src/liblzma/common/vli_decoder.c

   1 // SPDX-License-Identifier: 0BSD
   2
   3 ///////////////////////////////////////////////////////////////////////////////
   4 //
   5 /// \file       vli_decoder.c
   6 /// \brief      Decodes variable-length integers
   7 //
   8 //  Author:     Lasse Collin
   9 //
  10 ///////////////////////////////////////////////////////////////////////////////
  11
  12 #include "common.h"
  13
  14
  15 extern LZMA_API(lzma_ret)
  16 lzma_vli_decode(lzma_vli *restrict vli, size_t *vli_pos,
  17                 const uint8_t *restrict in, size_t *restrict in_pos,
  18                 size_t in_size)
  19 {
  20         // If we haven't been given vli_pos, work in single-call mode.
  21         size_t vli_pos_internal = 0;
  22         if (vli_pos == NULL) {
  23                 vli_pos = &vli_pos_internal;
  24                 *vli = 0;
  25
  26                 // If there's no input, use LZMA_DATA_ERROR. This way it is
  27                 // easy to decode VLIs from buffers that have known size,
  28                 // and get the correct error code in case the buffer is
  29                 // too short.
  30                 if (*in_pos >= in_size)
  31                         return LZMA_DATA_ERROR;
  32
  33         } else {
  34                 // Initialize *vli when starting to decode a new integer.
  35                 if (*vli_pos == 0)
  36                         *vli = 0;
  37
  38                 // Validate the arguments.
  39                 if (*vli_pos >= LZMA_VLI_BYTES_MAX
  40                                 || (*vli >> (*vli_pos * 7)) != 0)
  41                         return LZMA_PROG_ERROR;;
  42
  43                 if (*in_pos >= in_size)
  44                         return LZMA_BUF_ERROR;
  45         }
  46
  47         do {
  48                 // Read the next byte. Use a temporary variable so that we
  49                 // can update *in_pos immediately.
  50                 const uint8_t byte = in[*in_pos];
  51                 ++*in_pos;
  52
  53                 // Add the newly read byte to *vli.
  54                 *vli += (lzma_vli)(byte & 0x7F) << (*vli_pos * 7);
  55                 ++*vli_pos;
  56
  57                 // Check if this is the last byte of a multibyte integer.
  58                 if ((byte & 0x80) == 0) {
  59                         // We don't allow using variable-length integers as
  60                         // padding i.e. the encoding must use the most the
  61                         // compact form.
  62                         if (byte == 0x00 && *vli_pos > 1)
  63                                 return LZMA_DATA_ERROR;
  64
  65                         return vli_pos == &vli_pos_internal
  66                                         ? LZMA_OK : LZMA_STREAM_END;
  67                 }
  68
  69                 // There is at least one more byte coming. If we have already
  70                 // read maximum number of bytes, the integer is considered
  71                 // corrupt.
  72                 //
  73                 // If we need bigger integers in future, old versions liblzma
  74                 // will confusingly indicate the file being corrupt instead of
  75                 // unsupported. I suppose it's still better this way, because
  76                 // in the foreseeable future (writing this in 2008) the only
  77                 // reason why files would appear having over 63-bit integers
  78                 // is that the files are simply corrupt.
  79                 if (*vli_pos == LZMA_VLI_BYTES_MAX)
  80                         return LZMA_DATA_ERROR;
  81
  82         } while (*in_pos < in_size);
  83
  84         return vli_pos == &vli_pos_internal ? LZMA_DATA_ERROR : LZMA_OK;
  85 }