| // Copyright 2023 The Wuffs Authors. |
| // |
| // Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or |
| // https://www.apache.org/licenses/LICENSE-2.0> or the MIT license |
| // <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your |
| // option. This file may not be copied, modified, or distributed |
| // except according to those terms. |
| // |
| // SPDX-License-Identifier: Apache-2.0 OR MIT |
| |
| // -------- |
| |
| // See https://tukaani.org/xz/xz-file-format.txt |
| |
| use "std/crc32" |
| use "std/crc64" |
| use "std/lzma" |
| use "std/sha256" |
| |
| pub status "#bad block header" |
| pub status "#bad checksum" |
| pub status "#bad filter" |
| pub status "#bad footer" |
| pub status "#bad header" |
| pub status "#bad index" |
| pub status "#bad padding" |
| pub status "#truncated input" |
| pub status "#unsupported checksum algorithm" |
| pub status "#unsupported filter" |
| pub status "#unsupported filter combination" |
| |
| pri status "#internal error: inconsistent BCJ filter state" |
| |
| pub const DECODER_DST_HISTORY_RETAIN_LENGTH_MAX_INCL_WORST_CASE : base.u64 = 0 |
| pub const DECODER_WORKBUF_LEN_MAX_INCL_WORST_CASE : base.u64 = 0xFFFF_FFFF + 273 |
| |
| pub struct decoder? implements base.io_transformer( |
| filters : array[3] base.u32, |
| num_non_final_filters : base.u32[..= 3], |
| |
| // 0: None. |
| // 1: CRC-32. |
| // 2: CRC-64. |
| // 3: SHA-256. |
| checksummer : base.u32[..= 3], |
| |
| ignore_checksum : base.bool, |
| |
| block_has_compressed_size : base.bool, |
| block_has_uncompressed_size : base.bool, |
| |
| bcj_undo_index : base.u8, |
| bcj_pos : base.u32, |
| bcj_x86_prev_mask : base.u32, |
| |
| block_compressed_size : base.u64, |
| block_uncompressed_size : base.u64, |
| |
| num_actual_blocks : base.u64, |
| num_index_blocks : base.u64, |
| |
| index_block_compressed_size : base.u64, |
| index_block_uncompressed_size : base.u64, |
| |
| backwards_size : base.u64, |
| |
| started_verify_index : base.bool, |
| |
| flags : base.u16, |
| |
| util : base.utility, |
| ) + ( |
| filter_data : array[3] array[256] base.u8, |
| |
| crc32 : crc32.ieee_hasher, |
| crc64 : crc64.ecma_hasher, |
| sha256 : sha256.hasher, |
| |
| lzma : lzma.decoder, |
| ) |
| |
| pub func decoder.get_quirk(key: base.u32) base.u64 { |
| if (args.key == base.QUIRK_IGNORE_CHECKSUM) and this.ignore_checksum { |
| return 1 |
| } |
| return 0 |
| } |
| |
| pub func decoder.set_quirk!(key: base.u32, value: base.u64) base.status { |
| if args.key == base.QUIRK_IGNORE_CHECKSUM { |
| this.ignore_checksum = args.value > 0 |
| return ok |
| } |
| return base."#unsupported option" |
| } |
| |
| pub func decoder.dst_history_retain_length() base.optional_u63 { |
| return this.lzma.dst_history_retain_length() |
| } |
| |
| pub func decoder.workbuf_len() base.range_ii_u64 { |
| return this.lzma.workbuf_len() |
| } |
| |
| pub func decoder.transform_io?(dst: base.io_writer, src: base.io_reader, workbuf: slice base.u8) { |
| var status : base.status |
| |
| while true { |
| status =? this.do_transform_io?(dst: args.dst, src: args.src, workbuf: args.workbuf) |
| if (status == base."$short read") and args.src.is_closed() { |
| return "#truncated input" |
| } |
| yield? status |
| } endwhile |
| } |
| |
| pri func decoder.do_transform_io?(dst: base.io_writer, src: base.io_reader, workbuf: slice base.u8) { |
| var header_magic : base.u64 |
| var dmark : base.u64 |
| var smark : base.u64 |
| var i8 : base.u8 |
| var status : base.status |
| var checksum32_have : base.u32 |
| var checksum32_want : base.u32 |
| var checksum64_have : base.u64 |
| var checksum64_want : base.u64 |
| var checksum256_have : base.bitvec256 |
| var compressed_size : base.u64 |
| var uncompressed_size : base.u64 |
| var c8 : base.u8 |
| var footer_magic : base.u16 |
| |
| header_magic = args.src.read_u48le_as_u64?() |
| if header_magic <> '\xFD\x37\x7A\x58\x5A\x00'le { |
| return "#bad header" |
| } |
| |
| // Read the 2-byte flags and the 4-byte CRC-32 checksum of those 2 bytes. |
| header_magic = args.src.read_u48le_as_u64?() |
| if header_magic == '\x00\x00\xFF\x12\xD9\x41'le { |
| this.checksummer = 0 // None. |
| } else if header_magic == '\x00\x01\x69\x22\xDE\x36'le { |
| this.checksummer = 1 // CRC-32. |
| } else if header_magic == '\x00\x04\xE6\xD6\xB4\x46'le { |
| this.checksummer = 2 // CRC-64. |
| } else if header_magic == '\x00\x0A\xE1\xFB\x0C\xA1'le { |
| this.checksummer = 3 // SHA-256. |
| } else if (header_magic & 0xF0FF) <> 0 { |
| // Section 2.1.1.2. Stream Flags: "If any reserved bit is set, the |
| // decoder MUST indicate an error." |
| return "#bad header" |
| } else { |
| header_magic = 0xF & (header_magic >> 8) |
| if (header_magic <> 0x0) and (header_magic <> 0x1) and (header_magic <> 0x4) and (header_magic <> 0xA) { |
| return "#unsupported checksum algorithm" |
| } |
| return "#bad checksum" |
| } |
| this.flags = (header_magic & 0xFFFF) as base.u16 |
| |
| while true { |
| if args.src.length() <= 0 { |
| yield? base."$short read" |
| continue |
| } else if args.src.peek_u8() == 0x00 { |
| // We've hit the Index instead of a Block. |
| break |
| } |
| this.num_actual_blocks ~mod+= 1 |
| |
| if not this.ignore_checksum { |
| this.crc32.reset!() |
| } |
| |
| while true { |
| smark = args.src.mark() |
| status =? this.decode_block_header_with_padding?(src: args.src) |
| if not this.ignore_checksum { |
| checksum32_have = this.crc32.update_u32!(x: args.src.since(mark: smark)) |
| } |
| if status.is_ok() { |
| break |
| } |
| yield? status |
| } endwhile |
| |
| checksum32_want = args.src.read_u32le?() |
| if this.ignore_checksum { |
| // No-op. |
| } else if checksum32_have <> checksum32_want { |
| return "#bad checksum" |
| } else { |
| this.crc32.reset!() |
| this.crc64.reset!() |
| this.sha256.reset!() |
| } |
| |
| compressed_size = 0 |
| uncompressed_size = 0 |
| while true { |
| if (this.bcj_undo_index as base.u64) > args.dst.length() { |
| yield? base."$short write" |
| continue |
| } |
| |
| dmark = args.dst.mark() |
| smark = args.src.mark() |
| if this.num_non_final_filters == 0 { |
| status =? this.lzma.transform_io?(dst: args.dst, src: args.src, workbuf: args.workbuf) |
| } else { |
| if this.bcj_undo_index > 0 { |
| args.dst.copy_from_slice!(s: this.filter_data[0][.. this.bcj_undo_index]) |
| this.bcj_undo_index = 0 |
| } |
| |
| // The non-final filters will modify the args.dst contents so |
| // that its history isn't what this.lzma considers its |
| // (unfiltered) history. |
| io_forget_history (io: args.dst) { |
| status =? this.lzma.transform_io?(dst: args.dst, src: args.src, workbuf: args.workbuf) |
| } |
| |
| this.bcj_undo_index = this.apply_non_final_filters!(dst_slice: args.dst.since(mark: dmark)) |
| if (this.bcj_undo_index > 0) and (not status.is_ok()) { |
| i8 = this.bcj_undo_index - 1 |
| while true { |
| if not args.dst.can_undo_byte() { |
| return "#internal error: inconsistent BCJ filter state" |
| } |
| this.filter_data[0][i8] = args.dst.peek_undo_byte() |
| args.dst.undo_byte!() |
| if i8 <= 0 { |
| break |
| } |
| i8 -= 1 |
| } endwhile |
| } |
| } |
| compressed_size ~mod+= args.src.count_since(mark: smark) |
| uncompressed_size ~mod+= args.dst.count_since(mark: dmark) |
| |
| if this.ignore_checksum { |
| // No-op. |
| } else if this.checksummer == 1 { |
| this.crc32.update!(x: args.dst.since(mark: dmark)) |
| } else if this.checksummer == 2 { |
| this.crc64.update!(x: args.dst.since(mark: dmark)) |
| } else if this.checksummer == 3 { |
| this.sha256.update!(x: args.dst.since(mark: dmark)) |
| } |
| if status.is_ok() { |
| break |
| } |
| yield? status |
| } endwhile |
| |
| if (this.block_has_compressed_size and (this.block_compressed_size <> compressed_size)) or |
| (this.block_has_uncompressed_size and (this.block_uncompressed_size <> uncompressed_size)) { |
| return "#bad block header" |
| } |
| |
| while (compressed_size & 3) <> 0 { |
| c8 = args.src.read_u8?() |
| if c8 <> 0x00 { |
| return "#bad padding" |
| } |
| compressed_size ~mod+= 1 |
| } endwhile |
| |
| if this.ignore_checksum { |
| args.src.skip_u32?(n: CHECKSUM_LENGTH[this.checksummer] as base.u32) |
| |
| } else if this.checksummer == 1 { |
| checksum32_want = args.src.read_u32le?() |
| checksum32_have = this.crc32.checksum_u32() |
| if checksum32_have <> checksum32_want { |
| return "#bad checksum" |
| } |
| |
| } else if this.checksummer == 2 { |
| checksum64_want = args.src.read_u64le?() |
| checksum64_have = this.crc64.checksum_u64() |
| if checksum64_have <> checksum64_want { |
| return "#bad checksum" |
| } |
| |
| } else if this.checksummer == 3 { |
| checksum256_have = this.sha256.checksum_bitvec256() |
| checksum64_want = args.src.read_u64be?() |
| if checksum256_have.get_u64(i: 3) <> checksum64_want { |
| return "#bad checksum" |
| } |
| checksum64_want = args.src.read_u64be?() |
| if checksum256_have.get_u64(i: 2) <> checksum64_want { |
| return "#bad checksum" |
| } |
| checksum64_want = args.src.read_u64be?() |
| if checksum256_have.get_u64(i: 1) <> checksum64_want { |
| return "#bad checksum" |
| } |
| checksum64_want = args.src.read_u64be?() |
| if checksum256_have.get_u64(i: 0) <> checksum64_want { |
| return "#bad checksum" |
| } |
| } |
| } endwhile |
| |
| // Verify the index. |
| this.backwards_size = 0 |
| if not this.ignore_checksum { |
| this.crc32.reset!() |
| } |
| while true { |
| smark = args.src.mark() |
| status =? this.verify_index?(src: args.src) |
| this.backwards_size ~sat+= args.src.count_since(mark: smark) |
| if not this.ignore_checksum { |
| this.crc32.update!(x: args.src.since(mark: smark)) |
| } |
| if status.is_ok() { |
| break |
| } |
| yield? status |
| } endwhile |
| if not this.ignore_checksum { |
| this.crc32.update!(x: ZEROES[.. 3 & (0 ~mod- (3 & this.backwards_size))]) |
| } |
| while (this.backwards_size & 3) <> 0 { |
| c8 = args.src.read_u8?() |
| if c8 <> 0x00 { |
| return "#bad index" |
| } |
| this.backwards_size ~mod+= 1 |
| } endwhile |
| this.backwards_size >>= 2 |
| if (this.backwards_size == 0) or (this.backwards_size > 0xFFFF_FFFF) { |
| return "#bad index" |
| } |
| checksum32_want = args.src.read_u32le?() |
| if this.ignore_checksum { |
| // No-op. |
| } else if checksum32_want <> this.crc32.checksum_u32() { |
| return "#bad checksum" |
| } else { |
| this.crc32.reset!() |
| } |
| |
| // Verify the footer. |
| checksum32_want = args.src.read_u32le?() |
| while true { |
| smark = args.src.mark() |
| status =? this.verify_footer?(src: args.src) |
| if not this.ignore_checksum { |
| this.crc32.update!(x: args.src.since(mark: smark)) |
| } |
| if status.is_ok() { |
| break |
| } |
| yield? status |
| } endwhile |
| if (not this.ignore_checksum) and (checksum32_want <> this.crc32.checksum_u32()) { |
| return "#bad checksum" |
| } |
| footer_magic = args.src.read_u16le?() |
| if footer_magic <> '\x59\x5A'le { |
| return "#bad footer" |
| } |
| } |
| |
| pri func decoder.decode_block_header_with_padding?(src: base.io_reader) { |
| var c8 : base.u8 |
| var padded_size_have : base.u64 |
| var padded_size_want : base.u64 |
| var smark : base.u64 |
| var status : base.status |
| |
| c8 = args.src.read_u8?() |
| padded_size_want = ((c8 as base.u64) * 4) ~mod- 1 |
| |
| while true { |
| smark = args.src.mark() |
| status =? this.decode_block_header_sans_padding?(src: args.src) |
| padded_size_have ~sat+= args.src.count_since(mark: smark) |
| if status.is_ok() { |
| break |
| } |
| yield? status |
| } endwhile |
| |
| if padded_size_have > padded_size_want { |
| return "#bad block header" |
| } |
| while padded_size_have < padded_size_want { |
| assert padded_size_have < 0xFFFF_FFFF_FFFF_FFFF via "a < b: a < c; c <= b"(c: padded_size_want) |
| |
| c8 = args.src.read_u8?() |
| if c8 <> 0x00 { |
| return "#bad block header" |
| } |
| |
| padded_size_have += 1 |
| } endwhile |
| } |
| |
| pri func decoder.decode_block_header_sans_padding?(src: base.io_reader) { |
| var c8 : base.u8 |
| var flags : base.u8 |
| var filter_id : base.u8 |
| var status : base.status |
| var shift : base.u32 |
| var f : base.u32 |
| var k : base.u32 |
| |
| flags = args.src.read_u8?() |
| this.num_non_final_filters = (flags & 0x03) as base.u32 |
| if (flags & 0x3C) <> 0 { |
| return "#bad block header" |
| } |
| |
| this.block_has_compressed_size = (flags & 0x40) <> 0 |
| if this.block_has_compressed_size { |
| // Read a uvarint (Unsigned LEB128) as this.block_compressed_size. |
| this.block_compressed_size = 0 |
| shift = 0 |
| while true { |
| c8 = args.src.read_u8?() |
| if shift <= 56 { |
| this.block_compressed_size |= ((c8 & 0x7F) as base.u64) << shift |
| if c8 >= 0x80 { |
| shift += 7 |
| continue |
| } else if (c8 == 0x00) and (shift > 0) { |
| return "#bad block header" |
| } |
| break |
| } else if c8 <> 1 { |
| return "#bad block header" |
| } |
| this.block_compressed_size |= (1 as base.u64) << 63 |
| break |
| } endwhile |
| } |
| |
| this.block_has_uncompressed_size = (flags & 0x80) <> 0 |
| if this.block_has_uncompressed_size { |
| // Read a uvarint (Unsigned LEB128) as this.block_uncompressed_size. |
| this.block_uncompressed_size = 0 |
| shift = 0 |
| while true { |
| c8 = args.src.read_u8?() |
| if shift <= 56 { |
| this.block_uncompressed_size |= ((c8 & 0x7F) as base.u64) << shift |
| if c8 >= 0x80 { |
| shift += 7 |
| continue |
| } else if (c8 == 0x00) and (shift > 0) { |
| return "#bad block header" |
| } |
| break |
| } else if c8 <> 1 { |
| return "#bad block header" |
| } |
| this.block_uncompressed_size |= (1 as base.u64) << 63 |
| break |
| } endwhile |
| } |
| |
| // Configure the non-final filters. |
| |
| this.bcj_x86_prev_mask = 0 |
| choose apply_non_final_filters = [apply_non_final_filters] |
| f = 0 |
| while f < this.num_non_final_filters { |
| assert f < 3 via "a < b: a < c; c <= b"(c: this.num_non_final_filters) |
| filter_id = args.src.read_u8?() |
| if filter_id == 0x21 { // LZMA2 |
| return "#bad filter" |
| |
| } else if filter_id == 0x03 { // Delta. |
| // Delta's "Size of Properties" should be 1. |
| c8 = args.src.read_u8?() |
| if c8 <> 0x01 { |
| return "#bad filter" |
| } |
| // Stash that 1 Properties byte on to the LZMA decoder. |
| c8 = args.src.read_u8?() |
| this.filters[f] = ((c8 as base.u32) << 8) | 0x03 |
| |
| k = 0 |
| while k < 0x100, |
| inv f < 3, |
| { |
| this.filter_data[f][k] = 0x00 |
| k += 1 |
| } endwhile |
| |
| } else if (filter_id < 0x03) or (0x0B < filter_id) { |
| return "#unsupported filter" |
| } else if f <> 0 { |
| // We only support BCJ (Branch, Call, Jump) filters if they're the |
| // only filter (other than LZMA2). This simplifies their undo_byte |
| // interaction with I/O suspension. |
| return "#unsupported filter combination" |
| } else { |
| this.filters[f] = filter_id as base.u32 |
| if filter_id == 0x04 { |
| choose apply_non_final_filters = [apply_filter_04_x86] |
| } else if filter_id == 0x05 { |
| choose apply_non_final_filters = [apply_filter_05_powerpc] |
| } else if filter_id == 0x06 { |
| choose apply_non_final_filters = [apply_filter_06_ia64] |
| } else if filter_id == 0x07 { |
| choose apply_non_final_filters = [apply_filter_07_arm] |
| } else if filter_id == 0x08 { |
| choose apply_non_final_filters = [apply_filter_08_armthumb] |
| } else if filter_id == 0x09 { |
| choose apply_non_final_filters = [apply_filter_09_sparc] |
| } else if filter_id == 0x0A { |
| choose apply_non_final_filters = [apply_filter_0a_arm64] |
| } else { |
| choose apply_non_final_filters = [apply_filter_0b_riscv] |
| } |
| |
| c8 = args.src.read_u8?() |
| if c8 == 0x00 { |
| this.bcj_pos = 0 |
| } else if c8 == 0x04 { |
| this.bcj_pos = args.src.read_u32le?() |
| } else { |
| return "#unsupported filter" |
| } |
| } |
| |
| f += 1 |
| } endwhile |
| |
| // Configure the final filter (which must be LZMA2). |
| |
| filter_id = args.src.read_u8?() |
| if filter_id == 0x21 { // LZMA2 |
| // LZMA2's "Size of Properties" should be 1. |
| c8 = args.src.read_u8?() |
| if c8 <> 0x01 { |
| return "#bad filter" |
| } |
| // Pass that 1 Properties byte on to the LZMA decoder. |
| c8 = args.src.read_u8?() |
| status = this.lzma.set_quirk!( |
| key: lzma.QUIRK_FORMAT_EXTENSION, |
| value: 0x02 | ((c8 as base.u64) << 8)) |
| if not status.is_ok() { |
| return "#bad filter" |
| } |
| |
| } else if filter_id == 0x03 { // Delta. |
| return "#bad filter" |
| |
| } else { |
| return "#unsupported filter" |
| } |
| } |
| |
| pri func decoder.verify_index?(src: base.io_reader) { |
| var c8 : base.u8 |
| var shift : base.u32 |
| |
| if not this.started_verify_index { |
| this.started_verify_index = true |
| c8 = args.src.read_u8?() |
| if c8 <> 0 { |
| return "#bad index" |
| } |
| |
| shift = 0 |
| while true { |
| c8 = args.src.read_u8?() |
| if shift <= 56 { |
| this.num_index_blocks |= ((c8 & 0x7F) as base.u64) << shift |
| if c8 >= 0x80 { |
| shift += 7 |
| continue |
| } else if (c8 == 0x00) and (shift > 0) { |
| return "#bad block header" |
| } |
| break |
| } else if c8 <> 1 { |
| return "#bad block header" |
| } |
| this.num_index_blocks |= (1 as base.u64) << 63 |
| break |
| } endwhile |
| if this.num_index_blocks <> this.num_actual_blocks { |
| return "#bad index" |
| } |
| } |
| |
| while this.num_index_blocks > 0 { |
| this.num_index_blocks -= 1 |
| |
| this.index_block_compressed_size = 0 |
| shift = 0 |
| while true { |
| c8 = args.src.read_u8?() |
| if shift <= 56 { |
| this.index_block_compressed_size |= ((c8 & 0x7F) as base.u64) << shift |
| if c8 >= 0x80 { |
| shift += 7 |
| continue |
| } else if (c8 == 0x00) and (shift > 0) { |
| return "#bad block header" |
| } |
| break |
| } else if c8 <> 1 { |
| return "#bad block header" |
| } |
| this.index_block_compressed_size |= (1 as base.u64) << 63 |
| break |
| } endwhile |
| |
| this.index_block_uncompressed_size = 0 |
| shift = 0 |
| while true { |
| c8 = args.src.read_u8?() |
| if shift <= 56 { |
| this.index_block_uncompressed_size |= ((c8 & 0x7F) as base.u64) << shift |
| if c8 >= 0x80 { |
| shift += 7 |
| continue |
| } else if (c8 == 0x00) and (shift > 0) { |
| return "#bad block header" |
| } |
| break |
| } else if c8 <> 1 { |
| return "#bad block header" |
| } |
| this.index_block_uncompressed_size |= (1 as base.u64) << 63 |
| break |
| } endwhile |
| } endwhile |
| } |
| |
| pri func decoder.verify_footer?(src: base.io_reader) { |
| var c32 : base.u32 |
| |
| c32 = args.src.read_u32le?() |
| if c32 <> ((this.backwards_size & 0xFFFF_FFFF) as base.u32) { |
| return "#bad footer" |
| } |
| |
| c32 = args.src.read_u16le_as_u32?() |
| if c32 <> (this.flags as base.u32) { |
| return "#bad footer" |
| } |
| } |
| |
| pri const CHECKSUM_LENGTH : roarray[4] base.u8 = [ |
| 0x00, // 0: None. |
| 0x04, // 1: CRC-32. |
| 0x08, // 2: CRC-64. |
| 0x20, // 3: SHA-256. |
| ] |
| |
| pri const ZEROES : roarray[3] base.u8 = [0, 0, 0] |