GNU Linux-libre 6.9.1-gnu
[releases.git] / lib / lzo / lzo1x_decompress_safe.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  *  LZO1X Decompressor from LZO
4  *
5  *  Copyright (C) 1996-2012 Markus F.X.J. Oberhumer <markus@oberhumer.com>
6  *
7  *  The full LZO package can be found at:
8  *  http://www.oberhumer.com/opensource/lzo/
9  *
10  *  Changed for Linux kernel use by:
11  *  Nitin Gupta <nitingupta910@gmail.com>
12  *  Richard Purdie <rpurdie@openedhand.com>
13  */
14
15 #ifndef STATIC
16 #include <linux/module.h>
17 #include <linux/kernel.h>
18 #endif
19 #include <asm/unaligned.h>
20 #include <linux/lzo.h>
21 #include "lzodefs.h"
22
23 #define HAVE_IP(x)      ((size_t)(ip_end - ip) >= (size_t)(x))
24 #define HAVE_OP(x)      ((size_t)(op_end - op) >= (size_t)(x))
25 #define NEED_IP(x)      if (!HAVE_IP(x)) goto input_overrun
26 #define NEED_OP(x)      if (!HAVE_OP(x)) goto output_overrun
27 #define TEST_LB(m_pos)  if ((m_pos) < out) goto lookbehind_overrun
28
29 /* This MAX_255_COUNT is the maximum number of times we can add 255 to a base
30  * count without overflowing an integer. The multiply will overflow when
31  * multiplying 255 by more than MAXINT/255. The sum will overflow earlier
32  * depending on the base count. Since the base count is taken from a u8
33  * and a few bits, it is safe to assume that it will always be lower than
34  * or equal to 2*255, thus we can always prevent any overflow by accepting
35  * two less 255 steps. See Documentation/staging/lzo.rst for more information.
36  */
37 #define MAX_255_COUNT      ((((size_t)~0) / 255) - 2)
38
39 int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
40                           unsigned char *out, size_t *out_len)
41 {
42         unsigned char *op;
43         const unsigned char *ip;
44         size_t t, next;
45         size_t state = 0;
46         const unsigned char *m_pos;
47         const unsigned char * const ip_end = in + in_len;
48         unsigned char * const op_end = out + *out_len;
49
50         unsigned char bitstream_version;
51
52         op = out;
53         ip = in;
54
55         if (unlikely(in_len < 3))
56                 goto input_overrun;
57
58         if (likely(in_len >= 5) && likely(*ip == 17)) {
59                 bitstream_version = ip[1];
60                 ip += 2;
61         } else {
62                 bitstream_version = 0;
63         }
64
65         if (*ip > 17) {
66                 t = *ip++ - 17;
67                 if (t < 4) {
68                         next = t;
69                         goto match_next;
70                 }
71                 goto copy_literal_run;
72         }
73
74         for (;;) {
75                 t = *ip++;
76                 if (t < 16) {
77                         if (likely(state == 0)) {
78                                 if (unlikely(t == 0)) {
79                                         size_t offset;
80                                         const unsigned char *ip_last = ip;
81
82                                         while (unlikely(*ip == 0)) {
83                                                 ip++;
84                                                 NEED_IP(1);
85                                         }
86                                         offset = ip - ip_last;
87                                         if (unlikely(offset > MAX_255_COUNT))
88                                                 return LZO_E_ERROR;
89
90                                         offset = (offset << 8) - offset;
91                                         t += offset + 15 + *ip++;
92                                 }
93                                 t += 3;
94 copy_literal_run:
95 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
96                                 if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) {
97                                         const unsigned char *ie = ip + t;
98                                         unsigned char *oe = op + t;
99                                         do {
100                                                 COPY8(op, ip);
101                                                 op += 8;
102                                                 ip += 8;
103                                                 COPY8(op, ip);
104                                                 op += 8;
105                                                 ip += 8;
106                                         } while (ip < ie);
107                                         ip = ie;
108                                         op = oe;
109                                 } else
110 #endif
111                                 {
112                                         NEED_OP(t);
113                                         NEED_IP(t + 3);
114                                         do {
115                                                 *op++ = *ip++;
116                                         } while (--t > 0);
117                                 }
118                                 state = 4;
119                                 continue;
120                         } else if (state != 4) {
121                                 next = t & 3;
122                                 m_pos = op - 1;
123                                 m_pos -= t >> 2;
124                                 m_pos -= *ip++ << 2;
125                                 TEST_LB(m_pos);
126                                 NEED_OP(2);
127                                 op[0] = m_pos[0];
128                                 op[1] = m_pos[1];
129                                 op += 2;
130                                 goto match_next;
131                         } else {
132                                 next = t & 3;
133                                 m_pos = op - (1 + M2_MAX_OFFSET);
134                                 m_pos -= t >> 2;
135                                 m_pos -= *ip++ << 2;
136                                 t = 3;
137                         }
138                 } else if (t >= 64) {
139                         next = t & 3;
140                         m_pos = op - 1;
141                         m_pos -= (t >> 2) & 7;
142                         m_pos -= *ip++ << 3;
143                         t = (t >> 5) - 1 + (3 - 1);
144                 } else if (t >= 32) {
145                         t = (t & 31) + (3 - 1);
146                         if (unlikely(t == 2)) {
147                                 size_t offset;
148                                 const unsigned char *ip_last = ip;
149
150                                 while (unlikely(*ip == 0)) {
151                                         ip++;
152                                         NEED_IP(1);
153                                 }
154                                 offset = ip - ip_last;
155                                 if (unlikely(offset > MAX_255_COUNT))
156                                         return LZO_E_ERROR;
157
158                                 offset = (offset << 8) - offset;
159                                 t += offset + 31 + *ip++;
160                                 NEED_IP(2);
161                         }
162                         m_pos = op - 1;
163                         next = get_unaligned_le16(ip);
164                         ip += 2;
165                         m_pos -= next >> 2;
166                         next &= 3;
167                 } else {
168                         NEED_IP(2);
169                         next = get_unaligned_le16(ip);
170                         if (((next & 0xfffc) == 0xfffc) &&
171                             ((t & 0xf8) == 0x18) &&
172                             likely(bitstream_version)) {
173                                 NEED_IP(3);
174                                 t &= 7;
175                                 t |= ip[2] << 3;
176                                 t += MIN_ZERO_RUN_LENGTH;
177                                 NEED_OP(t);
178                                 memset(op, 0, t);
179                                 op += t;
180                                 next &= 3;
181                                 ip += 3;
182                                 goto match_next;
183                         } else {
184                                 m_pos = op;
185                                 m_pos -= (t & 8) << 11;
186                                 t = (t & 7) + (3 - 1);
187                                 if (unlikely(t == 2)) {
188                                         size_t offset;
189                                         const unsigned char *ip_last = ip;
190
191                                         while (unlikely(*ip == 0)) {
192                                                 ip++;
193                                                 NEED_IP(1);
194                                         }
195                                         offset = ip - ip_last;
196                                         if (unlikely(offset > MAX_255_COUNT))
197                                                 return LZO_E_ERROR;
198
199                                         offset = (offset << 8) - offset;
200                                         t += offset + 7 + *ip++;
201                                         NEED_IP(2);
202                                         next = get_unaligned_le16(ip);
203                                 }
204                                 ip += 2;
205                                 m_pos -= next >> 2;
206                                 next &= 3;
207                                 if (m_pos == op)
208                                         goto eof_found;
209                                 m_pos -= 0x4000;
210                         }
211                 }
212                 TEST_LB(m_pos);
213 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
214                 if (op - m_pos >= 8) {
215                         unsigned char *oe = op + t;
216                         if (likely(HAVE_OP(t + 15))) {
217                                 do {
218                                         COPY8(op, m_pos);
219                                         op += 8;
220                                         m_pos += 8;
221                                         COPY8(op, m_pos);
222                                         op += 8;
223                                         m_pos += 8;
224                                 } while (op < oe);
225                                 op = oe;
226                                 if (HAVE_IP(6)) {
227                                         state = next;
228                                         COPY4(op, ip);
229                                         op += next;
230                                         ip += next;
231                                         continue;
232                                 }
233                         } else {
234                                 NEED_OP(t);
235                                 do {
236                                         *op++ = *m_pos++;
237                                 } while (op < oe);
238                         }
239                 } else
240 #endif
241                 {
242                         unsigned char *oe = op + t;
243                         NEED_OP(t);
244                         op[0] = m_pos[0];
245                         op[1] = m_pos[1];
246                         op += 2;
247                         m_pos += 2;
248                         do {
249                                 *op++ = *m_pos++;
250                         } while (op < oe);
251                 }
252 match_next:
253                 state = next;
254                 t = next;
255 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
256                 if (likely(HAVE_IP(6) && HAVE_OP(4))) {
257                         COPY4(op, ip);
258                         op += t;
259                         ip += t;
260                 } else
261 #endif
262                 {
263                         NEED_IP(t + 3);
264                         NEED_OP(t);
265                         while (t > 0) {
266                                 *op++ = *ip++;
267                                 t--;
268                         }
269                 }
270         }
271
272 eof_found:
273         *out_len = op - out;
274         return (t != 3       ? LZO_E_ERROR :
275                 ip == ip_end ? LZO_E_OK :
276                 ip <  ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN);
277
278 input_overrun:
279         *out_len = op - out;
280         return LZO_E_INPUT_OVERRUN;
281
282 output_overrun:
283         *out_len = op - out;
284         return LZO_E_OUTPUT_OVERRUN;
285
286 lookbehind_overrun:
287         *out_len = op - out;
288         return LZO_E_LOOKBEHIND_OVERRUN;
289 }
290 #ifndef STATIC
291 EXPORT_SYMBOL_GPL(lzo1x_decompress_safe);
292
293 MODULE_LICENSE("GPL");
294 MODULE_DESCRIPTION("LZO1X Decompressor");
295
296 #endif