Commit Graph

1108 Commits

Author SHA1 Message Date
Lasse Collin 214569ace8 liblzma: index_decoder: Fix missing initializations on LZMA_PROG_ERROR
If the arguments to lzma_index_decoder() or lzma_index_buffer_decode()
were such that LZMA_PROG_ERROR was returned, the lzma_index **i
argument wasn't touched even though the API docs say that *i = NULL
is done if an error occurs. This obviously won't be done even now
if i == NULL but otherwise it is best to do it due to the wording
in the API docs.

In practice this matters very little: The problem can occur only
if the functions are called with invalid arguments, that is,
the calling application must already have a bug.

(cherry picked from commit 71eed2520e)
2024-05-22 00:12:07 +03:00
Lasse Collin cf3780e309 liblzma: API doc cleanups
(cherry picked from commit 08ab0966a7)
2024-05-22 00:12:07 +03:00
Lasse Collin 6364cbc63e liblzma: lzma_str_to_filters: Set *error_pos on all errors
The API docs clearly say that if error_pos isn't NULL then *error
is always set on any error. However, it wasn't touched if str == NULL
or filters == NULL or unsupported flags were specified.

Fixes: cedeeca2ea
(cherry picked from commit 70d12dd069)
2024-05-22 00:12:07 +03:00
Lasse Collin 6edc2b554f xz man page: Use .ft CR instead of CW to silence warnings from groff.
(cherry picked from commit 31ef676567)
2024-05-22 00:12:07 +03:00
Lasse Collin c5c091332c Update website URLs back to tukaani.org.
The XZ projects were moved back to their original URLs.

(cherry picked from commit 17aa2e1a79)
2024-05-22 00:12:07 +03:00
Lasse Collin 32e256c12a liblzma: Minor comment edits.
(cherry picked from commit 3217b82b3e)
2024-05-22 00:12:07 +03:00
Sergey Kosukhin 65ac20807c liblzma: Fix building with NVHPC (NVIDIA HPC SDK).
NVHPC compiler has several issues that make it impossible to
build liblzma:
  - the compiler cannot handle unions that contain pointers that
    are not the first members;
  - the compiler fails to produce valid code for delta_decode if the
    vectorization is enabled, which results in failed tests.

This introduces NVHPC-specific workarounds that address the issues.

(This commit was contributed under 0BSD but the author confirmed
that it is fine to backport it to the public domain branches. See
https://github.com/tukaani-project/xz/pull/90#issuecomment-2100185936
and the next two messages.)

(cherry picked from commit 096bc0e3f8)
2024-05-22 00:11:58 +03:00
Lasse Collin b4b315a206 xz: Delete old commented-out code.
(cherry picked from commit 4ce300ce08)
2024-05-22 00:07:08 +03:00
Lasse Collin 9c9a3e7b3f xz: Tweak comments.
(cherry picked from commit 7312dfbb02)
2024-05-22 00:07:08 +03:00
Lasse Collin 7d3418e496 xz: Fix message_init() description.
Also explicitly initialize progress_automatic to make it clear
that it can be read before message_init() sets it. Static variable
was initialized to false by default already so this is only for
clarity.

(cherry picked from commit c701a5909a)
2024-05-22 00:07:08 +03:00
Lasse Collin 62cfb46acc xz: Fix outdated threading related info on the man page.
(cherry picked from commit 0709c2b2d7)
2024-05-07 18:27:15 +03:00
Lasse Collin 65b5ee0716 liblzma: Fix compilation of price_tablegen.c.
It is built and run only manually so this didn't matter
unless one wanted to regenerate the price_table.c.

(cherry picked from commit 8e4ec79483)
2024-05-07 18:13:03 +03:00
Lasse Collin f200c338f8 liblzma: Sync the AUTHORS fix about SHA-256 to lzma.h.
(based on commit 23de53421e)
2024-05-07 18:11:43 +03:00
Lasse Collin 402fb45c74 Fix SHA-256 authors.
The initial commit 5d018dc035
in 2007 had a comment in sha256.c that the code is based on
Crypto++ Library 5.5.1. In 2009 the Authors list in sha256.c
and the AUTHORS file was updated with information that the
code had come from Crypto++ but via 7-Zip. I know I had viewed
7-Zip's SHA-256 code but back then the C code has been identical
enough with Crypto++, so I don't why I thought the author info
would need that extra step via 7-Zip for this single file.

Another error is that I had mixed sha.* and shacal2.* files
when checking for author info in Crypto++. The shacal2.* files
aren't related to liblzma's sha256.c and thus Kevin Springle's
code in Crypto++ isn't either.

(cherry picked from commit 76946dc433)
2024-05-07 18:07:31 +03:00
Lasse Collin e5ba545f16 xzless: Use ||- in LESSOPEN with with "less" 451 and newer.
(cherry picked from commit 9860d418d2)
2024-05-07 18:06:55 +03:00
Lasse Collin 5e7a8c0869 xzless: Use --show-preproc-errors with "less" 632 and newer.
This makes "less" show a warning if a decompression error occurred.

(cherry picked from commit fd0692b052)
2024-05-07 18:06:55 +03:00
Jia Tan 6e8732c5a3 Bump version and soname for 5.4.6. 2024-01-26 19:41:20 +08:00
Jia Tan 55285900b3 xz: Update website URLs in the man pages. 2024-01-24 21:13:52 +08:00
Jia Tan a670f69521 liblzma: Update website URL. 2024-01-24 21:13:49 +08:00
Jia Tan 9e96ca8c48 xz: Add a comment to Capsicum sandbox setup.
This comment is repeated in xzdec.c to help remind us why all the
capabilities are removed from stdin in certain situations.
2023-12-22 20:02:06 +08:00
Jia Tan 8191720eac liblzma: Set all values in lzma_lz_encoder to NULL after allocation.
The first member of lzma_lz_encoder doesn't necessarily need to be set
to NULL since it will always be set before anything tries to use it.
However the function pointer members must be set to NULL since other
functions rely on this NULL value to determine if this behavior is
supported or not.

This fixes a somewhat serious bug, where the options_update() and
set_out_limit() function pointers are not set to NULL. This seems to
have been forgotten since these function pointers were added many years
after the original two (code() and end()).

The problem is that by not setting this to NULL we are relying on the
memory allocation to zero things out if lzma_filters_update() is called
on a LZMA1 encoder. The function pointer for set_out_limit() is less
serious because there is not an API function that could call this in an
incorrect way. set_out_limit() is only called by the MicroLZMA encoder,
which must use LZMA1 where set_out_limit() is always set. Its currently
not possible to call set_out_limit() on an LZMA2 encoder at this time.

So calling lzma_filters_update() on an LZMA1 encoder had undefined
behavior since its possible that memory could be manipulated so the
options_update member pointed to a different instruction sequence.

This is unlikely to be a bug in an existing application since it relies
on calling lzma_filters_update() on an LZMA1 encoder in the first place.
For instance, it does not affect xz because lzma_filters_update() can
only be used when encoding to the .xz format.
2023-12-22 20:02:06 +08:00
Jia Tan 0ba5dd7ba1 liblzma: Tweak a comment. 2023-12-22 20:02:06 +08:00
Jia Tan 27ab54af84 liblzma: Make parameter names in function definition match declaration.
lzma_raw_encoder() and lzma_raw_encoder_init() used "options" as the
parameter name instead of "filters" (used by the declaration). "filters"
is more clear since the parameter represents the list of filters passed
to the raw encoder, each of which contains filter options.
2023-12-22 20:02:06 +08:00
Jia Tan 019afd72e0 liblzma: Improve lzma encoder init function consistency.
lzma_encoder_init() did not check for NULL options, but
lzma2_encoder_init() did. This is more of a code style improvement than
anything else to help make lzma_encoder_init() and lzma2_encoder_init()
more similar.
2023-12-22 20:02:06 +08:00
Jia Tan 7dc466d621 xz: Use is_tty() in message.c. 2023-12-22 20:02:06 +08:00
Jia Tan 0ecfaa6df9 xz: Create separate is_tty() function.
The new is_tty() will report if a file descriptor is a terminal or not.
On POSIX systems, it is a wrapper around isatty(). However, the native
Windows implementation of isatty() will return true for all character
devices, not just terminals. So is_tty() has a special case for Windows
so it can use alternative Windows API functions to determine if a file
descriptor is a terminal.

This fixes a bug with MSVC and MinGW-w64 builds that refused to read from
or write to non-terminal character devices because xz thought it was a
terminal. For instance:

    xz foo -c > /dev/null

would fail because /dev/null was assumed to be a terminal.
2023-12-22 20:02:06 +08:00
Jia Tan 9a300c9068 tuklib_integer: Fix typo discovered by codespell.
Based on internet dictionary searches, 'choise' is an outdated spelling
of 'choice'.
2023-12-22 20:02:06 +08:00
Jia Tan 87c956d4c4 xz: Fix suffix check.
The suffix refactor done in 99575947a5
had a small regression where raw format compression to standard out
failed if a suffix was not set. In this case, setting the suffix did
not make sense since a file is not created.

Now, xz should only fail when a suffix is not provided when it is
actually needed.

For instance:

    echo "foo" | xz --format=raw --lzma2 | wc -c

does not need a suffix check since it creates no files. But:

    xz --format=raw --lzma2 --suffix=.bar foo

Needs the suffix to be set since it must create foo.bar.
2023-12-22 20:02:06 +08:00
Jia Tan 84196e8c09 liblzma: Add missing comments to lz_encoder.h. 2023-12-22 20:02:03 +08:00
Jia Tan 49053c0a64 Bump version and soname for 5.4.5. 2023-11-01 20:26:15 +08:00
Lasse Collin d90ed84db9 liblzma: Fix compilation of fastpos_tablegen.c.
The macro lzma_attr_visibility_hidden has to be defined to make
fastpos.h usable. The visibility attribute is irrelevant to
fastpos_tablegen.c so simply #define the macro to an empty value.

fastpos_tablegen.c is never built by the included build systems
and so the problem wasn't noticed earlier. It's just a standalone
program for generating fastpos_table.c.

Fixes: https://github.com/tukaani-project/xz/pull/69
Thanks to GitHub user Jamaika1.
2023-11-01 20:22:15 +08:00
Lasse Collin 068ee436f4 liblzma: Use lzma_always_inline in memcmplen.h. 2023-10-31 18:44:59 +08:00
Lasse Collin 6cdf0a7b79 liblzma: #define lzma_always_inline in common.h. 2023-10-31 18:44:59 +08:00
Lasse Collin 33daad3961 liblzma: Use lzma_attr_visibility_hidden on private extern declarations.
These variables are internal to liblzma and not exposed in the API.
2023-10-31 18:44:59 +08:00
Lasse Collin 6961a5ac7d liblzma: #define lzma_attr_visibility_hidden in common.h.
In ELF shared libs:

-fvisibility=hidden affects definitions of symbols but not
declarations.[*] This doesn't affect direct calls to functions
inside liblzma as a linker can replace a call to lzma_foo@plt
with a call directly to lzma_foo when -fvisibility=hidden is used.

[*] It has to be like this because otherwise every installed
    header file would need to explictly set the symbol visibility
    to default.

When accessing extern variables that aren't defined in the
same translation unit, compiler assumes that the variable has
the default visibility and thus indirection is needed. Unlike
function calls, linker cannot optimize this.

Using __attribute__((__visibility__("hidden"))) with the extern
variable declarations tells the compiler that indirection isn't
needed because the definition is in the same shared library.

About 15+ years ago, someone told me that it would be good if
the CRC tables would be defined in the same translation unit
as the C code of the CRC functions. While I understood that it
could help a tiny amount, I didn't want to change the code because
a separate translation unit for the CRC tables was needed for the
x86 assembly code anyway. But when visibility attributes are
supported, simply marking the extern declaration with the
hidden attribute will get identical result. When there are only
a few affected variables, this is trivial to do. I wish I had
understood this back then already.
2023-10-31 18:44:59 +08:00
Lasse Collin 5b9e167649 liblzma: Refer to MinGW-w64 instead of MinGW in the API headers.
MinGW (formely a MinGW.org Project, later the MinGW.OSDN Project
at <https://osdn.net/projects/mingw/>) has GCC 9.2.0 as the
most recent GCC package (released 2021-02-02). The project might
still be alive but majority of people have switched to MinGW-w64.
Thus it seems clearer to refer to MinGW-w64 in our API headers too.
Building with MinGW is likely to still work but I haven't tested it
in the recent years.
2023-10-31 18:44:59 +08:00
Lasse Collin 4083c8e950 liblzma: Add Cflags.private to liblzma.pc.in for MSYS2.
It properly adds -DLZMA_API_STATIC when compiling code that
will be linked against static liblzma. Having it there on
systems other than Windows does no harm.

See: https://www.msys2.org/docs/pkgconfig/
2023-10-31 18:44:59 +08:00
Lasse Collin 5056bc5107 tuklib_integer: Revise unaligned reads and writes on strict-align archs.
In XZ Utils context this doesn't matter much because
unaligned reads and writes aren't used in hot code
when TUKLIB_FAST_UNALIGNED_ACCESS isn't #defined.
2023-10-31 18:44:59 +08:00
Lasse Collin 9e14743ee5 tuklib_integer: Add missing write64be and write64le fallback functions. 2023-10-31 18:44:59 +08:00
Jia Tan 1bce6fe483 liblzma: Avoid compiler warning without creating extra symbol.
When the generic fast crc64 method is used, then we omit
lzma_crc64_table[][].

The C standards don't allow an empty translation unit which can be
avoided by declaring something, without exporting any symbols.
2023-10-31 18:44:59 +08:00
Lasse Collin 4ae13cfe0d sysdefs.h: Update the comment about __USE_MINGW_ANSI_STDIO. 2023-10-31 18:44:59 +08:00
Lasse Collin 660c8c29e5 xz: Windows: Don't (de)compress to special files like "con" or "nul".
Before this commit, the following writes "foo" to the
console and deletes the input file:

    echo foo | xz > con_xz
    xz --suffix=_xz --decompress con_xz

It cannot happen without --suffix because names like con.xz
are also special and so attempting to decompress con.xz
(or compress con to con.xz) will already fail when opening
the input file.

Similar thing is possible when compressing. The following
writes to "nul" and the input file "n" is deleted.

    echo foo | xz > n
    xz --suffix=ul n

Now xz checks if the destination is a special file before
continuing. DOS/DJGPP version had a check for this but
Windows (and OS/2) didn't.
2023-10-31 18:44:59 +08:00
Lasse Collin e3478ae4f3 liblzma: Move a few __attribute__ uses in function declarations.
The API headers have many attributes but these were left
as is for now.
2023-10-31 01:03:25 +08:00
Lasse Collin b71b8922ef xz, xzdec, lzmainfo: Use tuklib_attr_noreturn.
For compatibility with C23's [[noreturn]], tuklib_attr_noreturn
must be at the beginning of declaration (before "extern" or
"static", and even before any GNU C's __attribute__).

This commit also moves all other function attributes to
the beginning of function declarations. "extern" is kept
at the beginning of a line so the attributes are listed on
separate lines before "extern" or "static".
2023-10-31 01:03:25 +08:00
Lasse Collin 359e5c6cb1 Remove incorrect uses of __attribute__((__malloc__)).
xrealloc() is obviously incorrect, modern GCC docs even
mention realloc() as an example where this attribute
cannot be used.

liblzma's lzma_alloc() and lzma_alloc_zero() would be
correct uses most of the time but custom allocators
may use a memory pool or otherwise hold the pointer
so aliasing issues could happen in theory.

The xstrdup() case likely was correct but I removed it anyway.
Now there are no __malloc__ attributes left in the code.
The allocations aren't in hot paths so this should make
no practical difference.
2023-10-31 01:03:25 +08:00
Lasse Collin caf00e0988 liblzma: Mark crc64_clmul() with __attribute__((__no_sanitize_address__)).
Thanks to Agostino Sarubbo.
Fixes: https://github.com/tukaani-project/xz/issues/62
2023-10-31 01:03:25 +08:00
Lasse Collin 1f6e7c68fb xz: Refactor thousand separator detection and disable it on MSVC.
Now the two variations of the format strings are created with
a macro, and the whole detection code can be easily disabled
on platforms where thousand separator formatting is known to
not work (MSVC has no support, and on DJGPP 2.05 it can have
problems in some cases).
2023-10-31 01:03:25 +08:00
Lasse Collin ef71f83973 xz: Fix a too relaxed assertion and remove uses of SSIZE_MAX.
SSIZE_MAX isn't readily available on MSVC. Removing it means
that there is one thing less to worry when porting to MSVC.
2023-10-31 01:03:25 +08:00
Jia Tan 773f1e8622 liblzma: Update assert in vli_ceil4().
The argument to vli_ceil4() should always guarantee the return value
is also a valid lzma_vli. Thus the highest three valid lzma_vli values
are invalid arguments. All uses of the function ensure this so the
assert is updated to match this.
2023-10-26 06:22:24 +08:00
Jia Tan 68bda971bb liblzma: Add overflow check for Unpadded size in lzma_index_append().
This was not a security bug since there was no path to overflow
UINT64_MAX in lzma_index_append() or when it calls index_file_size().
The bug was discovered by a failing assert() in vli_ceil4() when called
from index_file_size() when unpadded_sum (the sum of the compressed size
of current Stream and the unpadded_size parameter) exceeds LZMA_VLI_MAX.

Previously, the unpadded_size parameter was checked to be not greater
than UNPADDED_SIZE_MAX, but no check was done once compressed_base was
added.

This could not have caused an integer overflow in index_file_size() when
called by lzma_index_append(). The calculation for file_size breaks down
into the sum of:

- Compressed base from all previous Streams
- 2 * LZMA_STREAM_HEADER_SIZE (size of the current Streams header and
  footer)
- stream_padding (can be set by lzma_index_stream_padding())
- Compressed base from the current Stream
- Unpadded size (parameter to lzma_index_append())

The sum of everything except for Unpadded size must be less than
LZMA_VLI_MAX. This is guarenteed by overflow checks in the functions
that can set these values including lzma_index_stream_padding(),
lzma_index_append(), and lzma_index_cat(). The maximum value for
Unpadded size is enforced by lzma_index_append() to be less than or
equal UNPADDED_SIZE_MAX. Thus, the sum cannot exceed UINT64_MAX since
LZMA_VLI_MAX is half of UINT64_MAX.

Thanks to Joona Kannisto for reporting this.
2023-10-26 06:22:24 +08:00