Commit Graph

905 Commits

Author SHA1 Message Date
Jia Tan 76a5a752b8 liblzma: Refactor lzma_mf_is_supported() to use a switch-statement. 2022-07-25 18:36:49 +03:00
Lasse Collin 63e3cdef80 xz: Make --keep accept symlinks, hardlinks, and setuid/setgid/sticky.
Previously this required using --force but that has other
effects too which might be undesirable. Changing the behavior
of --keep has a small risk of breaking existing scripts but
since this is a fairly special corner case I expect the
likehood of breakage to be low enough.

I think the new behavior is more logical. The only reason for
the old behavior was to be consistent with gzip and bzip2.

Thanks to Vincent Lefevre and Sebastian Andrzej Siewior.
2022-07-24 13:29:42 +03:00
Lasse Collin 9055584be0 xzgrep man page: Document exit statuses. 2022-07-24 11:38:19 +03:00
Lasse Collin 57e1ccbb7c xzgrep: Improve error handling, especially signals.
xzgrep wouldn't exit on SIGPIPE or SIGQUIT when it clearly
should have. It's quite possible that it's not perfect still
but at least it's much better.

If multiple exit statuses compete, now it tries to pick
the largest of value.

Some comments were added.

The exit status handling of signals is still broken if the shell
uses values larger than 255 in $? to indicate that a process
died due to a signal ***and*** their "exit" command doesn't take
this into account. This seems to work well with the ksh and yash
versions I tried. However, there is a report in gzip/zgrep that
OpenSolaris 5.11 (not 5.10) has a problem with "exit" truncating
the argument to 8 bits:

    https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22900#25

Such a bug would break xzgrep but I didn't add a workaround
at least for now. 5.11 is old and I don't know if the problem
exists in modern descendants, or if the problem exists in other
ksh implementations in use.
2022-07-24 11:38:19 +03:00
Lasse Collin 6351ea1afb xzgrep: Make the fix for ZDI-CAN-16587 more robust.
I don't know if this can make a difference in the real world
but it looked kind of suspicious (what happens with sed
implementations that cannot process very long lines?).
At least this commit shouldn't make it worse.
2022-07-24 11:38:19 +03:00
Lasse Collin 2c1ff2ed6b xzgrep: Use grep -H --label when available (GNU, *BSDs).
It avoids the use of sed for prefixing filenames to output lines.
Using sed for that is slower and prone to security bugs so now
the sed method is only used as a fallback.

This also fixes an actual bug: When grepping a binary file,
GNU grep nowadays prints its diagnostics to stderr instead of
stdout and thus the sed-method for prefixing the filename doesn't
work. So with this commit grepping binary files gives reasonable
output with GNU grep now.

This was inspired by zgrep but the implementation is different.
2022-07-24 11:38:19 +03:00
Lasse Collin 8b0be38a79 xzgrep: Use -e to specify the pattern to grep.
Now we don't need the separate test for adding the -q option
as it can be added directly in the two places where it's needed.
2022-07-24 11:38:19 +03:00
Lasse Collin 4a61867a87 Scripts: Use printf instead of echo in a few places.
It's a good habbit as echo has some portability corner cases
when the string contents can be anything.
2022-07-24 11:38:19 +03:00
Lasse Collin 0e222bf7d7 xzgrep: Add more LC_ALL=C to avoid bugs with multibyte characters.
Also replace one use of expr with printf.

The rationale for LC_ALL=C was already mentioned in
69d1b3fc29 that fixed a security
issue. However, unrelated uses weren't changed in that commit yet.

POSIX says that with sed and such tools one should use LC_ALL=C
to ensure predictable behavior when strings contain byte sequences
that aren't valid multibyte characters in the current locale. See
under "Application usage" in here:

https://pubs.opengroup.org/onlinepubs/9699919799/utilities/sed.html

With GNU sed invalid multibyte strings would work without this;
it's documented in its Texinfo manual. Some other implementations
aren't so forgiving.
2022-07-24 11:38:19 +03:00
Lasse Collin 62c1d2bc2d xzgrep: Fix parsing of certain options.
Fix handling of "xzgrep -25 foo" (in GNU grep "grep -25 foo" is
an alias for "grep -C25 foo"). xzgrep would treat "foo" as filename
instead of as a pattern. This bug was fixed in zgrep in gzip in 2012.

Add -E, -F, -G, and -P to the "no argument required" list.

Add -X to "argument required" list. It is an
intentionally-undocumented GNU grep option so this isn't
an important option for xzgrep but it seems that other grep
implementations (well, those that I checked) don't support -X
so I hope this change is an improvement still.

grep -d (grep --directories=ACTION) requires an argument. In
contrast to zgrep, I kept -d in the "no argument required" list
because it's not supported in xzgrep (or zgrep). This way
"xzgrep -d" gives an error about option being unsupported instead
of telling that it requires an argument. Both zgrep and xzgrep
tell that it's unsupported if an argument is specified.

Add comments.
2022-07-24 11:38:19 +03:00
Lasse Collin e96bdf7189 liblzma: Rename a variable and improve a comment. 2022-07-24 11:37:44 +03:00
Lasse Collin ff54b557fe liblzma: Add optional autodetection of LZMA end marker.
Turns out that this is needed for .lzma files as the spec in
LZMA SDK says that end marker may be present even if the size
is stored in the header. Such files are rare but exist in the
real world. The code in liblzma is so old that the spec didn't
exist in LZMA SDK back then and I had understood that such
files weren't possible (the lzma tool in LZMA SDK didn't
create such files).

This modifies the internal API so that LZMA decoder can be told
if EOPM is allowed even when the uncompressed size is known.
It's allowed with .lzma and not with other uses.

Thanks to Karl Beldan for reporting the problem.
2022-07-24 11:36:56 +03:00
Lasse Collin bb66a98ded xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587).
Malicious filenames can make xzgrep to write to arbitrary files
or (with a GNU sed extension) lead to arbitrary code execution.

xzgrep from XZ Utils versions up to and including 5.2.5 are
affected. 5.3.1alpha and 5.3.2alpha are affected as well.
This patch works for all of them.

This bug was inherited from gzip's zgrep. gzip 1.12 includes
a fix for zgrep.

The issue with the old sed script is that with multiple newlines,
the N-command will read the second line of input, then the
s-commands will be skipped because it's not the end of the
file yet, then a new sed cycle starts and the pattern space
is printed and emptied. So only the last line or two get escaped.

One way to fix this would be to read all lines into the pattern
space first. However, the included fix is even simpler: All lines
except the last line get a backslash appended at the end. To ensure
that shell command substitution doesn't eat a possible trailing
newline, a colon is appended to the filename before escaping.
The colon is later used to separate the filename from the grep
output so it is fine to add it here instead of a few lines later.

The old code also wasn't POSIX compliant as it used \n in the
replacement section of the s-command. Using \<newline> is the
POSIX compatible method.

LC_ALL=C was added to the two critical sed commands. POSIX sed
manual recommends it when using sed to manipulate pathnames
because in other locales invalid multibyte sequences might
cause issues with some sed implementations. In case of GNU sed,
these particular sed scripts wouldn't have such problems but some
other scripts could have, see:

    info '(sed)Locale Considerations'

This vulnerability was discovered by:
cleemy desu wayo working with Trend Micro Zero Day Initiative

Thanks to Jim Meyering and Paul Eggert discussing the different
ways to fix this and for coordinating the patch release schedule
with gzip.
2022-07-12 19:47:28 +03:00
Lasse Collin f12ce0f23a liblzma: Fix docs: lzma_block_decoder() cannot return LZMA_UNSUPPORTED_CHECK.
If Check is unsupported, it will be silently ignored.
It's the caller's job to handle it.
2022-07-12 19:30:40 +03:00
Lasse Collin 4125667311 liblzma: Index hash: Change return value type of hash_append() to void. 2022-07-12 19:30:40 +03:00
Lasse Collin 7c3ce02df0 liblzma: Minor addition to lzma_vli_size() API doc.
Thanks to Jia Tan.
2022-07-12 19:30:40 +03:00
Lasse Collin b8f667fe0c liblzma: Check the return value of lzma_index_append() in threaded encoder.
If lzma_index_append() failed (most likely memory allocation failure)
it could have gone unnoticed and the resulting .xz file would have
an incorrect Index. Decompressing such a file would produce the
correct uncompressed data but then an error would occur when
verifying the Index field.
2022-07-12 19:30:40 +03:00
Ed Maste 748ef08338 liblzma: Use non-executable stack on FreeBSD as on Linux 2022-07-12 19:30:40 +03:00
Lasse Collin 068a6e3286 liblzma: Make Block decoder catch certain types of errors better.
Now it limits the input and output buffer sizes that are
passed to a raw decoder. This way there's no need to check
if the sizes can grow too big or overflow when updating
Compressed Size and Uncompressed Size counts. This also means
that a corrupt file cannot cause the raw decoder to process
useless extra input or output that would exceed the size info
in Block Header (and thus cause LZMA_DATA_ERROR anyway).

More importantly, now the size information is verified more
carefully in case raw decoder returns LZMA_OK. This doesn't
really matter with the current single-threaded .xz decoder
as the errors would be detected slightly later anyway. But
this helps avoiding corner cases in the upcoming threaded
decompressor, and it might help other Block decoder uses
outside liblzma too.

The test files bad-1-lzma2-{9,10,11}.xz test these conditions.
With the single-threaded .xz decoder the only difference is
that LZMA_DATA_ERROR is detected in a difference place now.
2022-07-12 19:30:40 +03:00
jiat75 e20ce2b122 liblzma: Add NULL checks to LZMA and LZMA2 properties encoders.
Previously lzma_lzma_props_encode() and lzma_lzma2_props_encode()
assumed that the options pointers must be non-NULL because the
with these filters the API says it must never be NULL. It is
good to do these checks anyway.
2022-07-12 19:03:51 +03:00
Lasse Collin 725f2e0522 xzgrep: Update man page timestamp. 2022-07-12 19:01:09 +03:00
Ville Skyttä 671673a7a2 xzgrep: use `grep -E/-F` instead of `egrep` and `fgrep`
`egrep` and `fgrep` have been deprecated in GNU grep since 2007, and in
current post 3.7 Git they have been made to emit obsolescence warnings:
https://git.savannah.gnu.org/cgit/grep.git/commit/?id=a9515624709865d480e3142fd959bccd1c9372d1
2022-07-12 19:01:09 +03:00
Lasse Collin ca21733d24 xz: Change the coding style of the previous commit.
It isn't any better now but it's consistent with
the rest of the code base.
2022-07-12 19:01:09 +03:00
Alexander Bluhm 906b990b15 xz: Avoid fchown(2) failure.
OpenBSD does not allow to change the group of a file if the user
does not belong to this group.  In contrast to Linux, OpenBSD also
fails if the new group is the same as the old one.  Do not call
fchown(2) in this case, it would change nothing anyway.

This fixes an issue with Perl Alien::Build module.
https://github.com/PerlAlien/Alien-Build/issues/62
2022-07-12 19:01:09 +03:00
Lasse Collin d8b294af03 liblzma: Use _MSVC_LANG to detect when "noexcept" can be used with MSVC.
By default, MSVC always sets __cplusplus to 199711L. The real
C++ standard version is available in _MSVC_LANG (or one could
use /Zc:__cplusplus to set __cplusplus correctly).

Fixes <https://sourceforge.net/p/lzmautils/discussion/708858/thread/f6bc3b108a/>.

Thanks to Dan Weiss.
2022-07-12 19:01:09 +03:00
Lasse Collin c2fde22bef xzdiff: Update the man page about the exit status.
This was forgotten from 194029ffaf.
2022-07-12 19:01:09 +03:00
Lasse Collin 8d0fd42fbe xzless: Fix less(1) version detection when it contains a dot.
Sometimes the version number from "less -V" contains a dot,
sometimes not. xzless failed detect the version number when
it does contain a dot. This fixes it.

Thanks to nick87720z for reporting this. Apparently it had been
reported here <https://bugs.gentoo.org/489362> in 2013.
2022-07-12 19:01:09 +03:00
Lasse Collin 6e2cab8579 xz: Document the special memlimit case of 2000 MiB on MIPS32.
See commit 95806a8a52.
2022-07-12 18:57:21 +03:00
Ivan A. Melnikov 95806a8a52 Reduce maximum possible memory limit on MIPS32
Due to architectural limitations, address space available to a single
userspace process on MIPS32 is limited to 2 GiB, not 4, even on systems
that have more physical RAM -- e.g. 64-bit systems with 32-bit
userspace, or systems that use XPA (an extension similar to x86's PAE).

So, for MIPS32, we have to impose stronger memory limits. I've chosen
2000MiB to give the process some headroom.
2022-07-12 18:53:41 +03:00
Lasse Collin 11ceecb5e2 Scripts: Add zstd support to xzdiff. 2022-07-12 18:42:21 +03:00
Lasse Collin d655b8c9cb Scripts: Fix exit status of xzgrep.
Omit the -q option from xz, gzip, and bzip2. With xz this shouldn't
matter. With gzip it's important because -q makes gzip replace SIGPIPE
with exit status 2. With bzip2 it's important because with -q bzip2
is completely silent if input is corrupt while other decompressors
still give an error message.

Avoiding exit status 2 from gzip is important because bzip2 uses
exit status 2 to indicate corrupt input. Before this commit xzgrep
didn't recognize corrupt .bz2 files because xzgrep was treating
exit status 2 as SIGPIPE for gzip compatibility.

zstd still needs -q because otherwise it is noisy in normal
operation.

The code to detect real SIGPIPE didn't check if the exit status
was due to a signal (>= 128) and so could ignore some other exit
status too.
2022-07-12 18:30:56 +03:00
Lasse Collin 09c331b03c Scripts: Fix exit status of xzdiff/xzcmp.
This is a minor fix since this affects only the situation when
the files differ and the exit status is something else than 0.
In such case there could be SIGPIPE from a decompression tool
and that would result in exit status of 2 from xzdiff/xzcmp
while the correct behavior would be to return 1 or whatever
else diff or cmp may have returned.

This commit omits the -q option from xz/gzip/bzip2/lzop arguments.
I'm not sure why the -q was used in the first place, perhaps it
hides warnings in some situation that I cannot see at the moment.
Hopefully the removal won't introduce a new bug.

With gzip the -q option was harmful because it made gzip return 2
instead of >= 128 with SIGPIPE. Ignoring exit status 2 (warning
from gzip) isn't practical because bzip2 uses exit status 2 to
indicate corrupt input file. It's better if SIGPIPE results in
exit status >= 128.

With bzip2 the removal of -q seems to be good because with -q
it prints nothing if input is corrupt. The other tools aren't
silent in this situation even with -q. On the other hand, if
zstd support is added, it will need -q since otherwise it's
noisy in normal situations.

Thanks to Étienne Mollier and Sebastian Andrzej Siewior.
2022-07-12 18:30:56 +03:00
H.J. Lu c01e29a933 liblzma: Enable Intel CET in x86 CRC assembly codes
When Intel CET is enabled, we need to include <cet.h> in assembly codes
to mark Intel CET support and add _CET_ENDBR to indirect jump targets.

Tested on Intel Tiger Lake under CET enabled Linux.
2022-07-12 18:30:56 +03:00
Adam Borowski 94fd724749 Scripts: Add zstd support to xzgrep.
Thanks to Adam Borowski.
2022-07-12 18:30:56 +03:00
Lasse Collin ca7bcdb30f xz: Avoid unneeded \f escapes on the man page.
I don't want to use \c in macro arguments but groff_man(7)
suggests that \f has better portability. \f would be needed
for the .TP strings for portability reasons anyway.

Thanks to Bjarni Ingi Gislason.
2022-07-12 18:10:08 +03:00
Lasse Collin 3b40a0792e xz: Use non-breaking spaces when intentionally using more than one space.
This silences some style checker warnings. Seems that spaces
in the beginning of a line don't need this treatment.

Thanks to Bjarni Ingi Gislason.
2022-07-12 18:10:08 +03:00
Lasse Collin d85699c36d xz: Protect the ellipsis (...) on the man page with \&.
This does it only when ... appears outside macro calls.

Thanks to Bjarni Ingi Gislason.
2022-07-12 18:10:08 +03:00
Lasse Collin d996ae6617 xz: Avoid the abbreviation "e.g." on the man page.
A few are simply omitted, most are converted to "for example"
and surrounded with commas. Sounds like that this is better
style, for example, man-pages(7) recommends avoiding such
abbreviations except in parenthesis.

Thanks to Bjarni Ingi Gislason.
2022-07-12 18:09:21 +03:00
Lasse Collin d16d0d198a xz man page: Change \- (minus) to \(en (en-dash) for a numeric range.
Docs of ancient troff/nroff mention \(em (em-dash) but not \(en
and \- was used for both minus and en-dash. I don't know how
portable \(en is nowadays but it can be changed back if someone
complains. At least GNU groff and OpenBSD's mandoc support it.

Thanks to Bjarni Ingi Gislason for the patch.
2022-07-12 18:09:21 +03:00
Lasse Collin 3acf1adfc7 Windows: Fix building of resource files when config.h isn't used.
Now CMake + Visual Studio works for building liblzma.dll.

Thanks to Markus Rickert.
2022-07-12 18:09:21 +03:00
Lasse Collin adba06e649 src/scripts/xzgrep.1: Filenames to xzgrep are optional.
xzgrep --help was correct already.
2022-07-12 18:09:21 +03:00
Bjarni Ingi Gislason 3f94d2a568 src/script/xzgrep.1: Remove superfluous '.RB'
Output is from: test-groff -b -e -mandoc -T utf8 -rF0 -t -w w -z

  [ "test-groff" is a developmental version of "groff" ]

Input file is ./src/scripts/xzgrep.1

<src/scripts/xzgrep.1>:20 (macro RB): only 1 argument, but more are expected
<src/scripts/xzgrep.1>:23 (macro RB): only 1 argument, but more are expected
<src/scripts/xzgrep.1>:26 (macro RB): only 1 argument, but more are expected
<src/scripts/xzgrep.1>:29 (macro RB): only 1 argument, but more are expected
<src/scripts/xzgrep.1>:32 (macro RB): only 1 argument, but more are expected

 "abc..." does not mean the same as "abc ...".

  The output from nroff and troff is unchanged except for the space
between "file" and "...".

Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
2022-07-12 17:42:59 +03:00
Bjarni Ingi Gislason 725d9791c9 xzgrep.1: Delete superfluous '.PP'
Summary:

mandoc -T lint xzgrep.1 :
mandoc: xzgrep.1:79:2: WARNING: skipping paragraph macro: PP empty

  There is no change in the output of "nroff" and "troff".

Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
2022-07-12 17:42:59 +03:00
Bjarni Ingi Gislason 55c2555c5d src/xz/xz.1: Correct misused two-fonts macros
Output is from: test-groff -b -e -mandoc -T utf8 -rF0 -t -w w -z

  [ "test-groff" is a developmental version of "groff" ]

Input file is ./src/xz/xz.1

<src/xz/xz.1>:408 (macro BR): only 1 argument, but more are expected
<src/xz/xz.1>:1009 (macro BR): only 1 argument, but more are expected
<src/xz/xz.1>:1743 (macro BR): only 1 argument, but more are expected
<src/xz/xz.1>:1920 (macro BR): only 1 argument, but more are expected
<src/xz/xz.1>:2213 (macro BR): only 1 argument, but more are expected

  Output from nroff and troff is unchanged, except for a font change of a
full stop (.).

Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
2022-07-12 17:42:59 +03:00
Lasse Collin 968bbfea09 Typo fixes from fossies.org.
https://fossies.org/linux/misc/xz-5.2.5.tar.xz/codespell.html
2020-03-23 18:08:31 +02:00
Lasse Collin 2327a461e1 Bump version and soname for 5.2.5. 2020-03-17 16:27:42 +02:00
Lasse Collin 74a5af180a xz: Never use thousand separators in DJGPP builds.
DJGPP 2.05 added support for thousands separators but it's
broken at least under WinXP with Finnish locale that uses
a non-breaking space as the thousands separator. Workaround
by disabling thousands separators for DJGPP builds.
2020-03-11 22:38:25 +02:00
Lasse Collin 901eb4a8c9 liblzma: Remove unneeded <sys/types.h> from fastpos_tablegen.c.
This file only generates fastpos_table.c.
It isn't built as a part of liblzma.
2020-03-11 12:05:57 +02:00
Lasse Collin ac35c9585f Use defined(__GNUC__) before __GNUC__ in preprocessor lines.
This should silence the equivalent of -Wundef in compilers that
don't define __GNUC__.
2020-03-11 12:05:57 +02:00
Lasse Collin fb9cada7cf liblzma: Add more uses of lzma_memcmplen() to the normal mode of LZMA.
This gives a tiny encoder speed improvement. This could have been done
in 2014 after the commit 544aaa3d13 but
it was forgotten.
2020-03-11 12:05:57 +02:00
Lasse Collin c2cc64d78c xz: Silence a warning when sig_atomic_t is long int.
It can be true at least on z/OS.
2020-03-11 12:05:57 +02:00
Lasse Collin b6314aa275 xz: Avoid unneeded access of a volatile variable. 2020-03-11 12:05:57 +02:00
Lasse Collin 641042e63f tuklib_exit: Add missing header.
strerror() needs <string.h> which happened to be included via
tuklib_common.h -> tuklib_config.h -> sysdefs.h if HAVE_CONFIG_H
was defined. This wasn't tested without config.h before so it
had worked fine.
2020-03-11 12:05:57 +02:00
Lasse Collin dbd55a69e5 sysdefs.h: Omit the conditionals around string.h and limits.h.
string.h is used unconditionally elsewhere in the project and
configure has always stopped if limits.h is missing, so these
headers must have been always available even on the weirdest
systems.
2020-03-11 12:05:57 +02:00
Lasse Collin 4b1447809f Build: Add support for translated man pages using po4a.
The dependency on po4a is optional. It's never required to install
the translated man pages when xz is built from a release tarball.
If po4a is missing when building from xz.git, the translated man
pages won't be generated but otherwise the build will work normally.

The translations are only updated automatically by autogen.sh and
by "make mydist". This makes it easy to keep po4a as an optional
dependency and ensures that I won't forget to put updated
translations to a release tarball.

The translated man pages aren't installed if --disable-nls is used.

The installation of translated man pages abuses Automake internals
by calling "install-man" with redefined dist_man_MANS and man_MANS.
This makes the hairy script code slightly less hairy. If it breaks
some day, this code needs to be fixed; don't blame Automake developers.

Also, this adds more quotes to the existing shell script code in
the Makefile.am "-hook"s.
2020-03-11 12:05:57 +02:00
Lasse Collin e1beaa74bc xz: Comment out annoying sandboxing messages. 2020-02-05 22:00:28 +02:00
Lasse Collin d0daa21792 xz: Limit --memlimit-compress to at most 4020 MiB for 32-bit xz.
See the code comment for reasoning. It's far from perfect but
hopefully good enough for certain cases while hopefully doing
nothing bad in other situations.

At presets -5 ... -9, 4020 MiB vs. 4096 MiB makes no difference
on how xz scales down the number of threads.

The limit has to be a few MiB below 4096 MiB because otherwise
things like "xz --lzma2=dict=500MiB" won't scale down the dict
size enough and xz cannot allocate enough memory. With
"ulimit -v $((4096 * 1024))" on x86-64, the limit in xz had
to be no more than 4085 MiB. Some safety margin is good though.

This is hack but it should be useful when running 32-bit xz on
a 64-bit kernel that gives full 4 GiB address space to xz.
Hopefully this is enough to solve this:

https://bugzilla.redhat.com/show_bug.cgi?id=1196786

FreeBSD has a patch that limits the result in tuklib_physmem()
to SIZE_MAX on 32-bit systems. While I think it's not the way
to do it, the results on --memlimit-compress have been good. This
commit should achieve practically identical results for compression
while leaving decompression and tuklib_physmem() and thus
lzma_physmem() unaffected.
2020-02-05 22:00:28 +02:00
Lasse Collin 4433c2dc57 xz: Set the --flush-timeout deadline when the first input byte arrives.
xz --flush-timeout=2000, old version:

  1. xz is started. The next flush will happen after two seconds.
  2. No input for one second.
  3. A burst of a few kilobytes of input.
  4. No input for one second.
  5. Two seconds have passed and flushing starts.

The first second counted towards the flush-timeout even though
there was no pending data. This can cause flushing to occur more
often than needed.

xz --flush-timeout=2000, after this commit:

  1. xz is started.
  2. No input for one second.
  3. A burst of a few kilobytes of input. The next flush will
     happen after two seconds counted from the time when the
     first bytes of the burst were read.
  4. No input for one second.
  5. No input for another second.
  6. Two seconds have passed and flushing starts.
2020-02-05 22:00:28 +02:00
Lasse Collin acc0ef3ac8 xz: Move flush_needed from mytime.h to file_pair struct in file_io.h. 2020-02-05 22:00:28 +02:00
Lasse Collin 4afe69d30b xz: coder.c: Make writing output a separate function.
The same code sequence repeats so it's nicer as a separate function.
Note that in one case there was no test for opt_mode != MODE_TEST,
but that was only because that condition would always be true, so
this commit doesn't change the behavior there.
2020-02-05 22:00:28 +02:00
Lasse Collin ec26f3ace5 xz: Fix semi-busy-waiting in xz --flush-timeout.
When input blocked, xz --flush-timeout=1 would wake up every
millisecond and initiate flushing which would have nothing to
flush and thus would just waste CPU time. The fix disables the
timeout when no input has been seen since the previous flush.
2020-02-05 22:00:28 +02:00
Lasse Collin 3891570324 xz: Refactor io_read() a bit. 2020-02-05 22:00:28 +02:00
Lasse Collin f6d2424534 xz: Update a comment in file_io.h. 2020-02-05 22:00:28 +02:00
Lasse Collin 15b55d5c63 xz: Move the setting of flush_needed in file_io.c to a nicer location. 2020-02-05 22:00:28 +02:00
Lasse Collin 00517d125c Rename unaligned_read32ne to read32ne, and similarly for the others. 2019-12-31 22:41:45 +02:00
Lasse Collin 52d89d8443 Rename read32ne to aligned_read32ne, and similarly for the others.
Using the aligned methods requires more care to ensure that
the address really is aligned, so it's nicer if the aligned
methods are prefixed. The next commit will remove the unaligned_
prefix from the unaligned methods which in liblzma are used in
more places than the aligned ones.
2019-12-31 22:34:34 +02:00
Lasse Collin 850620468b Revise tuklib_integer.h and .m4.
Add a configure option --enable-unsafe-type-punning to get the
old non-conforming memory access methods. It can be useful with
old compilers or in some other less typical situations but
shouldn't normally be used.

Omit the packed struct trick for unaligned access. While it's
best in some cases, this is simpler. If the memcpy trick doesn't
work, one can request unsafe type punning from configure.

Because CRC32/CRC64 code needs fast aligned reads, if no very
safe way to do it is found, type punning is used as a fallback.
This sucks but since it currently works in practice, it seems to
be the least bad option. It's never needed with GCC >= 4.7 or
Clang >= 3.6 since these support __builtin_assume_aligned and
thus fast aligned access can be done with the memcpy trick.

Other things:
  - Support GCC/Clang __builtin_bswapXX
  - Cleaner bswap fallback macros
  - Minor cleanups
2019-12-31 22:34:10 +02:00
Lasse Collin c9a8071e66 Scripts: Put /usr/xpg4/bin to the beginning of PATH on Solaris.
This adds a configure option --enable-path-for-scripts=PREFIX
which defaults to empty except on Solaris it is /usr/xpg4/bin
to make POSIX grep and others available. The Solaris case had
been documented in INSTALL with a manual fix but it's better
to do this automatically since it is needed on most Solaris
systems anyway.

Thanks to Daniel Richard G.
2019-12-31 22:31:30 +02:00
Lasse Collin aba140e2df Fix comment typos in tuklib_mbstr* files. 2019-12-31 22:27:11 +02:00
Lasse Collin 710f5bd769 Add missing include to tuklib_mbstr_width.c.
It didn't matter in XZ Utils because sysdefs.h
includes string.h anyway.
2019-12-31 22:27:11 +02:00
Lasse Collin 0e491aa8cd liblzma: Fix a buggy comment. 2019-12-31 22:26:38 +02:00
Lasse Collin 25f7455472 liblzma: Add a comment. 2019-12-31 22:26:38 +02:00
Lasse Collin 44eb961f2a liblzma: Silence clang -Wmissing-variable-declarations. 2019-12-31 22:26:38 +02:00
Lasse Collin 267afcd995 xz: Silence a warning from clang -Wsign-conversion in main.c. 2019-12-31 22:25:42 +02:00
Lasse Collin 0e3c4002f8 liblzma: Remove incorrect uses of lzma_attribute((__unused__)).
Caught by clang -Wused-but-marked-unused.
2019-12-31 22:25:02 +02:00
Lasse Collin c8cace3d6e xz: Fix an integer overflow with 32-bit off_t.
Or any off_t which isn't very big (like signed 64 bit integer
that most system have). A small off_t could overflow if the
file being decompressed had long enough run of zero bytes,
which would result in corrupt output.
2019-12-31 22:25:02 +02:00
Lasse Collin 5c4fb60e8d tuklib_mbstr_width: Fix a warning from -Wsign-conversion. 2019-12-31 22:19:18 +02:00
Lasse Collin 37df03ce52 xz: Fix some of the warnings from -Wsign-conversion. 2019-12-31 22:19:18 +02:00
Lasse Collin 7c65ae0f5f tuklib_cpucores: Silence warnings from -Wsign-conversion. 2019-12-31 22:19:18 +02:00
Lasse Collin a502dd1d00 xzdec: Fix warnings from -Wsign-conversion. 2019-12-31 22:19:18 +02:00
Lasse Collin a45d1a5374 liblzma: Fix warnings from -Wsign-conversion.
Also, more parentheses were added to the literal_subcoder
macro in lzma_comon.h (better style but no functional change
in the current usage).
2019-12-31 22:19:18 +02:00
Lasse Collin 4ff87ddf80 tuklib_integer: Silence warnings from -Wsign-conversion. 2019-12-31 22:19:18 +02:00
Lasse Collin ed1a9d3398 tuklib_integer: Fix usage of conv macros.
Use a temporary variable instead of e.g.
conv32le(unaligned_read32ne(buf)) because the macro can
evaluate its argument multiple times.
2019-12-31 22:19:18 +02:00
Lasse Collin 85da31d8b8 liblzma: Fix comments.
Thanks to Bruce Stark.
2019-12-31 22:19:18 +02:00
Lasse Collin 6a73a78895 liblzma: Fix one more unaligned read to use unaligned_read16ne(). 2019-12-31 22:19:18 +02:00
Lasse Collin 94aa3fb568 liblzma: memcmplen: Use ctz32() from tuklib_integer.h.
The same compiler-specific #ifdefs are already in tuklib_integer.h
2019-12-31 22:19:18 +02:00
Lasse Collin 412791486d tuklib_integer: Cleanup MSVC-specific code. 2019-12-31 22:19:18 +02:00
Lasse Collin efbf6e5f09 liblzma: Use unaligned_readXXne functions instead of type punning.
Now gcc -fsanitize=undefined should be clean.

Thanks to Jeffrey Walton.
2019-12-31 22:19:18 +02:00
Lasse Collin 29afef0348 tuklib_integer: Improve unaligned memory access.
Now memcpy() or GNU C packed structs for unaligned access instead
of type punning. See the comment in this commit for details.

Avoiding type punning with unaligned access is needed to
silence gcc -fsanitize=undefined.

New functions: unaliged_readXXne and unaligned_writeXXne where
XX is 16, 32, or 64.
2019-12-31 22:19:12 +02:00
Lasse Collin 596ed3de44 liblzma: Avoid memcpy(NULL, foo, 0) because it is undefined behavior.
I should have always known this but I didn't. Here is an example
as a reminder to myself:

    int mycopy(void *dest, void *src, size_t n)
    {
        memcpy(dest, src, n);
        return dest == NULL;
    }

In the example, a compiler may assume that dest != NULL because
passing NULL to memcpy() would be undefined behavior. Testing
with GCC 8.2.1, mycopy(NULL, NULL, 0) returns 1 with -O0 and -O1.
With -O2 the return value is 0 because the compiler infers that
dest cannot be NULL because it was already used with memcpy()
and thus the test for NULL gets optimized out.

In liblzma, if a null-pointer was passed to memcpy(), there were
no checks for NULL *after* the memcpy() call, so I cautiously
suspect that it shouldn't have caused bad behavior in practice,
but it's hard to be sure, and the problematic cases had to be
fixed anyway.

Thanks to Jeffrey Walton.
2019-07-13 17:56:28 +03:00
Lasse Collin 8d4906262b xz: Update xz man page date. 2019-07-13 17:54:52 +03:00
Antoine Cœur 0d318402f8 spelling 2019-07-13 17:53:33 +03:00
Lasse Collin 3ca432d9cc xz: Fix a crash in progress indicator when in passthru mode.
"xz -dcfv not_an_xz_file" crashed (all four options are
required to trigger it). It caused xz to call
lzma_get_progress(&strm, ...) when no coder was initialized
in strm. In this situation strm.internal is NULL which leads
to a crash in lzma_get_progress().

The bug was introduced when xz started using lzma_get_progress()
to get progress info for multi-threaded compression, so the
bug is present in versions 5.1.3alpha and higher.

Thanks to Filip Palian <Filip.Palian@pjwstk.edu.pl> for
the bug report.
2019-07-13 17:37:55 +03:00
Lasse Collin fcc419e3c3 xz: Update man page timestamp. 2019-07-13 17:36:27 +03:00
Pavel Raiskup 5a2fc3cd01 'have have' typos 2019-07-13 17:36:27 +03:00
Lasse Collin 7143b04fe4 xzless: Rename unused variables to silence static analysers.
In this particular case I don't see this affecting readability
of the code.

Thanks to Pavel Raiskup.
2019-07-13 17:17:00 +03:00
Lasse Collin 273c33297b liblzma: Remove an always-true condition from lzma_index_cat().
This should help static analysis tools to see that newg
isn't leaked.

Thanks to Pavel Raiskup.
2019-07-13 17:17:00 +03:00
Lasse Collin 65b4aba6d0 liblzma: Improve lzma_properties_decode() API documentation. 2019-07-13 17:17:00 +03:00
Lasse Collin b5be61cc06 Bump version and soname for 5.2.4. 2018-04-29 19:00:06 +03:00
Ben Boeckel c4a616f453 nothrow: use noexcept for C++11 and newer
In C++11, the `throw()` specifier is deprecated and `noexcept` is
preffered instead.
2018-03-28 19:24:39 +03:00
Lasse Collin 0b8947782f liblzma: Remove incorrect #ifdef from range_common.h.
In most cases it was harmless but it could affect some
custom build systems.

Thanks to Pippijn van Steenhoven.
2018-03-28 19:24:39 +03:00
Lasse Collin a3ce3e9023 tuklib_integer: New Intel C compiler needs immintrin.h.
Thanks to Melanie Blower (Intel) for the patch.
2018-03-28 19:24:39 +03:00
Lasse Collin 06eebd4543 Fix or hide warnings from GCC 7's -Wimplicit-fallthrough. 2018-03-28 19:16:06 +03:00
Lasse Collin eb2ef4c79b xz: Fix "xz --list --robot missing_or_bad_file.xz".
It ended up printing an uninitialized char-array when trying to
print the check names (column 7) on the "totals" line.

This also changes the column 12 (minimum xz version) to
50000002 (xz 5.0.0) instead of 0 when there are no valid
input files.

Thanks to kidmin for the bug report.
2018-03-28 19:16:06 +03:00
Lasse Collin 70f4792119 Update the home page URLs to HTTPS. 2018-03-28 19:16:06 +03:00
Lasse Collin 2a4b2fa75d xz: Use POSIX_FADV_RANDOM for in "xz --list" mode.
xz --list is random access so POSIX_FADV_SEQUENTIAL was clearly
wrong.
2017-03-30 22:02:10 +03:00
Lasse Collin eb25743ade liblzma: Fix lzma_memlimit_set(strm, 0).
The 0 got treated specially in a buggy way and as a result
the function did nothing. The API doc said that 0 was supposed
to return LZMA_PROG_ERROR but it didn't.

Now 0 is treated as if 1 had been specified. This is done because
0 is already used to indicate an error from lzma_memlimit_get()
and lzma_memusage().

In addition, lzma_memlimit_set() no longer checks that the new
limit is at least LZMA_MEMUSAGE_BASE. It's counter-productive
for the Index decoder and was actually needed only by the
auto decoder. Auto decoder has now been modified to check for
LZMA_MEMUSAGE_BASE.
2017-03-30 19:52:24 +03:00
Lasse Collin ef36c6362f liblzma: Similar memlimit fix for stream_, alone_, and auto_decoder. 2017-03-30 19:52:24 +03:00
Lasse Collin 5761603265 liblzma: Fix handling of memlimit == 0 in lzma_index_decoder().
It returned LZMA_PROG_ERROR, which was done to avoid zero as
the limit (because it's a special value elsewhere), but using
LZMA_PROG_ERROR is simply inconvenient and can cause bugs.

The fix/workaround is to treat 0 as if it were 1 byte. It's
effectively the same thing. The only weird consequence is
that then lzma_memlimit_get() will return 1 even when 0 was
specified as the limit.

This fixes a very rare corner case in xz --list where a specific
memory usage limit and a multi-stream file could print the
error message "Internal error (bug)" instead of saying that
the memory usage limit is too low.
2017-03-30 19:52:24 +03:00
Lasse Collin 3d566cd519 Bump version and soname for 5.2.3. 2016-12-30 13:26:36 +02:00
Lasse Collin cae412b2b7 xz: Fix the Capsicum rights on user_abort_pipe. 2016-12-30 13:13:57 +02:00
Lasse Collin e013a337d3 liblzma: Avoid multiple definitions of lzma_coder structures.
Only one definition was visible in a translation unit.
It avoided a few casts and temp variables but seems that
this hack doesn't work with link-time optimizations in compilers
as it's not C99/C11 compliant.

Fixes:
http://www.mail-archive.com/xz-devel@tukaani.org/msg00279.html
2016-12-28 19:59:32 +02:00
Lasse Collin ce2542d220 xz: Add support for sandboxing with Capsicum (disabled by default).
In the v5.2 branch this feature is considered experimental
and thus disabled by default.

The sandboxing is used conditionally as described in main.c.
This isn't optimal but it was much easier to implement than
a full sandboxing solution and it still covers the most common
use cases where xz is writing to standard output. This should
have practically no effect on performance even with small files
as fork() isn't needed.

C and locale libraries can open files as needed. This has been
fine in the past, but it's a problem with things like Capsicum.
io_sandbox_enter() tries to ensure that various locale-related
files have been loaded before cap_enter() is called, but it's
possible that there are other similar problems which haven't
been seen yet.

Currently Capsicum is available on FreeBSD 10 and later
and there is a port to Linux too.

Thanks to Loganaden Velvindron for help.
2016-12-26 20:40:27 +02:00
Lasse Collin d74377e62b liblzma: Fix a memory leak in error path of lzma_index_dup().
lzma_index_dup() calls index_dup_stream() which, in case of
an error, calls index_stream_end() to free memory allocated
by index_stream_init(). However, it illogically didn't
actually free the memory. To make it logical, the tree
handling code was modified a bit in addition to changing
index_stream_end().

Thanks to Evan Nemerson for the bug report.
2016-12-26 17:57:51 +02:00
Lasse Collin 88d7a7fd15 tuklib_cpucores: Add support for sched_getaffinity().
It's available in glibc (GNU/Linux, GNU/kFreeBSD). It's better
than sysconf(_SC_NPROCESSORS_ONLN) because sched_getaffinity()
gives the number of cores available to the process instead of
the total number of cores online.

As a side effect, this commit fixes a bug on GNU/kFreeBSD where
configure would detect the FreeBSD-specific cpuset_getaffinity()
but it wouldn't actually work because on GNU/kFreeBSD it requires
using -lfreebsd-glue when linking. Now the glibc-specific function
will be used instead.

Thanks to Sebastian Andrzej Siewior for the original patch
and testing.
2016-12-26 17:24:09 +02:00
Lasse Collin 51baf68437 xz: Fix copying of timestamps on Windows.
xz used to call utime() on Windows, but its result gets lost
on close(). Using _futime() seems to work.

Thanks to Martok for reporting the bug:
http://www.mail-archive.com/xz-devel@tukaani.org/msg00261.html
2016-06-30 21:00:49 +03:00
Lasse Collin 1ddc479851 xz: Silence warnings from -Wlogical-op.
Thanks to Evan Nemerson.
2016-06-28 21:11:02 +03:00
Lasse Collin be647ff5ed Build: Fix = to += for xz_SOURCES in src/xz/Makefile.am.
Thanks to Christian Kujau.
2016-06-28 21:09:46 +03:00
Lasse Collin 74f8dad9f9 liblzma: Disable external SHA-256 by default.
This is the sane thing to do. The conflict with OpenSSL
on some OSes and especially that the OS-provided versions
can be significantly slower makes it clear that it was
a mistake to have the external SHA-256 support enabled by
default.

Those who want it can now pass --enable-external-sha256 to
configure. INSTALL was updated with notes about OSes where
this can be a bad idea.

The SHA-256 detection code in configure.ac had some bugs that
could lead to a build failure in some situations. These were
fixed, although it doesn't matter that much now that the
external SHA-256 is disabled by default.

MINIX >= 3.2.0 uses NetBSD's libc and thus has SHA256_Init
in libc instead of libutil. Support for the libutil version
was removed.
2016-06-28 21:09:46 +03:00
Lasse Collin 5daae12391 tuklib_physmem: Hopefully silence a warning on Windows. 2016-06-28 21:09:46 +03:00
Lasse Collin 8173ff8790 liblzma: Make Valgrind happier with optimized (gcc -O2) liblzma.
When optimizing, GCC can reorder code so that an uninitialized
value gets used in a comparison, which makes Valgrind unhappy.
It doesn't happen when compiled with -O0, which I tend to use
when running Valgrind.

Thanks to Rich Prohaska. I remember this being mentioned long
ago by someone else but nothing was done back then.
2016-06-28 21:09:46 +03:00
Lasse Collin 013de2b5ab liblzma: Rename lzma_presets.c back to lzma_encoder_presets.c.
It would be too annoying to update other build systems
just because of this.
2016-06-28 21:09:46 +03:00
Lasse Collin 2296778f3c xz: Make xz buildable even when encoders or decoders are disabled.
The patch is quite long but it's mostly about adding new #ifdefs
to omit code when encoders or decoders have been disabled.

This adds two new #defines to config.h: HAVE_ENCODERS and
HAVE_DECODERS.
2016-06-28 21:09:46 +03:00
Lasse Collin 97a3109281 Build: Build LZMA1/2 presets also when only decoder is wanted.
People shouldn't rely on the presets when decoding raw streams,
but xz uses the presets as the starting point for raw decoder
options anyway.

lzma_encocder_presets.c was renamed to lzma_presets.c to
make it clear it's not used solely by the encoder code.
2016-06-28 21:09:46 +03:00
Lasse Collin 46d76c9cd3 Build: Don't omit lzma_cputhreads() unless using --disable-threads.
Previously it was omitted if encoders were disabled
with --disable-encoders. It didn't make sense and
it also broke the build.
2016-06-28 21:09:46 +03:00
Lasse Collin 16d68f874d liblzma: Fix a build failure related to external SHA-256 support.
If an appropriate header and structure were found by configure,
but a library with a usable SHA-256 functions wasn't, the build
failed.
2016-06-28 21:09:46 +03:00
Lasse Collin d9311647fc xz: Always close the file before trying to delete it.
unlink() can return EBUSY in errno for open files on some
operating systems and file systems.
2016-06-28 21:09:46 +03:00
Lasse Collin e10bfdb0fc liblzma: Fix lzma_index_dup() for empty Streams.
Stream Flags and Stream Padding weren't copied from
empty Streams.
2016-06-28 21:09:46 +03:00
Lasse Collin 06f434bd89 liblzma: Add a note to index.c for those using static analyzers. 2016-06-28 21:09:46 +03:00
Lasse Collin 9815cdf698 Bump version and soname for 5.2.2. 2015-09-29 13:59:35 +03:00
Lasse Collin 119a004349 liblzma: A MSVC-specific hack isn't needed with MSVC 2013 and newer. 2015-09-25 14:03:24 +03:00
Lasse Collin ff96ed6d25 xz: Document that threaded decompression hasn't been implemented yet. 2015-05-11 21:26:40 +03:00
Lasse Collin db190a832c Revert "xz: Use pipe2() if available."
This reverts commit 7a11c4a8e5.
It is a problem when libc has pipe2() but the kernel is too
old to have pipe2() and thus pipe2() fails. In xz it's pointless
to have a fallback for non-functioning pipe2(); it's better to
avoid pipe2() completely.

Thanks to Michael Fox for the bug report.
2015-04-20 19:59:18 +03:00
Lasse Collin 25263fd9e7 Fix the detection of installed RAM on QNX.
The earlier version compiled but didn't actually work
since sysconf(_SC_PHYS_PAGES) always fails (or so I was told).

Thanks to Ole André Vadla Ravnås for the patch and testing.
2015-03-29 22:13:48 +03:00
Lasse Collin e0ea6737b0 xz: size_t/uint32_t cleanup in options.c. 2015-03-07 22:05:57 +02:00
Lasse Collin 8bcca29a65 xz: Fix a comment and silence a warning in message.c. 2015-03-07 22:04:23 +02:00
Lasse Collin f243f5f44c liblzma: Silence more uint32_t vs. size_t warnings. 2015-03-07 22:01:00 +02:00
Lasse Collin 7f0a4c50f4 xz: Make arg_count an unsigned int to silence a warning.
Actually the value of arg_count cannot exceed INT_MAX
but it's nicer as an unsigned int.
2015-03-07 19:54:00 +02:00
Lasse Collin f6ec468015 liblzma: Fix a warning in index.c. 2015-03-07 19:33:17 +02:00
Lasse Collin dec11497a7 Bump version and soname for 5.2.1. 2015-02-26 16:53:44 +02:00
Lasse Collin 7a11c4a8e5 xz: Use pipe2() if available. 2015-02-22 19:38:48 +02:00
Lasse Collin 117d962685 liblzma: Fix a compression-ratio regression in LZMA1/2 in fast mode.
The bug was added in the commit
f48fce093b and thus
affected 5.1.4beta and 5.2.0. Luckily the bug cannot
cause data corruption or other nasty things.
2015-02-21 23:40:26 +02:00
Lasse Collin ae984e31c1 xz: Fix the fcntl() usage when creating a pipe for the self-pipe trick.
Now it reads the old flags instead of blindly setting O_NONBLOCK.
The old code may have worked correctly, but this is better.
2015-02-21 23:00:19 +02:00
Lasse Collin d935b0cdf3 tuklib_cpucores: Use cpuset_getaffinity() on FreeBSD if available.
In FreeBSD, cpuset_getaffinity() is the preferred way to get
the number of available cores.

Thanks to Rui Paulo for the patch. I edited it slightly, but
hopefully I didn't break anything.
2015-02-10 15:28:30 +02:00
Lasse Collin eb61bc58c2 xzdiff: Make the mktemp usage compatible with FreeBSD's mktemp.
Thanks to Rui Paulo for the fix.
2015-02-09 22:08:37 +02:00
Lasse Collin b9a5b6b7a2 Add a few casts to tuklib_integer.h to silence possible warnings.
I heard that Visual Studio 2013 gave warnings without the casts.

Thanks to Gabi Davar.
2015-02-03 21:45:53 +02:00
Lasse Collin c45757135f liblzma: Set LZMA_MEMCMPLEN_EXTRA depending on the compare method. 2015-01-26 21:24:39 +02:00
Lasse Collin fec88d41e6 liblzma: Silence harmless Valgrind errors.
Thanks to Torsten Rupp for reporting this. I had
forgotten to run Valgrind before the 5.2.0 release.
2015-01-26 20:39:28 +02:00
Lasse Collin a9b45badfe xz: Fix comments. 2015-01-09 21:50:19 +02:00
Lasse Collin 4170edc914 xz: Don't fail if stdout doesn't support O_NONBLOCK.
This is similar to the case with stdin.

Thanks to Brad Smith for the bug report and testing
on OpenBSD.
2015-01-09 21:34:06 +02:00