Commit Graph

1466 Commits

Author SHA1 Message Date
Lasse Collin 09363bea46 liblzma: Avoid null pointer + 0 (undefined behavior in C).
In the C99 and C17 standards, section 6.5.6 paragraph 8 means that
adding 0 to a null pointer is undefined behavior. As of writing,
"clang -fsanitize=undefined" (Clang 15) diagnoses this. However,
I'm not aware of any compiler that would take advantage of this
when optimizing (Clang 15 included). It's good to avoid this anyway
since compilers might some day infer that pointer arithmetic implies
that the pointer is not NULL. That is, the following foo() would then
unconditionally return 0, even for foo(NULL, 0):

    void bar(char *a, char *b);

    int foo(char *a, size_t n)
    {
        bar(a, a + n);
        return a == NULL;
    }

In contrast to C, C++ explicitly allows null pointer + 0. So if
the above is compiled as C++ then there is no undefined behavior
in the foo(NULL, 0) call.

To me it seems that changing the C standard would be the sane
thing to do (just add one sentence) as it would ensure that a huge
amount of old code won't break in the future. Based on web searches
it seems that a large number of codebases (where null pointer + 0
occurs) are being fixed instead to be future-proof in case compilers
will some day optimize based on it (like making the above foo(NULL, 0)
return 0) which in the worst case will cause security bugs.

Some projects don't plan to change it. For example, gnulib and thus
many GNU tools currently require that null pointer + 0 is defined:

    https://lists.gnu.org/archive/html/bug-gnulib/2021-11/msg00000.html

    https://www.gnu.org/software/gnulib/manual/html_node/Other-portability-assumptions.html

In XZ Utils null pointer + 0 issue should be fixed after this
commit. This adds a few if-statements and thus branches to avoid
null pointer + 0. These check for size > 0 instead of ptr != NULL
because this way bugs where size > 0 && ptr == NULL will likely
get caught quickly. None of them are in hot spots so it shouldn't
matter for performance.

A little less readable version would be replacing

    ptr + offset

with

    offset != 0 ? ptr + offset : ptr

or creating a macro for it:

    #define my_ptr_add(ptr, offset) \
            ((offset) != 0 ? ((ptr) + (offset)) : (ptr))

Checking for offset != 0 instead of ptr != NULL allows GCC >= 8.1,
Clang >= 7, and Clang-based ICX to optimize it to the very same code
as ptr + offset. That is, it won't create a branch. So for hot code
this could be a good solution to avoid null pointer + 0. Unfortunately
other compilers like ICC 2021 or MSVC 19.33 (VS2022) will create a
branch from my_ptr_add().

Thanks to Marcin Kowalczyk for reporting the problem:
https://github.com/tukaani-project/xz/issues/36
2023-03-11 21:47:47 +02:00
Lasse Collin d9445b5b2d Update THANKS. 2023-03-11 21:45:27 +02:00
Lasse Collin 3cc8ece2dc Build: Use only the generic symbol versioning on MicroBlaze.
On MicroBlaze, GCC 12 is broken in sense that
__has_attribute(__symver__) returns true but it still doesn't
support the __symver__ attribute even though the platform is ELF
and symbol versioning is supported if using the traditional
__asm__(".symver ...") method. Avoiding the traditional method is
good because it breaks LTO (-flto) builds with GCC.

See also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101766

For now the only extra symbols in liblzma_linux.map are the
compatibility symbols with the patch that spread from RHEL/CentOS 7.
These require the use of __symver__ attribute or __asm__(".symver ...")
in the C code. Compatibility with the patch from CentOS 7 doesn't
seem valuable on MicroBlaze so use liblzma_generic.map on MicroBlaze
instead. It doesn't require anything special in the C code and thus
no LTO issues either.

An alternative would be to detect support for __symver__
attribute in configure.ac and CMakeLists.txt and fall back
to __asm__(".symver ...") but then LTO would be silently broken
on MicroBlaze. It sounds likely that MicroBlaze is a special
case so let's treat it as a such because that is simpler. If
a similar issue exists on some other platform too then hopefully
someone will report it and this can be reconsidered.

(This doesn't do the same fix in CMakeLists.txt. Perhaps it should
but perhaps CMake build of liblzma doesn't matter much on MicroBlaze.
The problem breaks the build so it's easy to notice and can be fixed
later.)

Thanks to Vincent Fazio for reporting the problem and proposing
a patch (in the end that solution wasn't used):
https://github.com/tukaani-project/xz/pull/32
2023-03-11 21:45:26 +02:00
Jia Tan 050c6dbf96 liblzma: Fix documentation for LZMA_MEMLIMIT_ERROR.
LZMA_MEMLIMIT_ERROR was missing the "<" character needed to put
documentation after a member.
2023-03-11 21:45:26 +02:00
Jia Tan 8daaac8e10 tuklib_physmem: Silence warning from -Wcast-function-type on MinGW-w64.
tuklib_physmem depends on GetProcAddress() for both MSVC and MinGW-w64
to retrieve a function address. The proper way to do this is to cast the
return value to the type of function pointer retrieved. Unfortunately,
this causes a cast-function-type warning, so the best solution is to
simply ignore the warning.
2023-03-11 21:45:26 +02:00
Jia Tan 6c9a2c2e46 xz: Add missing comment for coder_set_compression_settings() 2023-03-11 21:45:26 +02:00
Jia Tan ccbb991efa xz: Do not set compression settings with raw format in list mode.
Calling coder_set_compression_settings() in list mode with verbose mode
on caused the filter chain and memory requirements to print. This was
unnecessary since the command results in an error and not consistent
with other formats like lzma and alone.
2023-03-11 21:45:26 +02:00
Lasse Collin 6df383be4a xz: Use ssize_t for the to-be-ignored return value from write(fd, ptr, 1).
It makes no difference here as the return value fits into an int
too and it then gets ignored but this looks better.
2023-03-11 21:45:26 +02:00
Lasse Collin 2ca95b7cfe liblzma: Silence warnings from clang -Wconditional-uninitialized.
This is similar to 2ce4f36f17.
The actual initialization of the variables is done inside
mythread_sync() macro. Clang doesn't seem to see that
the initialization code inside the macro is always executed.
2023-03-11 21:38:31 +02:00
Lasse Collin f900dd937f Fix warnings from clang -Wdocumentation. 2023-03-11 21:37:49 +02:00
Jia Tan 3e2b345cfd xz: Fix warning -Wformat-nonliteral on clang in message.c.
clang and gcc differ in how they handle -Wformat-nonliteral. gcc will
allow a non-literal format string as long as the function takes its
format arguments as a va_list.
2023-03-11 21:37:49 +02:00
Lasse Collin f2192d13b5 CMake/Windows: Add a workaround for windres from GNU binutils.
This is combined from the following commits in the master branch:
443dfebced
6b117d3b1f
5e34774c31

Thanks to Iouri Kharon for the bug report, the original patch,
and testing.
2023-03-11 21:34:26 +02:00
Lasse Collin 35167d71f8 CMake: Update cmake_minimum_required from 3.13...3.16 to 3.13...3.25.
The changes listed on cmake-policies(7) for versions 3.17 to 3.25
shouldn't affect this project.
2023-03-11 21:34:26 +02:00
Lasse Collin f8cae7cee0 Update THANKS. 2023-03-11 21:34:26 +02:00
Lasse Collin 7c337404bf CMake: Fix a copypaste error in xzdec Windows resource file handling.
It was my mistake. Thanks to Iouri Kharon for the bug report.
2023-03-11 21:34:26 +02:00
Lasse Collin 4dbdbd02d2 CMake/Windows: Add resource files to xz.exe and xzdec.exe.
The command line tools cannot be built with MSVC for now but
they can be built with MinGW-w64.

Thanks to Iouri Kharon for the bug report and the original patch.
2023-03-11 21:34:26 +02:00
Jia Tan 2155fef528 liblzma: Update documentation for lzma_filter_encoder. 2023-03-11 21:34:26 +02:00
Jia Cheong Tan 7067c1ca65 Doxygen: Update .gitignore for generating docs for in source build.
In source builds are not recommended, but we should still ignore
the generated artifacts.
2023-03-11 21:34:24 +02:00
Jia Tan f62e5aae51 CMake: Update .gitignore for CMake artifacts from in source build.
In source builds are not recommended, but we can make it easier
by ignoring the generated artifacts from CMake.
2023-03-11 21:33:33 +02:00
Lasse Collin f7c2cc5561 Bump version and soname for 5.2.10. 2022-12-13 13:03:20 +02:00
Lasse Collin e4e5d5bbb1 Add NEWS for 5.2.10. 2022-12-13 13:02:15 +02:00
Lasse Collin e207267c4b Tests: Fix a typo in tests/files/README. 2022-12-13 12:31:10 +02:00
Lasse Collin 90f8e0828b Update AUTHORS. 2022-12-12 19:09:20 +02:00
Lasse Collin 59a17888e9 xz: Make args_info.files_name a const pointer. 2022-12-12 15:53:03 +02:00
Lasse Collin 4af80d4f51 xz: Don't modify argv[].
The code that parses --memlimit options and --block-list modified
the argv[] when parsing the option string from optarg. This was
visible in "ps auxf" and such and could be confusing. I didn't
understand it back in the day when I wrote that code. Now a copy
is allocated when modifiable strings are needed.
2022-12-12 15:53:01 +02:00
Lasse Collin 7623b22d1d liblzma: Check for unexpected NULL pointers in block_header_decode().
The API docs gave an impression that such checks are done
but they actually weren't done. In practice it made little
difference since the calling code has a bug if these are NULL.

Thanks to Jia Tan for the original patch that checked for
block->filters == NULL.
2022-12-12 15:47:17 +02:00
Lasse Collin ef315163ef liblzma: Use __has_attribute(__symver__) to fix Clang detection.
If someone sets up Clang to define __GNUC__ to 10 or greater
then symvers broke. __has_attribute is supported by such GCC
and Clang versions that don't support __symver__ so this should
be much better and simpler way to detect if __symver__ is
actually supported.

Thanks to Tomasz Gajc for the bug report.
2022-12-12 15:47:17 +02:00
Lasse Collin 7e86a7632c Update THANKS (sync all from master). 2022-12-12 15:45:04 +02:00
Lasse Collin d8a898eb99 Bump version and soname for 5.2.9. 2022-11-30 18:33:05 +02:00
Lasse Collin efd4430e21 Add NEWS for 5.2.9. 2022-11-30 18:31:16 +02:00
Lasse Collin 2dc1bc97a5 Change the bug report address.
It forwards to me and Jia Tan.

Also update the IRC reference in README as #tukaani was moved
to Libera Chat long ago.
2022-11-30 18:20:18 +02:00
Lasse Collin fb13a234d9 Update to HTTPS URLs in AUTHORS. 2022-11-30 18:20:13 +02:00
Lasse Collin 841448e36d liblzma: Remove two FIXME comments. 2022-11-29 10:46:06 +02:00
Lasse Collin b61da00c7f Build: Don't put GNU/Linux-specific symbol versions into static liblzma.
It not only makes no sense to put symbol versions into a static library
but it can also cause breakage.

By default Libtool #defines PIC if building a shared library and
doesn't define it for static libraries. This is documented in the
Libtool manual. It can be overriden using --with-pic or --without-pic.
configure.ac detects if --with-pic or --without-pic is used and then
gives an error if neither --disable-shared nor --disable-static was
used at the same time. Thus, in normal situations it works to build
both shared and static library at the same time on GNU/Linux,
only --with-pic or --without-pic requires that only one type of
library is built.

Thanks to John Paul Adrian Glaubitz from Debian for reporting
the problem that occurred on ia64:
https://www.mail-archive.com/xz-devel@tukaani.org/msg00610.html
2022-11-24 23:50:46 +02:00
Lasse Collin 6c29793b3c CMake: Don't use symbol versioning with static library. 2022-11-24 23:50:46 +02:00
Lasse Collin 872623def5 liblzma: Fix another invalid free() after memory allocation failure.
This time it can happen when lzma_stream_encoder_mt() is used
to reinitialize an existing multi-threaded Stream encoder
and one of 1-4 tiny allocations in lzma_filters_copy() fail.

It's very similar to the previous bug
10430fbf38, happening with
an array of lzma_filter structures whose old options are freed
but the replacement never arrives due to a memory allocation
failure in lzma_filters_copy().
2022-11-24 10:58:04 +02:00
Jia Tan b0f8d9293c liblzma: Add support for LZMA_SYNC_FLUSH in the Block encoder.
The documentation mentions that lzma_block_encoder() supports
LZMA_SYNC_FLUSH but it was never added to supported_actions[]
in the internal structure. Because of this, LZMA_SYNC_FLUSH could
not be used with the Block encoder unless it was the next coder
after something like stream_encoder() or stream_encoder_mt().
2022-11-24 10:58:04 +02:00
Lasse Collin 6997e0b5e2 liblzma: Add lzma_attr_warn_unused_result to lzma_filters_copy(). 2022-11-24 10:58:04 +02:00
Lasse Collin f94a3e3460 liblzma: Fix invalid free() after memory allocation failure.
The bug was in the single-threaded .xz Stream encoder
in the code that is used for both re-initialization and for
lzma_filters_update(). To trigger it, an application had
to either re-initialize an existing encoder instance with
lzma_stream_encoder() or use lzma_filters_update(), and
then one of the 1-4 tiny allocations in lzma_filters_copy()
(called from stream_encoder_update()) must fail. An error
was correctly reported but the encoder state was corrupted.

This is related to the recent fix in
f8ee61e74e which is good but
it wasn't enough to fix the main problem in stream_encoder.c.
2022-11-24 10:58:04 +02:00
Lasse Collin 8309385b44 liblzma: Fix language in a comment. 2022-11-24 10:57:11 +02:00
Lasse Collin 5fecba6022 liblzma: Fix infinite loop in LZMA encoder init with dict_size >= 2 GiB.
The encoder doesn't support dictionary sizes larger than 1536 MiB.
This is validated, for example, when calculating the memory usage
via lzma_raw_encoder_memusage(). It is also enforced by the LZ
part of the encoder initialization. However, LZMA encoder with
LZMA_MODE_NORMAL did an unsafe calculation with dict_size before
such validation and that results in an infinite loop if dict_size
was 2 << 30 or greater.
2022-11-24 10:57:03 +02:00
Lasse Collin 1946b2b141 liblzma: Fix two Doxygen commands in the API headers.
These were caught by clang -Wdocumentation.
2022-11-24 10:56:50 +02:00
Lasse Collin 5476089d9c Bump version and soname for 5.2.8. 2022-11-13 19:58:47 +02:00
Lasse Collin f9994f395d Add NEWS for 5.2.8. 2022-11-13 19:57:26 +02:00
Lasse Collin cdf14b2899 Update THANKS. 2022-11-11 17:16:19 +02:00
Lasse Collin 454f567e58 liblzma: Fix building with Intel ICC (the classic compiler).
It claims __GNUC__ >= 10 but doesn't support __symver__ attribute.

Thanks to Stephen Sachs.
2022-11-11 17:16:19 +02:00
Lasse Collin 2f01169f5a liblzma: Fix incorrect #ifdef for x86 SSE2 support.
__SSE2__ is the correct macro for SSE2 support with GCC, Clang,
and ICC. __SSE2_MATH__ means doing floating point math with SSE2
instead of 387. Often the latter macro is defined if the first
one is but it was still a bug.
2022-11-11 14:36:32 +02:00
Lasse Collin fc1358679e Scripts: Ignore warnings from xz.
In practice this means making the scripts work when
the input files have an unsupported check type which
isn't a problem in practice unless support for
some check types has been disabled at build time.
2022-11-11 13:50:56 +02:00
Lasse Collin a08be1c420 xz: Add comments about stdin and src_st.st_size.
"xz -v < regular_file > out.xz" doesn't display the percentage
and estimated remaining time because it doesn't even try to
check the input file size when input is read from stdin.
This could be improved but for now there's just a comment
to remind about it.
2022-11-11 13:48:06 +02:00
Lasse Collin 3ee411cd1c xz: Fix displaying of file sizes in progress indicator in passthru mode.
It worked for one input file since the counters are zero when
xz starts but they weren't reset when starting a new file in
passthru mode. For example, if files A, B, and C are one byte each,
then "xz -dcvf A B C" would show file sizes as 1, 2, and 3 bytes
instead of 1, 1, and 1 byte.
2022-11-11 13:48:06 +02:00