (int64_t)sizeof(file_header) + 7) { 1399 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1400 "Invalid header size"); 1401 return (ARCHIVE_FATAL); 1402 } 1403 crc32_val = crc32(0, (const unsigned char *)p + 2, 7 - 2); 1404 __archive_read_consume(a, 7); 1405 1406 if (!(rar->file_flags & FHD_SOLID)) 1407 { 1408 rar->compression_method = 0; 1409 rar->packed_size = 0; 1410 rar->unp_size = 0; 1411 rar->mtime = 0; 1412 rar->ctime = 0; 1413 rar->atime = 0; 1414 rar->arctime = 0; 1415 rar->mode = 0; 1416 memset(&rar->salt, 0, sizeof(rar->salt)); 1417 rar->atime = 0; 1418 rar->ansec = 0; 1419 rar->ctime = 0; 1420 rar->cnsec = 0; 1421 rar->mtime = 0; 1422 rar->mnsec = 0; 1423 rar->arctime = 0; 1424 rar->arcnsec = 0; 1425 } 1426 else 1427 { 1428 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1429 "RAR solid archive support unavailable."); 1430 return (ARCHIVE_FATAL); 1431 } 1432 1433 if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL) 1434 return (ARCHIVE_FATAL); 1435 1436 /* File Header CRC check. */ 1437 crc32_val = crc32(crc32_val, h, (unsigned)(header_size - 7)); 1438 if ((crc32_val & 0xffff) != archive_le16dec(rar_header.crc)) { 1439 #ifndef DONT_FAIL_ON_CRC_ERROR 1440 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1441 "Header CRC error"); 1442 return (ARCHIVE_FATAL); 1443 #endif 1444 } 1445 /* If no CRC error, Go on parsing File Header. */ 1446 p = h; 1447 endp = p + header_size - 7; 1448 memcpy(&file_header, p, sizeof(file_header)); 1449 p += sizeof(file_header); 1450 1451 rar->compression_method = file_header.method; 1452 1453 ttime = archive_le32dec(file_header.file_time); 1454 rar->mtime = get_time(ttime); 1455 1456 rar->file_crc = archive_le32dec(file_header.file_crc); 1457 1458 if (rar->file_flags & FHD_PASSWORD) 1459 { 1460 archive_entry_set_is_data_encrypted(entry, 1); 1461 rar->has_encrypted_entries = 1; 1462 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1463 "RAR encryption support unavailable."); 1464 /* Since it is only the data part itself that is encrypted we can at least 1465 extract information about the currently processed entry and don't need 1466 to return ARCHIVE_FATAL here. */ 1467 /*return (ARCHIVE_FATAL);*/ 1468 } 1469 1470 if (rar->file_flags & FHD_LARGE) 1471 { 1472 memcpy(packed_size, file_header.pack_size, 4); 1473 memcpy(packed_size + 4, p, 4); /* High pack size */ 1474 p += 4; 1475 memcpy(unp_size, file_header.unp_size, 4); 1476 memcpy(unp_size + 4, p, 4); /* High unpack size */ 1477 p += 4; 1478 rar->packed_size = archive_le64dec(&packed_size); 1479 rar->unp_size = archive_le64dec(&unp_size); 1480 } 1481 else 1482 { 1483 rar->packed_size = archive_le32dec(file_header.pack_size); 1484 rar->unp_size = archive_le32dec(file_header.unp_size); 1485 } 1486 1487 if (rar->packed_size < 0 || rar->unp_size < 0) 1488 { 1489 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1490 "Invalid sizes specified."); 1491 return (ARCHIVE_FATAL); 1492 } 1493 1494 rar->bytes_remaining = rar->packed_size; 1495 1496 /* TODO: RARv3 subblocks contain comments. For now the complete block is 1497 * consumed at the end. 1498 */ 1499 if (head_type == NEWSUB_HEAD) { 1500 size_t distance = p - (const char *)h; 1501 header_size += rar->packed_size; 1502 /* Make sure we have the extended data. */ 1503 if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL) 1504 return (ARCHIVE_FATAL); 1505 p = h; 1506 endp = p + header_size - 7; 1507 p += distance; 1508 } 1509 1510 filename_size = archive_le16dec(file_header.name_size); 1511 if (p + filename_size > endp) { 1512 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1513 "Invalid filename size"); 1514 return (ARCHIVE_FATAL); 1515 } 1516 if (rar->filename_allocated < filename_size * 2 + 2) { 1517 char *newptr; 1518 size_t newsize = filename_size * 2 + 2; 1519 newptr = realloc(rar->filename, newsize); 1520 if (newptr == NULL) { 1521 archive_set_error(&a->archive, ENOMEM, 1522 "Couldn't allocate memory."); 1523 return (ARCHIVE_FATAL); 1524 } 1525 rar->filename = newptr; 1526 rar->filename_allocated = newsize; 1527 } 1528 filename = rar->filename; 1529 memcpy(filename, p, filename_size); 1530 filename[filename_size] = '\0'; 1531 if (rar->file_flags & FHD_UNICODE) 1532 { 1533 if (filename_size != strlen(filename)) 1534 { 1535 unsigned char highbyte, flagbits, flagbyte; 1536 unsigned fn_end, offset; 1537 1538 end = filename_size; 1539 fn_end = filename_size * 2; 1540 filename_size = 0; 1541 offset = (unsigned)strlen(filename) + 1; 1542 highbyte = *(p + offset++); 1543 flagbits = 0; 1544 flagbyte = 0; 1545 while (offset < end && filename_size < fn_end) 1546 { 1547 if (!flagbits) 1548 { 1549 flagbyte = *(p + offset++); 1550 flagbits = 8; 1551 } 1552 1553 flagbits -= 2; 1554 switch((flagbyte >> flagbits) & 3) 1555 { 1556 case 0: 1557 filename[filename_size++] = '\0'; 1558 filename[filename_size++] = *(p + offset++); 1559 break; 1560 case 1: 1561 filename[filename_size++] = highbyte; 1562 filename[filename_size++] = *(p + offset++); 1563 break; 1564 case 2: 1565 filename[filename_size++] = *(p + offset + 1); 1566 filename[filename_size++] = *(p + offset); 1567 offset += 2; 1568 break; 1569 case 3: 1570 { 1571 char extra, high; 1572 uint8_t length = *(p + offset++); 1573 1574 if (length & 0x80) { 1575 extra = *(p + offset++); 1576 high = (char)highbyte; 1577 } else 1578 extra = high = 0; 1579 length = (length & 0x7f) + 2; 1580 while (length && filename_size < fn_end) { 1581 unsigned cp = filename_size >> 1; 1582 filename[filename_size++] = high; 1583 filename[filename_size++] = p[cp] + extra; 1584 length--; 1585 } 1586 } 1587 break; 1588 } 1589 } 1590 if (filename_size > fn_end) { 1591 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1592 "Invalid filename"); 1593 return (ARCHIVE_FATAL); 1594 } 1595 filename[filename_size++] = '\0'; 1596 /* 1597 * Do not increment filename_size here as the computations below 1598 * add the space for the terminating NUL explicitly. 1599 */ 1600 filename[filename_size] = '\0'; 1601 1602 /* Decoded unicode form is UTF-16BE, so we have to update a string 1603 * conversion object for it. */ 1604 if (rar->sconv_utf16be == NULL) { 1605 rar->sconv_utf16be = archive_string_conversion_from_charset( 1606 &a->archive, "UTF-16BE", 1); 1607 if (rar->sconv_utf16be == NULL) 1608 return (ARCHIVE_FATAL); 1609 } 1610 fn_sconv = rar->sconv_utf16be; 1611 1612 strp = filename; 1613 while (memcmp(strp, "\x00\x00", 2)) 1614 { 1615 if (!memcmp(strp, "\x00\\", 2)) 1616 *(strp + 1) = '/'; 1617 strp += 2; 1618 } 1619 p += offset; 1620 } else { 1621 /* 1622 * If FHD_UNICODE is set but no unicode data, this file name form 1623 * is UTF-8, so we have to update a string conversion object for 1624 * it accordingly. 1625 */ 1626 if (rar->sconv_utf8 == NULL) { 1627 rar->sconv_utf8 = archive_string_conversion_from_charset( 1628 &a->archive, "UTF-8", 1); 1629 if (rar->sconv_utf8 == NULL) 1630 return (ARCHIVE_FATAL); 1631 } 1632 fn_sconv = rar->sconv_utf8; 1633 while ((strp = strchr(filename, '\\')) != NULL) 1634 *strp = '/'; 1635 p += filename_size; 1636 } 1637 } 1638 else 1639 { 1640 fn_sconv = sconv; 1641 while ((strp = strchr(filename, '\\')) != NULL) 1642 *strp = '/'; 1643 p += filename_size; 1644 } 1645 1646 /* Split file in multivolume RAR. No more need to process header. */ 1647 if (rar->filename_save && 1648 filename_size == rar->filename_save_size && 1649 !memcmp(rar->filename, rar->filename_save, filename_size + 1)) 1650 { 1651 __archive_read_consume(a, header_size - 7); 1652 rar->cursor++; 1653 if (rar->cursor >= rar->nodes) 1654 { 1655 rar->nodes++; 1656 if ((rar->dbo = 1657 realloc(rar->dbo, sizeof(*rar->dbo) * rar->nodes)) == NULL) 1658 { 1659 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory."); 1660 return (ARCHIVE_FATAL); 1661 } 1662 rar->dbo[rar->cursor].header_size = header_size; 1663 rar->dbo[rar->cursor].start_offset = -1; 1664 rar->dbo[rar->cursor].end_offset = -1; 1665 } 1666 if (rar->dbo[rar->cursor].start_offset < 0) 1667 { 1668 rar->dbo[rar->cursor].start_offset = a->filter->position; 1669 rar->dbo[rar->cursor].end_offset = rar->dbo[rar->cursor].start_offset + 1670 rar->packed_size; 1671 } 1672 return ret; 1673 } 1674 else if (rar->filename_must_match) 1675 { 1676 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1677 "Mismatch of file parts split across multi-volume archive"); 1678 return (ARCHIVE_FATAL); 1679 } 1680 1681 rar->filename_save = (char*)realloc(rar->filename_save, 1682 filename_size + 1); 1683 memcpy(rar->filename_save, rar->filename, filename_size + 1); 1684 rar->filename_save_size = filename_size; 1685 1686 /* Set info for seeking */ 1687 free(rar->dbo); 1688 if ((rar->dbo = calloc(1, sizeof(*rar->dbo))) == NULL) 1689 { 1690 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory."); 1691 return (ARCHIVE_FATAL); 1692 } 1693 rar->dbo[0].header_size = header_size; 1694 rar->dbo[0].start_offset = -1; 1695 rar->dbo[0].end_offset = -1; 1696 rar->cursor = 0; 1697 rar->nodes = 1; 1698 1699 if (rar->file_flags & FHD_SALT) 1700 { 1701 if (p + 8 > endp) { 1702 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1703 "Invalid header size"); 1704 return (ARCHIVE_FATAL); 1705 } 1706 memcpy(rar->salt, p, 8); 1707 p += 8; 1708 } 1709 1710 if (rar->file_flags & FHD_EXTTIME) { 1711 if (read_exttime(p, rar, endp) < 0) { 1712 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1713 "Invalid header size"); 1714 return (ARCHIVE_FATAL); 1715 } 1716 } 1717 1718 __archive_read_consume(a, header_size - 7); 1719 rar->dbo[0].start_offset = a->filter->position; 1720 rar->dbo[0].end_offset = rar->dbo[0].start_offset + rar->packed_size; 1721 1722 switch(file_header.host_os) 1723 { 1724 case OS_MSDOS: 1725 case OS_OS2: 1726 case OS_WIN32: 1727 rar->mode = archive_le32dec(file_header.file_attr); 1728 if (rar->mode & FILE_ATTRIBUTE_DIRECTORY) 1729 rar->mode = AE_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH; 1730 else 1731 rar->mode = AE_IFREG; 1732 rar->mode |= S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH; 1733 break; 1734 1735 case OS_UNIX: 1736 case OS_MAC_OS: 1737 case OS_BEOS: 1738 rar->mode = archive_le32dec(file_header.file_attr); 1739 break; 1740 1741 default: 1742 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1743 "Unknown file attributes from RAR file's host OS"); 1744 return (ARCHIVE_FATAL); 1745 } 1746 1747 rar->bytes_uncopied = rar->bytes_unconsumed = 0; 1748 rar->lzss.position = rar->offset = 0; 1749 rar->offset_seek = 0; 1750 rar->dictionary_size = 0; 1751 rar->offset_outgoing = 0; 1752 rar->br.cache_avail = 0; 1753 rar->br.avail_in = 0; 1754 rar->crc_calculated = 0; 1755 rar->entry_eof = 0; 1756 rar->valid = 1; 1757 rar->is_ppmd_block = 0; 1758 rar->start_new_table = 1; 1759 free(rar->unp_buffer); 1760 rar->unp_buffer = NULL; 1761 rar->unp_offset = 0; 1762 rar->unp_buffer_size = UNP_BUFFER_SIZE; 1763 memset(rar->lengthtable, 0, sizeof(rar->lengthtable)); 1764 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); 1765 rar->ppmd_valid = rar->ppmd_eod = 0; 1766 rar->filters.filterstart = INT64_MAX; 1767 1768 /* Don't set any archive entries for non-file header types */ 1769 if (head_type == NEWSUB_HEAD) 1770 return ret; 1771 1772 archive_entry_set_mtime(entry, rar->mtime, rar->mnsec); 1773 archive_entry_set_ctime(entry, rar->ctime, rar->cnsec); 1774 archive_entry_set_atime(entry, rar->atime, rar->ansec); 1775 archive_entry_set_size(entry, rar->unp_size); 1776 archive_entry_set_mode(entry, rar->mode); 1777 1778 if (archive_entry_copy_pathname_l(entry, filename, filename_size, fn_sconv)) 1779 { 1780 if (errno == ENOMEM) 1781 { 1782 archive_set_error(&a->archive, ENOMEM, 1783 "Can't allocate memory for Pathname"); 1784 return (ARCHIVE_FATAL); 1785 } 1786 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1787 "Pathname cannot be converted from %s to current locale.", 1788 archive_string_conversion_charset_name(fn_sconv)); 1789 ret = (ARCHIVE_WARN); 1790 } 1791 1792 if (((rar->mode) & AE_IFMT) == AE_IFLNK) 1793 { 1794 /* Make sure a symbolic-link file does not have its body. */ 1795 rar->bytes_remaining = 0; 1796 archive_entry_set_size(entry, 0); 1797 1798 /* Read a symbolic-link name. */ 1799 if ((ret2 = read_symlink_stored(a, entry, sconv)) < (ARCHIVE_WARN)) 1800 return ret2; 1801 if (ret > ret2) 1802 ret = ret2; 1803 } 1804 1805 if (rar->bytes_remaining == 0) 1806 rar->entry_eof = 1; 1807 1808 return ret; 1809 } 1810 1811 static time_t 1812 get_time(int ttime) 1813 { 1814 struct tm tm; 1815 tm.tm_sec = 2 * (ttime & 0x1f); 1816 tm.tm_min = (ttime >> 5) & 0x3f; 1817 tm.tm_hour = (ttime >> 11) & 0x1f; 1818 tm.tm_mday = (ttime >> 16) & 0x1f; 1819 tm.tm_mon = ((ttime >> 21) & 0x0f) - 1; 1820 tm.tm_year = ((ttime >> 25) & 0x7f) + 80; 1821 tm.tm_isdst = -1; 1822 return mktime(&tm); 1823 } 1824 1825 static int 1826 read_exttime(const char *p, struct rar *rar, const char *endp) 1827 { 1828 unsigned rmode, flags, rem, j, count; 1829 int ttime, i; 1830 struct tm *tm; 1831 time_t t; 1832 long nsec; 1833 #if defined(HAVE_LOCALTIME_R) || defined(HAVE__LOCALTIME64_S) 1834 struct tm tmbuf; 1835 #endif 1836 #if defined(HAVE__LOCALTIME64_S) 1837 errno_t terr; 1838 __time64_t tmptime; 1839 #endif 1840 1841 if (p + 2 > endp) 1842 return (-1); 1843 flags = archive_le16dec(p); 1844 p += 2; 1845 1846 for (i = 3; i >= 0; i--) 1847 { 1848 t = 0; 1849 if (i == 3) 1850 t = rar->mtime; 1851 rmode = flags >> i * 4; 1852 if (rmode & 8) 1853 { 1854 if (!t) 1855 { 1856 if (p + 4 > endp) 1857 return (-1); 1858 ttime = archive_le32dec(p); 1859 t = get_time(ttime); 1860 p += 4; 1861 } 1862 rem = 0; 1863 count = rmode & 3; 1864 if (p + count > endp) 1865 return (-1); 1866 for (j = 0; j < count; j++) 1867 { 1868 rem = (((unsigned)(unsigned char)*p) << 16) | (rem >> 8); 1869 p++; 1870 } 1871 #if defined(HAVE_LOCALTIME_R) 1872 tm = localtime_r(&t, &tmbuf); 1873 #elif defined(HAVE__LOCALTIME64_S) 1874 tmptime = t; 1875 terr = _localtime64_s(&tmbuf, &tmptime); 1876 if (terr) 1877 tm = NULL; 1878 else 1879 tm = &tmbuf; 1880 #else 1881 tm = localtime(&t); 1882 #endif 1883 nsec = tm->tm_sec + rem / NS_UNIT; 1884 if (rmode & 4) 1885 { 1886 tm->tm_sec++; 1887 t = mktime(tm); 1888 } 1889 if (i == 3) 1890 { 1891 rar->mtime = t; 1892 rar->mnsec = nsec; 1893 } 1894 else if (i == 2) 1895 { 1896 rar->ctime = t; 1897 rar->cnsec = nsec; 1898 } 1899 else if (i == 1) 1900 { 1901 rar->atime = t; 1902 rar->ansec = nsec; 1903 } 1904 else 1905 { 1906 rar->arctime = t; 1907 rar->arcnsec = nsec; 1908 } 1909 } 1910 } 1911 return (0); 1912 } 1913 1914 static int 1915 read_symlink_stored(struct archive_read *a, struct archive_entry *entry, 1916 struct archive_string_conv *sconv) 1917 { 1918 const void *h; 1919 const char *p; 1920 struct rar *rar; 1921 int ret = (ARCHIVE_OK); 1922 1923 rar = (struct rar *)(a->format->data); 1924 if ((h = rar_read_ahead(a, (size_t)rar->packed_size, NULL)) == NULL) 1925 return (ARCHIVE_FATAL); 1926 p = h; 1927 1928 if (archive_entry_copy_symlink_l(entry, 1929 p, (size_t)rar->packed_size, sconv)) 1930 { 1931 if (errno == ENOMEM) 1932 { 1933 archive_set_error(&a->archive, ENOMEM, 1934 "Can't allocate memory for link"); 1935 return (ARCHIVE_FATAL); 1936 } 1937 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1938 "link cannot be converted from %s to current locale.", 1939 archive_string_conversion_charset_name(sconv)); 1940 ret = (ARCHIVE_WARN); 1941 } 1942 __archive_read_consume(a, rar->packed_size); 1943 return ret; 1944 } 1945 1946 static int 1947 read_data_stored(struct archive_read *a, const void **buff, size_t *size, 1948 int64_t *offset) 1949 { 1950 struct rar *rar; 1951 ssize_t bytes_avail; 1952 1953 rar = (struct rar *)(a->format->data); 1954 if (rar->bytes_remaining == 0 && 1955 !(rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER)) 1956 { 1957 *buff = NULL; 1958 *size = 0; 1959 *offset = rar->offset; 1960 if (rar->file_crc != rar->crc_calculated) { 1961 #ifndef DONT_FAIL_ON_CRC_ERROR 1962 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1963 "File CRC error"); 1964 return (ARCHIVE_FATAL); 1965 #endif 1966 } 1967 rar->entry_eof = 1; 1968 return (ARCHIVE_EOF); 1969 } 1970 1971 *buff = rar_read_ahead(a, 1, &bytes_avail); 1972 if (bytes_avail <= 0) 1973 { 1974 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 1975 "Truncated RAR file data"); 1976 return (ARCHIVE_FATAL); 1977 } 1978 1979 *size = bytes_avail; 1980 *offset = rar->offset; 1981 rar->offset += bytes_avail; 1982 rar->offset_seek += bytes_avail; 1983 rar->bytes_remaining -= bytes_avail; 1984 rar->bytes_unconsumed = bytes_avail; 1985 /* Calculate File CRC. */ 1986 rar->crc_calculated = crc32(rar->crc_calculated, *buff, 1987 (unsigned)bytes_avail); 1988 return (ARCHIVE_OK); 1989 } 1990 1991 static int 1992 read_data_compressed(struct archive_read *a, const void **buff, size_t *size, 1993 int64_t *offset, size_t looper) 1994 { 1995 if (looper++ > MAX_COMPRESS_DEPTH) 1996 return (ARCHIVE_FATAL); 1997 1998 struct rar *rar; 1999 int64_t start, end; 2000 size_t bs; 2001 int ret = (ARCHIVE_OK), sym, code, lzss_offset, length, i; 2002 2003 rar = (struct rar *)(a->format->data); 2004 2005 do { 2006 if (!rar->valid) 2007 return (ARCHIVE_FATAL); 2008 2009 if (rar->filters.bytes_ready > 0) 2010 { 2011 /* Flush unp_buffer first */ 2012 if (rar->unp_offset > 0) 2013 { 2014 *buff = rar->unp_buffer; 2015 *size = rar->unp_offset; 2016 rar->unp_offset = 0; 2017 *offset = rar->offset_outgoing; 2018 rar->offset_outgoing += *size; 2019 } 2020 else 2021 { 2022 *buff = rar->filters.bytes; 2023 *size = rar->filters.bytes_ready; 2024 2025 rar->offset += *size; 2026 *offset = rar->offset_outgoing; 2027 rar->offset_outgoing += *size; 2028 2029 rar->filters.bytes_ready -= *size; 2030 rar->filters.bytes += *size; 2031 } 2032 goto ending_block; 2033 } 2034 2035 if (rar->ppmd_eod || 2036 (rar->dictionary_size && rar->offset >= rar->unp_size)) 2037 { 2038 if (rar->unp_offset > 0) { 2039 /* 2040 * We have unprocessed extracted data. write it out. 2041 */ 2042 *buff = rar->unp_buffer; 2043 *size = rar->unp_offset; 2044 *offset = rar->offset_outgoing; 2045 rar->offset_outgoing += *size; 2046 /* Calculate File CRC. */ 2047 rar->crc_calculated = crc32(rar->crc_calculated, *buff, 2048 (unsigned)*size); 2049 rar->unp_offset = 0; 2050 return (ARCHIVE_OK); 2051 } 2052 *buff = NULL; 2053 *size = 0; 2054 *offset = rar->offset; 2055 if (rar->file_crc != rar->crc_calculated) { 2056 #ifndef DONT_FAIL_ON_CRC_ERROR 2057 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2058 "File CRC error"); 2059 return (ARCHIVE_FATAL); 2060 #endif 2061 } 2062 rar->entry_eof = 1; 2063 return (ARCHIVE_EOF); 2064 } 2065 2066 if (!rar->is_ppmd_block && rar->dictionary_size && rar->bytes_uncopied > 0) 2067 { 2068 if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset)) 2069 bs = rar->unp_buffer_size - rar->unp_offset; 2070 else 2071 bs = (size_t)rar->bytes_uncopied; 2072 ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs); 2073 if (ret != ARCHIVE_OK) 2074 return (ret); 2075 rar->offset += bs; 2076 rar->bytes_uncopied -= bs; 2077 if (*buff != NULL) { 2078 rar->unp_offset = 0; 2079 *size = rar->unp_buffer_size; 2080 *offset = rar->offset_outgoing; 2081 rar->offset_outgoing += *size; 2082 /* Calculate File CRC. */ 2083 rar->crc_calculated = crc32(rar->crc_calculated, *buff, 2084 (unsigned)*size); 2085 return (ret); 2086 } 2087 continue; 2088 } 2089 2090 if (rar->filters.lastend == rar->filters.filterstart) 2091 { 2092 if (!run_filters(a)) 2093 return (ARCHIVE_FATAL); 2094 continue; 2095 } 2096 2097 if (!rar->br.next_in && 2098 (ret = rar_br_preparation(a, &(rar->br))) < ARCHIVE_WARN) 2099 return (ret); 2100 if (rar->start_new_table && ((ret = parse_codes(a)) < (ARCHIVE_WARN))) 2101 return (ret); 2102 2103 if (rar->is_ppmd_block) 2104 { 2105 if ((sym = __archive_ppmd7_functions.Ppmd7_DecodeSymbol( 2106 &rar->ppmd7_context, &rar->range_dec.p)) < 0) 2107 { 2108 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2109 "Invalid symbol"); 2110 return (ARCHIVE_FATAL); 2111 } 2112 if(sym != rar->ppmd_escape) 2113 { 2114 lzss_emit_literal(rar, sym); 2115 rar->bytes_uncopied++; 2116 } 2117 else 2118 { 2119 if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol( 2120 &rar->ppmd7_context, &rar->range_dec.p)) < 0) 2121 { 2122 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2123 "Invalid symbol"); 2124 return (ARCHIVE_FATAL); 2125 } 2126 2127 switch(code) 2128 { 2129 case 0: 2130 rar->start_new_table = 1; 2131 return read_data_compressed(a, buff, size, offset, looper); 2132 2133 case 2: 2134 rar->ppmd_eod = 1;/* End Of ppmd Data. */ 2135 continue; 2136 2137 case 3: 2138 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 2139 "Parsing filters is unsupported."); 2140 return (ARCHIVE_FAILED); 2141 2142 case 4: 2143 lzss_offset = 0; 2144 for (i = 2; i >= 0; i--) 2145 { 2146 if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol( 2147 &rar->ppmd7_context, &rar->range_dec.p)) < 0) 2148 { 2149 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2150 "Invalid symbol"); 2151 return (ARCHIVE_FATAL); 2152 } 2153 lzss_offset |= code << (i * 8); 2154 } 2155 if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol( 2156 &rar->ppmd7_context, &rar->range_dec.p)) < 0) 2157 { 2158 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2159 "Invalid symbol"); 2160 return (ARCHIVE_FATAL); 2161 } 2162 lzss_emit_match(rar, lzss_offset + 2, length + 32); 2163 rar->bytes_uncopied += length + 32; 2164 break; 2165 2166 case 5: 2167 if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol( 2168 &rar->ppmd7_context, &rar->range_dec.p)) < 0) 2169 { 2170 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2171 "Invalid symbol"); 2172 return (ARCHIVE_FATAL); 2173 } 2174 lzss_emit_match(rar, 1, length + 4); 2175 rar->bytes_uncopied += length + 4; 2176 break; 2177 2178 default: 2179 lzss_emit_literal(rar, sym); 2180 rar->bytes_uncopied++; 2181 } 2182 } 2183 } 2184 else 2185 { 2186 start = rar->offset; 2187 end = start + rar->dictionary_size; 2188 if (rar->filters.filterstart < end) { 2189 end = rar->filters.filterstart; 2190 } 2191 2192 ret = expand(a, &end); 2193 if (ret != ARCHIVE_OK) 2194 return (ret); 2195 2196 rar->bytes_uncopied = end - start; 2197 rar->filters.lastend = end; 2198 if (rar->filters.lastend != rar->filters.filterstart && rar->bytes_uncopied == 0) { 2199 /* Broken RAR files cause this case. 2200 * NOTE: If this case were possible on a normal RAR file 2201 * we would find out where it was actually bad and 2202 * what we would do to solve it. */ 2203 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2204 "Internal error extracting RAR file"); 2205 return (ARCHIVE_FATAL); 2206 } 2207 } 2208 if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset)) 2209 bs = rar->unp_buffer_size - rar->unp_offset; 2210 else 2211 bs = (size_t)rar->bytes_uncopied; 2212 ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs); 2213 if (ret != ARCHIVE_OK) 2214 return (ret); 2215 rar->offset += bs; 2216 rar->bytes_uncopied -= bs; 2217 /* 2218 * If *buff is NULL, it means unp_buffer is not full. 2219 * So we have to continue extracting a RAR file. 2220 */ 2221 } while (*buff == NULL); 2222 2223 rar->unp_offset = 0; 2224 *size = rar->unp_buffer_size; 2225 *offset = rar->offset_outgoing; 2226 rar->offset_outgoing += *size; 2227 ending_block: 2228 /* Calculate File CRC. */ 2229 rar->crc_calculated = crc32(rar->crc_calculated, *buff, (unsigned)*size); 2230 return ret; 2231 } 2232 2233 static int 2234 parse_codes(struct archive_read *a) 2235 { 2236 int i, j, val, n, r; 2237 unsigned char bitlengths[MAX_SYMBOLS], zerocount, ppmd_flags; 2238 unsigned int maxorder; 2239 struct huffman_code precode; 2240 struct rar *rar = (struct rar *)(a->format->data); 2241 struct rar_br *br = &(rar->br); 2242 2243 free_codes(a); 2244 2245 /* Skip to the next byte */ 2246 rar_br_consume_unalined_bits(br); 2247 2248 /* PPMd block flag */ 2249 if (!rar_br_read_ahead(a, br, 1)) 2250 goto truncated_data; 2251 if ((rar->is_ppmd_block = rar_br_bits(br, 1)) != 0) 2252 { 2253 rar_br_consume(br, 1); 2254 if (!rar_br_read_ahead(a, br, 7)) 2255 goto truncated_data; 2256 ppmd_flags = rar_br_bits(br, 7); 2257 rar_br_consume(br, 7); 2258 2259 /* Memory is allocated in MB */ 2260 if (ppmd_flags & 0x20) 2261 { 2262 if (!rar_br_read_ahead(a, br, 8)) 2263 goto truncated_data; 2264 rar->dictionary_size = (rar_br_bits(br, 8) + 1) << 20; 2265 rar_br_consume(br, 8); 2266 } 2267 2268 if (ppmd_flags & 0x40) 2269 { 2270 if (!rar_br_read_ahead(a, br, 8)) 2271 goto truncated_data; 2272 rar->ppmd_escape = rar->ppmd7_context.InitEsc = rar_br_bits(br, 8); 2273 rar_br_consume(br, 8); 2274 } 2275 else 2276 rar->ppmd_escape = 2; 2277 2278 if (ppmd_flags & 0x20) 2279 { 2280 maxorder = (ppmd_flags & 0x1F) + 1; 2281 if(maxorder > 16) 2282 maxorder = 16 + (maxorder - 16) * 3; 2283 2284 if (maxorder == 1) 2285 { 2286 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2287 "Truncated RAR file data"); 2288 return (ARCHIVE_FATAL); 2289 } 2290 2291 /* Make sure ppmd7_contest is freed before Ppmd7_Construct 2292 * because reading a broken file cause this abnormal sequence. */ 2293 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context); 2294 2295 rar->bytein.a = a; 2296 rar->bytein.Read = &ppmd_read; 2297 __archive_ppmd7_functions.PpmdRAR_RangeDec_CreateVTable(&rar->range_dec); 2298 rar->range_dec.Stream = &rar->bytein; 2299 __archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context); 2300 2301 if (rar->dictionary_size == 0) { 2302 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2303 "Invalid zero dictionary size"); 2304 return (ARCHIVE_FATAL); 2305 } 2306 2307 if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context, 2308 rar->dictionary_size)) 2309 { 2310 archive_set_error(&a->archive, ENOMEM, 2311 "Out of memory"); 2312 return (ARCHIVE_FATAL); 2313 } 2314 if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec)) 2315 { 2316 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2317 "Unable to initialize PPMd range decoder"); 2318 return (ARCHIVE_FATAL); 2319 } 2320 __archive_ppmd7_functions.Ppmd7_Init(&rar->ppmd7_context, maxorder); 2321 rar->ppmd_valid = 1; 2322 } 2323 else 2324 { 2325 if (!rar->ppmd_valid) { 2326 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2327 "Invalid PPMd sequence"); 2328 return (ARCHIVE_FATAL); 2329 } 2330 if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec)) 2331 { 2332 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2333 "Unable to initialize PPMd range decoder"); 2334 return (ARCHIVE_FATAL); 2335 } 2336 } 2337 } 2338 else 2339 { 2340 rar_br_consume(br, 1); 2341 2342 /* Keep existing table flag */ 2343 if (!rar_br_read_ahead(a, br, 1)) 2344 goto truncated_data; 2345 if (!rar_br_bits(br, 1)) 2346 memset(rar->lengthtable, 0, sizeof(rar->lengthtable)); 2347 rar_br_consume(br, 1); 2348 2349 memset(&bitlengths, 0, sizeof(bitlengths)); 2350 for (i = 0; i < MAX_SYMBOLS;) 2351 { 2352 if (!rar_br_read_ahead(a, br, 4)) 2353 goto truncated_data; 2354 bitlengths[i++] = rar_br_bits(br, 4); 2355 rar_br_consume(br, 4); 2356 if (bitlengths[i-1] == 0xF) 2357 { 2358 if (!rar_br_read_ahead(a, br, 4)) 2359 goto truncated_data; 2360 zerocount = rar_br_bits(br, 4); 2361 rar_br_consume(br, 4); 2362 if (zerocount) 2363 { 2364 i--; 2365 for (j = 0; j < zerocount + 2 && i < MAX_SYMBOLS; j++) 2366 bitlengths[i++] = 0; 2367 } 2368 } 2369 } 2370 2371 memset(&precode, 0, sizeof(precode)); 2372 r = create_code(a, &precode, bitlengths, MAX_SYMBOLS, MAX_SYMBOL_LENGTH); 2373 if (r != ARCHIVE_OK) { 2374 free(precode.tree); 2375 free(precode.table); 2376 return (r); 2377 } 2378 2379 for (i = 0; i < HUFFMAN_TABLE_SIZE;) 2380 { 2381 if ((val = read_next_symbol(a, &precode)) < 0) { 2382 free(precode.tree); 2383 free(precode.table); 2384 return (ARCHIVE_FATAL); 2385 } 2386 if (val < 16) 2387 { 2388 rar->lengthtable[i] = (rar->lengthtable[i] + val) & 0xF; 2389 i++; 2390 } 2391 else if (val < 18) 2392 { 2393 if (i == 0) 2394 { 2395 free(precode.tree); 2396 free(precode.table); 2397 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2398 "Internal error extracting RAR file."); 2399 return (ARCHIVE_FATAL); 2400 } 2401 2402 if(val == 16) { 2403 if (!rar_br_read_ahead(a, br, 3)) { 2404 free(precode.tree); 2405 free(precode.table); 2406 goto truncated_data; 2407 } 2408 n = rar_br_bits(br, 3) + 3; 2409 rar_br_consume(br, 3); 2410 } else { 2411 if (!rar_br_read_ahead(a, br, 7)) { 2412 free(precode.tree); 2413 free(precode.table); 2414 goto truncated_data; 2415 } 2416 n = rar_br_bits(br, 7) + 11; 2417 rar_br_consume(br, 7); 2418 } 2419 2420 for (j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++) 2421 { 2422 rar->lengthtable[i] = rar->lengthtable[i-1]; 2423 i++; 2424 } 2425 } 2426 else 2427 { 2428 if(val == 18) { 2429 if (!rar_br_read_ahead(a, br, 3)) { 2430 free(precode.tree); 2431 free(precode.table); 2432 goto truncated_data; 2433 } 2434 n = rar_br_bits(br, 3) + 3; 2435 rar_br_consume(br, 3); 2436 } else { 2437 if (!rar_br_read_ahead(a, br, 7)) { 2438 free(precode.tree); 2439 free(precode.table); 2440 goto truncated_data; 2441 } 2442 n = rar_br_bits(br, 7) + 11; 2443 rar_br_consume(br, 7); 2444 } 2445 2446 for(j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++) 2447 rar->lengthtable[i++] = 0; 2448 } 2449 } 2450 free(precode.tree); 2451 free(precode.table); 2452 2453 r = create_code(a, &rar->maincode, &rar->lengthtable[0], MAINCODE_SIZE, 2454 MAX_SYMBOL_LENGTH); 2455 if (r != ARCHIVE_OK) 2456 return (r); 2457 r = create_code(a, &rar->offsetcode, &rar->lengthtable[MAINCODE_SIZE], 2458 OFFSETCODE_SIZE, MAX_SYMBOL_LENGTH); 2459 if (r != ARCHIVE_OK) 2460 return (r); 2461 r = create_code(a, &rar->lowoffsetcode, 2462 &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE], 2463 LOWOFFSETCODE_SIZE, MAX_SYMBOL_LENGTH); 2464 if (r != ARCHIVE_OK) 2465 return (r); 2466 r = create_code(a, &rar->lengthcode, 2467 &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE + 2468 LOWOFFSETCODE_SIZE], LENGTHCODE_SIZE, MAX_SYMBOL_LENGTH); 2469 if (r != ARCHIVE_OK) 2470 return (r); 2471 } 2472 2473 if (!rar->dictionary_size || !rar->lzss.window) 2474 { 2475 /* Seems as though dictionary sizes are not used. Even so, minimize 2476 * memory usage as much as possible. 2477 */ 2478 void *new_window; 2479 unsigned int new_size; 2480 2481 if (rar->unp_size >= DICTIONARY_MAX_SIZE) 2482 new_size = DICTIONARY_MAX_SIZE; 2483 else 2484 new_size = rar_fls((unsigned int)rar->unp_size) << 1; 2485 if (new_size == 0) { 2486 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2487 "Zero window size is invalid."); 2488 return (ARCHIVE_FATAL); 2489 } 2490 new_window = realloc(rar->lzss.window, new_size); 2491 if (new_window == NULL) { 2492 archive_set_error(&a->archive, ENOMEM, 2493 "Unable to allocate memory for uncompressed data."); 2494 return (ARCHIVE_FATAL); 2495 } 2496 rar->lzss.window = (unsigned char *)new_window; 2497 rar->dictionary_size = new_size; 2498 memset(rar->lzss.window, 0, rar->dictionary_size); 2499 rar->lzss.mask = rar->dictionary_size - 1; 2500 } 2501 2502 rar->start_new_table = 0; 2503 return (ARCHIVE_OK); 2504 truncated_data: 2505 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2506 "Truncated RAR file data"); 2507 rar->valid = 0; 2508 return (ARCHIVE_FATAL); 2509 } 2510 2511 static void 2512 free_codes(struct archive_read *a) 2513 { 2514 struct rar *rar = (struct rar *)(a->format->data); 2515 free(rar->maincode.tree); 2516 free(rar->offsetcode.tree); 2517 free(rar->lowoffsetcode.tree); 2518 free(rar->lengthcode.tree); 2519 free(rar->maincode.table); 2520 free(rar->offsetcode.table); 2521 free(rar->lowoffsetcode.table); 2522 free(rar->lengthcode.table); 2523 memset(&rar->maincode, 0, sizeof(rar->maincode)); 2524 memset(&rar->offsetcode, 0, sizeof(rar->offsetcode)); 2525 memset(&rar->lowoffsetcode, 0, sizeof(rar->lowoffsetcode)); 2526 memset(&rar->lengthcode, 0, sizeof(rar->lengthcode)); 2527 } 2528 2529 2530 static int 2531 read_next_symbol(struct archive_read *a, struct huffman_code *code) 2532 { 2533 unsigned char bit; 2534 unsigned int bits; 2535 int length, value, node; 2536 struct rar *rar; 2537 struct rar_br *br; 2538 2539 if (!code->table) 2540 { 2541 if (make_table(a, code) != (ARCHIVE_OK)) 2542 return -1; 2543 } 2544 2545 rar = (struct rar *)(a->format->data); 2546 br = &(rar->br); 2547 2548 /* Look ahead (peek) at bits */ 2549 if (!rar_br_read_ahead(a, br, code->tablesize)) { 2550 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2551 "Truncated RAR file data"); 2552 rar->valid = 0; 2553 return -1; 2554 } 2555 bits = rar_br_bits(br, code->tablesize); 2556 2557 length = code->table[bits].length; 2558 value = code->table[bits].value; 2559 2560 if (length < 0) 2561 { 2562 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2563 "Invalid prefix code in bitstream"); 2564 return -1; 2565 } 2566 2567 if (length <= code->tablesize) 2568 { 2569 /* Skip length bits */ 2570 rar_br_consume(br, length); 2571 return value; 2572 } 2573 2574 /* Skip tablesize bits */ 2575 rar_br_consume(br, code->tablesize); 2576 2577 node = value; 2578 while (!(code->tree[node].branches[0] == 2579 code->tree[node].branches[1])) 2580 { 2581 if (!rar_br_read_ahead(a, br, 1)) { 2582 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2583 "Truncated RAR file data"); 2584 rar->valid = 0; 2585 return -1; 2586 } 2587 bit = rar_br_bits(br, 1); 2588 rar_br_consume(br, 1); 2589 2590 if (code->tree[node].branches[bit] < 0) 2591 { 2592 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2593 "Invalid prefix code in bitstream"); 2594 return -1; 2595 } 2596 node = code->tree[node].branches[bit]; 2597 } 2598 2599 return code->tree[node].branches[0]; 2600 } 2601 2602 static int 2603 create_code(struct archive_read *a, struct huffman_code *code, 2604 unsigned char *lengths, int numsymbols, char maxlength) 2605 { 2606 int i, j, codebits = 0, symbolsleft = numsymbols; 2607 2608 code->numentries = 0; 2609 code->numallocatedentries = 0; 2610 if (new_node(code) < 0) { 2611 archive_set_error(&a->archive, ENOMEM, 2612 "Unable to allocate memory for node data."); 2613 return (ARCHIVE_FATAL); 2614 } 2615 code->numentries = 1; 2616 code->minlength = INT_MAX; 2617 code->maxlength = INT_MIN; 2618 codebits = 0; 2619 for(i = 1; i <= maxlength; i++) 2620 { 2621 for(j = 0; j < numsymbols; j++) 2622 { 2623 if (lengths[j] != i) continue; 2624 if (add_value(a, code, j, codebits, i) != ARCHIVE_OK) 2625 return (ARCHIVE_FATAL); 2626 codebits++; 2627 if (--symbolsleft <= 0) 2628 break; 2629 } 2630 if (symbolsleft <= 0) 2631 break; 2632 codebits <<= 1; 2633 } 2634 return (ARCHIVE_OK); 2635 } 2636 2637 static int 2638 add_value(struct archive_read *a, struct huffman_code *code, int value, 2639 int codebits, int length) 2640 { 2641 int lastnode, bitpos, bit; 2642 /* int repeatpos, repeatnode, nextnode; */ 2643 2644 free(code->table); 2645 code->table = NULL; 2646 2647 if(length > code->maxlength) 2648 code->maxlength = length; 2649 if(length < code->minlength) 2650 code->minlength = length; 2651 2652 /* 2653 * Dead code, repeatpos was is -1 2654 * 2655 repeatpos = -1; 2656 if (repeatpos == 0 || (repeatpos >= 0 2657 && (((codebits >> (repeatpos - 1)) & 3) == 0 2658 || ((codebits >> (repeatpos - 1)) & 3) == 3))) 2659 { 2660 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2661 "Invalid repeat position"); 2662 return (ARCHIVE_FATAL); 2663 } 2664 */ 2665 2666 lastnode = 0; 2667 for (bitpos = length - 1; bitpos >= 0; bitpos--) 2668 { 2669 bit = (codebits >> bitpos) & 1; 2670 2671 /* Leaf node check */ 2672 if (code->tree[lastnode].branches[0] == 2673 code->tree[lastnode].branches[1]) 2674 { 2675 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2676 "Prefix found"); 2677 return (ARCHIVE_FATAL); 2678 } 2679 2680 /* 2681 * Dead code, repeatpos was -1, bitpos >=0 2682 * 2683 if (bitpos == repeatpos) 2684 { 2685 * Open branch check * 2686 if (!(code->tree[lastnode].branches[bit] < 0)) 2687 { 2688 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2689 "Invalid repeating code"); 2690 return (ARCHIVE_FATAL); 2691 } 2692 2693 if ((repeatnode = new_node(code)) < 0) { 2694 archive_set_error(&a->archive, ENOMEM, 2695 "Unable to allocate memory for node data."); 2696 return (ARCHIVE_FATAL); 2697 } 2698 if ((nextnode = new_node(code)) < 0) { 2699 archive_set_error(&a->archive, ENOMEM, 2700 "Unable to allocate memory for node data."); 2701 return (ARCHIVE_FATAL); 2702 } 2703 2704 * Set branches * 2705 code->tree[lastnode].branches[bit] = repeatnode; 2706 code->tree[repeatnode].branches[bit] = repeatnode; 2707 code->tree[repeatnode].branches[bit^1] = nextnode; 2708 lastnode = nextnode; 2709 2710 bitpos++; * terminating bit already handled, skip it * 2711 } 2712 else 2713 { 2714 */ 2715 /* Open branch check */ 2716 if (code->tree[lastnode].branches[bit] < 0) 2717 { 2718 if (new_node(code) < 0) { 2719 archive_set_error(&a->archive, ENOMEM, 2720 "Unable to allocate memory for node data."); 2721 return (ARCHIVE_FATAL); 2722 } 2723 code->tree[lastnode].branches[bit] = code->numentries++; 2724 } 2725 2726 /* set to branch */ 2727 lastnode = code->tree[lastnode].branches[bit]; 2728 /* } */ 2729 } 2730 2731 if (!(code->tree[lastnode].branches[0] == -1 2732 && code->tree[lastnode].branches[1] == -2)) 2733 { 2734 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2735 "Prefix found"); 2736 return (ARCHIVE_FATAL); 2737 } 2738 2739 /* Set leaf value */ 2740 code->tree[lastnode].branches[0] = value; 2741 code->tree[lastnode].branches[1] = value; 2742 2743 return (ARCHIVE_OK); 2744 } 2745 2746 static int 2747 new_node(struct huffman_code *code) 2748 { 2749 void *new_tree; 2750 if (code->numallocatedentries == code->numentries) { 2751 int new_num_entries = 256; 2752 if (code->numentries > 0) { 2753 new_num_entries = code->numentries * 2; 2754 } 2755 new_tree = realloc(code->tree, new_num_entries * sizeof(*code->tree)); 2756 if (new_tree == NULL) 2757 return (-1); 2758 code->tree = (struct huffman_tree_node *)new_tree; 2759 code->numallocatedentries = new_num_entries; 2760 } 2761 code->tree[code->numentries].branches[0] = -1; 2762 code->tree[code->numentries].branches[1] = -2; 2763 return 1; 2764 } 2765 2766 static int 2767 make_table(struct archive_read *a, struct huffman_code *code) 2768 { 2769 if (code->maxlength < code->minlength || code->maxlength > 10) 2770 code->tablesize = 10; 2771 else 2772 code->tablesize = code->maxlength; 2773 2774 code->table = 2775 (struct huffman_table_entry *)calloc(1, sizeof(*code->table) 2776 * ((size_t)1 << code->tablesize)); 2777 2778 return make_table_recurse(a, code, 0, code->table, 0, code->tablesize); 2779 } 2780 2781 static int 2782 make_table_recurse(struct archive_read *a, struct huffman_code *code, int node, 2783 struct huffman_table_entry *table, int depth, 2784 int maxdepth) 2785 { 2786 int currtablesize, i, ret = (ARCHIVE_OK); 2787 2788 if (!code->tree) 2789 { 2790 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2791 "Huffman tree was not created."); 2792 return (ARCHIVE_FATAL); 2793 } 2794 if (node < 0 || node >= code->numentries) 2795 { 2796 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 2797 "Invalid location to Huffman tree specified."); 2798 return (ARCHIVE_FATAL); 2799 } 2800 2801 currtablesize = 1 << (maxdepth - depth); 2802 2803 if (code->tree[node].branches[0] == 2804 code->tree[node].branches[1]) 2805 { 2806 for(i = 0; i < currtablesize; i++) 2807 { 2808 table[i].length = depth; 2809 table[i].value = code->tree[node].branches[0]; 2810 } 2811 } 2812 /* 2813 * Dead code, node >= 0 2814 * 2815 else if (node < 0) 2816 { 2817 for(i = 0; i < currtablesize; i++) 2818 table[i].length = -1; 2819 } 2820 */ 2821 else 2822 { 2823 if(depth == maxdepth) 2824 { 2825 table[0].length = maxdepth + 1; 2826 table[0].value = node; 2827 } 2828 else 2829 { 2830 ret |= make_table_recurse(a, code, code->tree[node].branches[0], table, 2831 depth + 1, maxdepth); 2832 ret |= make_table_recurse(a, code, code->tree[node].branches[1], 2833 table + currtablesize / 2, depth + 1, maxdepth); 2834 } 2835 } 2836 return ret; 2837 } 2838 2839 static int 2840 expand(struct archive_read *a, int64_t *end) 2841 { 2842 static const unsigned char lengthbases[] = 2843 { 0, 1, 2, 3, 4, 5, 6, 2844 7, 8, 10, 12, 14, 16, 20, 2845 24, 28, 32, 40, 48, 56, 64, 2846 80, 96, 112, 128, 160, 192, 224 }; 2847 static const unsigned char lengthbits[] = 2848 { 0, 0, 0, 0, 0, 0, 0, 2849 0, 1, 1, 1, 1, 2, 2, 2850 2, 2, 3, 3, 3, 3, 4, 2851 4, 4, 4, 5, 5, 5, 5 }; 2852 static const int lengthb_min = minimum( 2853 (int)(sizeof(lengthbases)/sizeof(lengthbases[0])), 2854 (int)(sizeof(lengthbits)/sizeof(lengthbits[0])) 2855 ); 2856 static const unsigned int offsetbases[] = 2857 { 0, 1, 2, 3, 4, 6, 2858 8, 12, 16, 24, 32, 48, 2859 64, 96, 128, 192, 256, 384, 2860 512, 768, 1024, 1536, 2048, 3072, 2861 4096, 6144, 8192, 12288, 16384, 24576, 2862 32768, 49152, 65536, 98304, 131072, 196608, 2863 262144, 327680, 393216, 458752, 524288, 589824, 2864 655360, 720896, 786432, 851968, 917504, 983040, 2865 1048576, 1310720, 1572864, 1835008, 2097152, 2359296, 2866 2621440, 2883584, 3145728, 3407872, 3670016, 3932160 }; 2867 static const unsigned char offsetbits[] = 2868 { 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 2869 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 2870 11, 11, 12, 12, 13, 13, 14, 14, 15, 15, 16, 16, 2871 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 2872 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18 }; 2873 static const int offsetb_min = minimum( 2874 (int)(sizeof(offsetbases)/sizeof(offsetbases[0])), 2875 (int)(sizeof(offsetbits)/sizeof(offsetbits[0])) 2876 ); 2877 static const unsigned char shortbases[] = 2878 { 0, 4, 8, 16, 32, 64, 128, 192 }; 2879 static const unsigned char shortbits[] = 2880 { 2, 2, 3, 4, 5, 6, 6, 6 }; 2881 2882 int symbol, offs, len, offsindex, lensymbol, i, offssymbol, lowoffsetsymbol; 2883 unsigned char newfile; 2884 struct rar *rar = (struct rar *)(a->format->data); 2885 struct rar_br *br = &(rar->br); 2886 2887 if (rar->filters.filterstart < *end) 2888 *end = rar->filters.filterstart; 2889 2890 while (1) 2891 { 2892 if(lzss_position(&rar->lzss) >= *end) { 2893 return (ARCHIVE_OK); 2894 } 2895 2896 if(rar->is_ppmd_block) { 2897 *end = lzss_position(&rar->lzss); 2898 return (ARCHIVE_OK); 2899 } 2900 2901 if ((symbol = read_next_symbol(a, &rar->maincode)) < 0) 2902 return (ARCHIVE_FATAL); 2903 2904 if (symbol < 256) 2905 { 2906 lzss_emit_literal(rar, symbol); 2907 continue; 2908 } 2909 else if (symbol == 256) 2910 { 2911 if (!rar_br_read_ahead(a, br, 1)) 2912 goto truncated_data; 2913 newfile = !rar_br_bits(br, 1); 2914 rar_br_consume(br, 1); 2915 2916 if(newfile) 2917 { 2918 rar->start_new_block = 1; 2919 if (!rar_br_read_ahead(a, br, 1)) 2920 goto truncated_data; 2921 rar->start_new_table = rar_br_bits(br, 1); 2922 rar_br_consume(br, 1); 2923 *end = lzss_position(&rar->lzss); 2924 return (ARCHIVE_OK); 2925 } 2926 else 2927 { 2928 if (parse_codes(a) != ARCHIVE_OK) 2929 return (ARCHIVE_FATAL); 2930 continue; 2931 } 2932 } 2933 else if(symbol==257) 2934 { 2935 if (!read_filter(a, end)) 2936 return (ARCHIVE_FATAL); 2937 continue; 2938 } 2939 else if(symbol==258) 2940 { 2941 if(rar->lastlength == 0) 2942 continue; 2943 2944 offs = rar->lastoffset; 2945 len = rar->lastlength; 2946 } 2947 else if (symbol <= 262) 2948 { 2949 offsindex = symbol - 259; 2950 offs = rar->oldoffset[offsindex]; 2951 2952 if ((lensymbol = read_next_symbol(a, &rar->lengthcode)) < 0) 2953 goto bad_data; 2954 if (lensymbol > lengthb_min) 2955 goto bad_data; 2956 len = lengthbases[lensymbol] + 2; 2957 if (lengthbits[lensymbol] > 0) { 2958 if (!rar_br_read_ahead(a, br, lengthbits[lensymbol])) 2959 goto truncated_data; 2960 len += rar_br_bits(br, lengthbits[lensymbol]); 2961 rar_br_consume(br, lengthbits[lensymbol]); 2962 } 2963 2964 for (i = offsindex; i > 0; i--) 2965 rar->oldoffset[i] = rar->oldoffset[i-1]; 2966 rar->oldoffset[0] = offs; 2967 } 2968 else if(symbol<=270) 2969 { 2970 offs = shortbases[symbol-263] + 1; 2971 if(shortbits[symbol-263] > 0) { 2972 if (!rar_br_read_ahead(a, br, shortbits[symbol-263])) 2973 goto truncated_data; 2974 offs += rar_br_bits(br, shortbits[symbol-263]); 2975 rar_br_consume(br, shortbits[symbol-263]); 2976 } 2977 2978 len = 2; 2979 2980 for(i = 3; i > 0; i--) 2981 rar->oldoffset[i] = rar->oldoffset[i-1]; 2982 rar->oldoffset[0] = offs; 2983 } 2984 else 2985 { 2986 if (symbol-271 > lengthb_min) 2987 goto bad_data; 2988 len = lengthbases[symbol-271]+3; 2989 if(lengthbits[symbol-271] > 0) { 2990 if (!rar_br_read_ahead(a, br, lengthbits[symbol-271])) 2991 goto truncated_data; 2992 len += rar_br_bits(br, lengthbits[symbol-271]); 2993 rar_br_consume(br, lengthbits[symbol-271]); 2994 } 2995 2996 if ((offssymbol = read_next_symbol(a, &rar->offsetcode)) < 0) 2997 goto bad_data; 2998 if (offssymbol > offsetb_min) 2999 goto bad_data; 3000 offs = offsetbases[offssymbol]+1; 3001 if(offsetbits[offssymbol] > 0) 3002 { 3003 if(offssymbol > 9) 3004 { 3005 if(offsetbits[offssymbol] > 4) { 3006 if (!rar_br_read_ahead(a, br, offsetbits[offssymbol] - 4)) 3007 goto truncated_data; 3008 offs += rar_br_bits(br, offsetbits[offssymbol] - 4) << 4; 3009 rar_br_consume(br, offsetbits[offssymbol] - 4); 3010 } 3011 3012 if(rar->numlowoffsetrepeats > 0) 3013 { 3014 rar->numlowoffsetrepeats--; 3015 offs += rar->lastlowoffset; 3016 } 3017 else 3018 { 3019 if ((lowoffsetsymbol = 3020 read_next_symbol(a, &rar->lowoffsetcode)) < 0) 3021 return (ARCHIVE_FATAL); 3022 if(lowoffsetsymbol == 16) 3023 { 3024 rar->numlowoffsetrepeats = 15; 3025 offs += rar->lastlowoffset; 3026 } 3027 else 3028 { 3029 offs += lowoffsetsymbol; 3030 rar->lastlowoffset = lowoffsetsymbol; 3031 } 3032 } 3033 } 3034 else { 3035 if (!rar_br_read_ahead(a, br, offsetbits[offssymbol])) 3036 goto truncated_data; 3037 offs += rar_br_bits(br, offsetbits[offssymbol]); 3038 rar_br_consume(br, offsetbits[offssymbol]); 3039 } 3040 } 3041 3042 if (offs >= 0x40000) 3043 len++; 3044 if (offs >= 0x2000) 3045 len++; 3046 3047 for(i = 3; i > 0; i--) 3048 rar->oldoffset[i] = rar->oldoffset[i-1]; 3049 rar->oldoffset[0] = offs; 3050 } 3051 3052 rar->lastoffset = offs; 3053 rar->lastlength = len; 3054 3055 lzss_emit_match(rar, rar->lastoffset, rar->lastlength); 3056 } 3057 truncated_data: 3058 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 3059 "Truncated RAR file data"); 3060 rar->valid = 0; 3061 return (ARCHIVE_FATAL); 3062 bad_data: 3063 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 3064 "Bad RAR file data"); 3065 return (ARCHIVE_FATAL); 3066 } 3067 3068 static int 3069 copy_from_lzss_window(struct archive_read *a, void *buffer, 3070 int64_t startpos, int length) 3071 { 3072 int windowoffs, firstpart; 3073 struct rar *rar = (struct rar *)(a->format->data); 3074 3075 windowoffs = lzss_offset_for_position(&rar->lzss, startpos); 3076 firstpart = lzss_size(&rar->lzss) - windowoffs; 3077 if (firstpart < 0) { 3078 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 3079 "Bad RAR file data"); 3080 return (ARCHIVE_FATAL); 3081 } 3082 if (firstpart < length) { 3083 memcpy(buffer, &rar->lzss.window[windowoffs], firstpart); 3084 memcpy(buffer, &rar->lzss.window[0], length - firstpart); 3085 } else { 3086 memcpy(buffer, &rar->lzss.window[windowoffs], length); 3087 } 3088 return (ARCHIVE_OK); 3089 } 3090 3091 static int 3092 copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer, 3093 int64_t startpos, int length) 3094 { 3095 int windowoffs, firstpart; 3096 struct rar *rar = (struct rar *)(a->format->data); 3097 3098 if (!rar->unp_buffer) 3099 { 3100 if ((rar->unp_buffer = malloc(rar->unp_buffer_size)) == NULL) 3101 { 3102 archive_set_error(&a->archive, ENOMEM, 3103 "Unable to allocate memory for uncompressed data."); 3104 return (ARCHIVE_FATAL); 3105 } 3106 } 3107 3108 windowoffs = lzss_offset_for_position(&rar->lzss, startpos); 3109 if(windowoffs + length <= lzss_size(&rar->lzss)) { 3110 memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs], 3111 length); 3112 } else if (length <= lzss_size(&rar->lzss)) { 3113 firstpart = lzss_size(&rar->lzss) - windowoffs; 3114 if (firstpart < 0) { 3115 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 3116 "Bad RAR file data"); 3117 return (ARCHIVE_FATAL); 3118 } 3119 if (firstpart < length) { 3120 memcpy(&rar->unp_buffer[rar->unp_offset], 3121 &rar->lzss.window[windowoffs], firstpart); 3122 memcpy(&rar->unp_buffer[rar->unp_offset + firstpart], 3123 &rar->lzss.window[0], length - firstpart); 3124 } else { 3125 memcpy(&rar->unp_buffer[rar->unp_offset], 3126 &rar->lzss.window[windowoffs], length); 3127 } 3128 } else { 3129 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 3130 "Bad RAR file data"); 3131 return (ARCHIVE_FATAL); 3132 } 3133 rar->unp_offset += length; 3134 if (rar->unp_offset >= rar->unp_buffer_size) 3135 *buffer = rar->unp_buffer; 3136 else 3137 *buffer = NULL; 3138 return (ARCHIVE_OK); 3139 } 3140 3141 static const void * 3142 rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail) 3143 { 3144 struct rar *rar = (struct rar *)(a->format->data); 3145 const void *h = __archive_read_ahead(a, min, avail); 3146 int ret; 3147 if (avail) 3148 { 3149 if (a->archive.read_data_is_posix_read && *avail > (ssize_t)a->archive.read_data_requested) 3150 *avail = a->archive.read_data_requested; 3151 if (*avail > rar->bytes_remaining) 3152 *avail = (ssize_t)rar->bytes_remaining; 3153 if (*avail < 0) 3154 return NULL; 3155 else if (*avail == 0 && rar->main_flags & MHD_VOLUME && 3156 rar->file_flags & FHD_SPLIT_AFTER) 3157 { 3158 rar->filename_must_match = 1; 3159 ret = archive_read_format_rar_read_header(a, a->entry); 3160 if (ret == (ARCHIVE_EOF)) 3161 { 3162 rar->has_endarc_header = 1; 3163 ret = archive_read_format_rar_read_header(a, a->entry); 3164 } 3165 rar->filename_must_match = 0; 3166 if (ret != (ARCHIVE_OK)) 3167 return NULL; 3168 return rar_read_ahead(a, min, avail); 3169 } 3170 } 3171 return h; 3172 } 3173 3174 static int 3175 parse_filter(struct archive_read *a, const uint8_t *bytes, uint16_t length, uint8_t flags) 3176 { 3177 struct rar *rar = (struct rar *)(a->format->data); 3178 struct rar_filters *filters = &rar->filters; 3179 3180 struct memory_bit_reader br = { 0 }; 3181 struct rar_program_code *prog; 3182 struct rar_filter *filter, **nextfilter; 3183 3184 uint32_t numprogs, num, blocklength, globaldatalen; 3185 uint8_t *globaldata; 3186 size_t blockstartpos; 3187 uint32_t registers[8] = { 0 }; 3188 uint32_t i; 3189 3190 br.bytes = bytes; 3191 br.length = length; 3192 3193 numprogs = 0; 3194 for (prog = filters->progs; prog; prog = prog->next) 3195 numprogs++; 3196 3197 if ((flags & 0x80)) 3198 { 3199 num = membr_next_rarvm_number(&br); 3200 if (num == 0) 3201 { 3202 delete_filter(filters->stack); 3203 filters->stack = NULL; 3204 delete_program_code(filters->progs); 3205 filters->progs = NULL; 3206 } 3207 else 3208 num--; 3209 if (num > numprogs) { 3210 return 0; 3211 } 3212 filters->lastfilternum = num; 3213 } 3214 else 3215 num = filters->lastfilternum; 3216 3217 prog = filters->progs; 3218 for (i = 0; i < num; i++) 3219 prog = prog->next; 3220 if (prog) 3221 prog->usagecount++; 3222 3223 blockstartpos = membr_next_rarvm_number(&br) + (size_t)lzss_position(&rar->lzss); 3224 if ((flags & 0x40)) 3225 blockstartpos += 258; 3226 if ((flags & 0x20)) 3227 blocklength = membr_next_rarvm_number(&br); 3228 else 3229 blocklength = prog ? prog->oldfilterlength : 0; 3230 3231 registers[3] = PROGRAM_SYSTEM_GLOBAL_ADDRESS; 3232 registers[4] = blocklength; 3233 registers[5] = prog ? prog->usagecount : 0; 3234 registers[7] = VM_MEMORY_SIZE; 3235 3236 if ((flags & 0x10)) 3237 { 3238 uint8_t mask = (uint8_t)membr_bits(&br, 7); 3239 for (i = 0; i < 7; i++) 3240 if ((mask & (1 << i))) 3241 registers[i] = membr_next_rarvm_number(&br); 3242 } 3243 3244 if (!prog) 3245 { 3246 uint32_t len = membr_next_rarvm_number(&br); 3247 uint8_t *bytecode; 3248 struct rar_program_code **next; 3249 3250 if (len == 0 || len > 0x10000) 3251 return 0; 3252 bytecode = malloc(len); 3253 if (!bytecode) 3254 return 0; 3255 for (i = 0; i < len; i++) 3256 bytecode[i] = (uint8_t)membr_bits(&br, 8); 3257 prog = compile_program(bytecode, len); 3258 if (!prog) { 3259 free(bytecode); 3260 return 0; 3261 } 3262 free(bytecode); 3263 next = &filters->progs; 3264 while (*next) 3265 next = &(*next)->next; 3266 *next = prog; 3267 } 3268 prog->oldfilterlength = blocklength; 3269 3270 globaldata = NULL; 3271 globaldatalen = 0; 3272 if ((flags & 0x08)) 3273 { 3274 globaldatalen = membr_next_rarvm_number(&br); 3275 if (globaldatalen > PROGRAM_USER_GLOBAL_SIZE) 3276 return 0; 3277 globaldata = malloc(globaldatalen + PROGRAM_SYSTEM_GLOBAL_SIZE); 3278 if (!globaldata) 3279 return 0; 3280 for (i = 0; i < globaldatalen; i++) 3281 globaldata[i + PROGRAM_SYSTEM_GLOBAL_SIZE] = (uint8_t)membr_bits(&br, 8); 3282 } 3283 3284 if (br.at_eof) 3285 { 3286 free(globaldata); 3287 return 0; 3288 } 3289 3290 filter = create_filter(prog, globaldata, globaldatalen, registers, blockstartpos, blocklength); 3291 free(globaldata); 3292 if (!filter) 3293 return 0; 3294 3295 for (i = 0; i < 7; i++) 3296 archive_le32enc(&filter->globaldata[i * 4], registers[i]); 3297 archive_le32enc(&filter->globaldata[0x1C], blocklength); 3298 archive_le32enc(&filter->globaldata[0x20], 0); 3299 archive_le32enc(&filter->globaldata[0x2C], prog->usagecount); 3300 3301 nextfilter = &filters->stack; 3302 while (*nextfilter) 3303 nextfilter = &(*nextfilter)->next; 3304 *nextfilter = filter; 3305 3306 if (!filters->stack->next) 3307 filters->filterstart = blockstartpos; 3308 3309 return 1; 3310 } 3311 3312 static struct rar_filter * 3313 create_filter(struct rar_program_code *prog, const uint8_t *globaldata, uint32_t globaldatalen, uint32_t registers[8], size_t startpos, uint32_t length) 3314 { 3315 struct rar_filter *filter; 3316 3317 filter = calloc(1, sizeof(*filter)); 3318 if (!filter) 3319 return NULL; 3320 filter->prog = prog; 3321 filter->globaldatalen = globaldatalen > PROGRAM_SYSTEM_GLOBAL_SIZE ? globaldatalen : PROGRAM_SYSTEM_GLOBAL_SIZE; 3322 filter->globaldata = calloc(1, filter->globaldatalen); 3323 if (!filter->globaldata) 3324 return NULL; 3325 if (globaldata) 3326 memcpy(filter->globaldata, globaldata, globaldatalen); 3327 if (registers) 3328 memcpy(filter->initialregisters, registers, sizeof(filter->initialregisters)); 3329 filter->blockstartpos = startpos; 3330 filter->blocklength = length; 3331 3332 return filter; 3333 } 3334 3335 static int 3336 run_filters(struct archive_read *a) 3337 { 3338 struct rar *rar = (struct rar *)(a->format->data); 3339 struct rar_filters *filters = &rar->filters; 3340 struct rar_filter *filter = filters->stack; 3341 struct rar_filter *f; 3342 size_t start, end; 3343 int64_t tend; 3344 uint32_t lastfilteraddress; 3345 uint32_t lastfilterlength; 3346 int ret; 3347 3348 if (filters == NULL || filter == NULL) 3349 return (0); 3350 3351 start = filters->filterstart; 3352 end = start + filter->blocklength; 3353 3354 filters->filterstart = INT64_MAX; 3355 tend = (int64_t)end; 3356 ret = expand(a, &tend); 3357 if (ret != ARCHIVE_OK) 3358 return 0; 3359 3360 /* Check if filter stack was modified in expand() */ 3361 ret = ARCHIVE_FATAL; 3362 f = filters->stack; 3363 while (f) 3364 { 3365 if (f == filter) 3366 { 3367 ret = ARCHIVE_OK; 3368 break; 3369 } 3370 f = f->next; 3371 } 3372 if (ret != ARCHIVE_OK) 3373 return 0; 3374 3375 if (tend < 0) 3376 return 0; 3377 end = (size_t)tend; 3378 if (end != start + filter->blocklength) 3379 return 0; 3380 3381 if (!filters->vm) 3382 { 3383 filters->vm = calloc(1, sizeof(*filters->vm)); 3384 if (!filters->vm) 3385 return 0; 3386 } 3387 3388 ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength); 3389 if (ret != ARCHIVE_OK) 3390 return 0; 3391 if (!execute_filter(a, filter, filters->vm, rar->offset)) 3392 return 0; 3393 3394 lastfilteraddress = filter->filteredblockaddress; 3395 lastfilterlength = filter->filteredblocklength; 3396 filters->stack = filter->next; 3397 filter->next = NULL; 3398 delete_filter(filter); 3399 3400 while ((filter = filters->stack) != NULL && (int64_t)filter->blockstartpos == filters->filterstart && filter->blocklength == lastfilterlength) 3401 { 3402 memmove(&filters->vm->memory[0], &filters->vm->memory[lastfilteraddress], lastfilterlength); 3403 if (!execute_filter(a, filter, filters->vm, rar->offset)) 3404 return 0; 3405 3406 lastfilteraddress = filter->filteredblockaddress; 3407 lastfilterlength = filter->filteredblocklength; 3408 filters->stack = filter->next; 3409 filter->next = NULL; 3410 delete_filter(filter); 3411 } 3412 3413 if (filters->stack) 3414 { 3415 if (filters->stack->blockstartpos < end) 3416 return 0; 3417 filters->filterstart = filters->stack->blockstartpos; 3418 } 3419 3420 filters->lastend = end; 3421 filters->bytes = &filters->vm->memory[lastfilteraddress]; 3422 filters->bytes_ready = lastfilterlength; 3423 3424 return 1; 3425 } 3426 3427 static struct rar_program_code * 3428 compile_program(const uint8_t *bytes, size_t length) 3429 { 3430 struct memory_bit_reader br = { 0 }; 3431 struct rar_program_code *prog; 3432 // uint32_t instrcount = 0; 3433 uint8_t xor; 3434 size_t i; 3435 3436 xor = 0; 3437 for (i = 1; i < length; i++) 3438 xor ^= bytes[i]; 3439 if (!length || xor != bytes[0]) 3440 return NULL; 3441 3442 br.bytes = bytes; 3443 br.length = length; 3444 br.offset = 1; 3445 3446 prog = calloc(1, sizeof(*prog)); 3447 if (!prog) 3448 return NULL; 3449 prog->fingerprint = crc32(0, bytes, length) | ((uint64_t)length << 32); 3450 3451 if (membr_bits(&br, 1)) 3452 { 3453 prog->staticdatalen = membr_next_rarvm_number(&br) + 1; 3454 prog->staticdata = malloc(prog->staticdatalen); 3455 if (!prog->staticdata) 3456 { 3457 delete_program_code(prog); 3458 return NULL; 3459 } 3460 for (i = 0; i < prog->staticdatalen; i++) 3461 prog->staticdata[i] = (uint8_t)membr_bits(&br, 8); 3462 } 3463 3464 return prog; 3465 } 3466 3467 static void 3468 delete_filter(struct rar_filter *filter) 3469 { 3470 while (filter) 3471 { 3472 struct rar_filter *next = filter->next; 3473 free(filter->globaldata); 3474 free(filter); 3475 filter = next; 3476 } 3477 } 3478 3479 static void 3480 clear_filters(struct rar_filters *filters) 3481 { 3482 delete_filter(filters->stack); 3483 delete_program_code(filters->progs); 3484 free(filters->vm); 3485 } 3486 3487 static void 3488 delete_program_code(struct rar_program_code *prog) 3489 { 3490 while (prog) 3491 { 3492 struct rar_program_code *next = prog->next; 3493 free(prog->staticdata); 3494 free(prog->globalbackup); 3495 free(prog); 3496 prog = next; 3497 } 3498 } 3499 3500 static uint32_t 3501 membr_next_rarvm_number(struct memory_bit_reader *br) 3502 { 3503 uint32_t val; 3504 switch (membr_bits(br, 2)) 3505 { 3506 case 0: 3507 return membr_bits(br, 4); 3508 case 1: 3509 val = membr_bits(br, 8); 3510 if (val >= 16) 3511 return val; 3512 return 0xFFFFFF00 | (val << 4) | membr_bits(br, 4); 3513 case 2: 3514 return membr_bits(br, 16); 3515 default: 3516 return membr_bits(br, 32); 3517 } 3518 } 3519 3520 static inline uint32_t 3521 membr_bits(struct memory_bit_reader *br, int bits) 3522 { 3523 if (bits > br->available && (br->at_eof || !membr_fill(br, bits))) 3524 return 0; 3525 return (uint32_t)((br->bits >> (br->available -= bits)) & (((uint64_t)1 << bits) - 1)); 3526 } 3527 3528 static int 3529 membr_fill(struct memory_bit_reader *br, int bits) 3530 { 3531 while (br->available < bits && br->offset < br->length) 3532 { 3533 br->bits = (br->bits << 8) | br->bytes[br->offset++]; 3534 br->available += 8; 3535 } 3536 if (bits > br->available) 3537 { 3538 br->at_eof = 1; 3539 return 0; 3540 } 3541 return 1; 3542 } 3543 3544 static int 3545 read_filter(struct archive_read *a, int64_t *end) 3546 { 3547 struct rar *rar = (struct rar *)(a->format->data); 3548 uint8_t flags, val, *code; 3549 uint16_t length, i; 3550 3551 if (!rar_decode_byte(a, &flags)) 3552 return 0; 3553 length = (flags & 0x07) + 1; 3554 if (length == 7) 3555 { 3556 if (!rar_decode_byte(a, &val)) 3557 return 0; 3558 length = val + 7; 3559 } 3560 else if (length == 8) 3561 { 3562 if (!rar_decode_byte(a, &val)) 3563 return 0; 3564 length = val << 8; 3565 if (!rar_decode_byte(a, &val)) 3566 return 0; 3567 length |= val; 3568 } 3569 3570 code = malloc(length); 3571 if (!code) 3572 return 0; 3573 for (i = 0; i < length; i++) 3574 { 3575 if (!rar_decode_byte(a, &code[i])) 3576 { 3577 free(code); 3578 return 0; 3579 } 3580 } 3581 if (!parse_filter(a, code, length, flags)) 3582 { 3583 free(code); 3584 return 0; 3585 } 3586 free(code); 3587 3588 if (rar->filters.filterstart < *end) 3589 *end = rar->filters.filterstart; 3590 3591 return 1; 3592 } 3593 3594 static int 3595 execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm) 3596 { 3597 uint32_t length = filter->initialregisters[4]; 3598 uint32_t numchannels = filter->initialregisters[0]; 3599 uint8_t *src, *dst; 3600 uint32_t i, idx; 3601 3602 if (length > PROGRAM_WORK_SIZE / 2) 3603 return 0; 3604 3605 src = &vm->memory[0]; 3606 dst = &vm->memory[length]; 3607 for (i = 0; i < numchannels; i++) 3608 { 3609 uint8_t lastbyte = 0; 3610 for (idx = i; idx < length; idx += numchannels) 3611 lastbyte = dst[idx] = lastbyte - *src++; 3612 } 3613 3614 filter->filteredblockaddress = length; 3615 filter->filteredblocklength = length; 3616 3617 return 1; 3618 } 3619 3620 static int 3621 execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, size_t pos, int e9also) 3622 { 3623 uint32_t length = filter->initialregisters[4]; 3624 uint32_t filesize = 0x1000000; 3625 uint32_t i; 3626 3627 if (length > PROGRAM_WORK_SIZE || length < 4) 3628 return 0; 3629 3630 for (i = 0; i <= length - 5; i++) 3631 { 3632 if (vm->memory[i] == 0xE8 || (e9also && vm->memory[i] == 0xE9)) 3633 { 3634 uint32_t currpos = (uint32_t)pos + i + 1; 3635 int32_t address = (int32_t)vm_read_32(vm, i + 1); 3636 if (address < 0 && currpos >= (uint32_t)-address) 3637 vm_write_32(vm, i + 1, address + filesize); 3638 else if (address >= 0 && (uint32_t)address < filesize) 3639 vm_write_32(vm, i + 1, address - currpos); 3640 i += 4; 3641 } 3642 } 3643 3644 filter->filteredblockaddress = 0; 3645 filter->filteredblocklength = length; 3646 3647 return 1; 3648 } 3649 3650 static int 3651 execute_filter_rgb(struct rar_filter *filter, struct rar_virtual_machine *vm) 3652 { 3653 uint32_t stride = filter->initialregisters[0]; 3654 uint32_t byteoffset = filter->initialregisters[1]; 3655 uint32_t blocklength = filter->initialregisters[4]; 3656 uint8_t *src, *dst; 3657 uint32_t i, j; 3658 3659 if (blocklength > PROGRAM_WORK_SIZE / 2 || stride > blocklength) 3660 return 0; 3661 3662 src = &vm->memory[0]; 3663 dst = &vm->memory[blocklength]; 3664 for (i = 0; i < 3; i++) { 3665 uint8_t byte = 0; 3666 uint8_t *prev = dst + i - stride; 3667 for (j = i; j < blocklength; j += 3) 3668 { 3669 if (prev >= dst) 3670 { 3671 uint32_t delta1 = abs(prev[3] - prev[0]); 3672 uint32_t delta2 = abs(byte - prev[0]); 3673 uint32_t delta3 = abs(prev[3] - prev[0] + byte - prev[0]); 3674 if (delta1 > delta2 || delta1 > delta3) 3675 byte = delta2 <= delta3 ? prev[3] : prev[0]; 3676 } 3677 byte -= *src++; 3678 dst[j] = byte; 3679 prev += 3; 3680 } 3681 } 3682 for (i = byteoffset; i < blocklength - 2; i += 3) 3683 { 3684 dst[i] += dst[i + 1]; 3685 dst[i + 2] += dst[i + 1]; 3686 } 3687 3688 filter->filteredblockaddress = blocklength; 3689 filter->filteredblocklength = blocklength; 3690 3691 return 1; 3692 } 3693 3694 static int 3695 execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm) 3696 { 3697 uint32_t length = filter->initialregisters[4]; 3698 uint32_t numchannels = filter->initialregisters[0]; 3699 uint8_t *src, *dst; 3700 uint32_t i, j; 3701 3702 if (length > PROGRAM_WORK_SIZE / 2) 3703 return 0; 3704 3705 src = &vm->memory[0]; 3706 dst = &vm->memory[length]; 3707 for (i = 0; i < numchannels; i++) 3708 { 3709 struct audio_state state; 3710 memset(&state, 0, sizeof(state)); 3711 for (j = i; j < length; j += numchannels) 3712 { 3713 int8_t delta = (int8_t)*src++; 3714 uint8_t predbyte, byte; 3715 int prederror; 3716 state.delta[2] = state.delta[1]; 3717 state.delta[1] = state.lastdelta - state.delta[0]; 3718 state.delta[0] = state.lastdelta; 3719 predbyte = ((8 * state.lastbyte + state.weight[0] * state.delta[0] + state.weight[1] * state.delta[1] + state.weight[2] * state.delta[2]) >> 3) & 0xFF; 3720 byte = (predbyte - delta) & 0xFF; 3721 prederror = delta << 3; 3722 state.error[0] += abs(prederror); 3723 state.error[1] += abs(prederror - state.delta[0]); state.error[2] += abs(prederror + state.delta[0]); 3724 state.error[3] += abs(prederror - state.delta[1]); state.error[4] += abs(prederror + state.delta[1]); 3725 state.error[5] += abs(prederror - state.delta[2]); state.error[6] += abs(prederror + state.delta[2]); 3726 state.lastdelta = (int8_t)(byte - state.lastbyte); 3727 dst[j] = state.lastbyte = byte; 3728 if (!(state.count++ & 0x1F)) 3729 { 3730 uint8_t k, idx = 0; 3731 for (k = 1; k < 7; k++) 3732 { 3733 if (state.error[k] < state.error[idx]) 3734 idx = k; 3735 } 3736 memset(state.error, 0, sizeof(state.error)); 3737 switch (idx) 3738 { 3739 case 1: if (state.weight[0] >= -16) state.weight[0]--; break; 3740 case 2: if (state.weight[0] < 16) state.weight[0]++; break; 3741 case 3: if (state.weight[1] >= -16) state.weight[1]--; break; 3742 case 4: if (state.weight[1] < 16) state.weight[1]++; break; 3743 case 5: if (state.weight[2] >= -16) state.weight[2]--; break; 3744 case 6: if (state.weight[2] < 16) state.weight[2]++; break; 3745 } 3746 } 3747 } 3748 } 3749 3750 filter->filteredblockaddress = length; 3751 filter->filteredblocklength = length; 3752 3753 return 1; 3754 } 3755 3756 3757 static int 3758 execute_filter(struct archive_read *a, struct rar_filter *filter, struct rar_virtual_machine *vm, size_t pos) 3759 { 3760 if (filter->prog->fingerprint == 0x1D0E06077D) 3761 return execute_filter_delta(filter, vm); 3762 if (filter->prog->fingerprint == 0x35AD576887) 3763 return execute_filter_e8(filter, vm, pos, 0); 3764 if (filter->prog->fingerprint == 0x393CD7E57E) 3765 return execute_filter_e8(filter, vm, pos, 1); 3766 if (filter->prog->fingerprint == 0x951C2C5DC8) 3767 return execute_filter_rgb(filter, vm); 3768 if (filter->prog->fingerprint == 0xD8BC85E701) 3769 return execute_filter_audio(filter, vm); 3770 3771 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "No support for RAR VM program filter"); 3772 return 0; 3773 } 3774 3775 static int 3776 rar_decode_byte(struct archive_read *a, uint8_t *byte) 3777 { 3778 struct rar *rar = (struct rar *)(a->format->data); 3779 struct rar_br *br = &(rar->br); 3780 if (!rar_br_read_ahead(a, br, 8)) 3781 return 0; 3782 *byte = (uint8_t)rar_br_bits(br, 8); 3783 rar_br_consume(br, 8); 3784 return 1; 3785 } 3786 3787 static inline void 3788 vm_write_32(struct rar_virtual_machine* vm, size_t offset, uint32_t u32) 3789 { 3790 archive_le32enc(vm->memory + offset, u32); 3791 } 3792 3793 static inline uint32_t 3794 vm_read_32(struct rar_virtual_machine* vm, size_t offset) 3795 { 3796 return archive_le32dec(vm->memory + offset); 3797 } 3798