Commit Graph

1496 Commits

Author SHA1 Message Date
Jia Tan 591ac56d42 liblzma: Add overflow check for Unpadded size in lzma_index_append().
This was not a security bug since there was no path to overflow
UINT64_MAX in lzma_index_append() or when it calls index_file_size().
The bug was discovered by a failing assert() in vli_ceil4() when called
from index_file_size() when unpadded_sum (the sum of the compressed size
of current Stream and the unpadded_size parameter) exceeds LZMA_VLI_MAX.

Previously, the unpadded_size parameter was checked to be not greater
than UNPADDED_SIZE_MAX, but no check was done once compressed_base was
added.

This could not have caused an integer overflow in index_file_size() when
called by lzma_index_append(). The calculation for file_size breaks down
into the sum of:

- Compressed base from all previous Streams
- 2 * LZMA_STREAM_HEADER_SIZE (size of the current Streams header and
  footer)
- stream_padding (can be set by lzma_index_stream_padding())
- Compressed base from the current Stream
- Unpadded size (parameter to lzma_index_append())

The sum of everything except for Unpadded size must be less than
LZMA_VLI_MAX. This is guarenteed by overflow checks in the functions
that can set these values including lzma_index_stream_padding(),
lzma_index_append(), and lzma_index_cat(). The maximum value for
Unpadded size is enforced by lzma_index_append() to be less than or
equal UNPADDED_SIZE_MAX. Thus, the sum cannot exceed UINT64_MAX since
LZMA_VLI_MAX is half of UINT64_MAX.

Thanks to Joona Kannisto for reporting this.

(cherry picked from commit 68bda971bb)
2024-05-07 15:31:30 +03:00
Jamaika1 ec0d5c99c3 mythread.h: Fix typo error in Vista threads mythread_once().
The "once_" variable was accidentally referred to as just "once". This
prevented building with Vista threads when
HAVE_FUNC_ATTRIBUTE_CONSTRUCTOR was not defined.

(cherry picked from commit c0c0cd4a48)
2024-05-07 15:30:38 +03:00
Lasse Collin f1123eefe1 build-aux/manconv.sh: Fix US-ASCII and UTF-8 output.
groff defaults to SGR escapes. Using -P-c passes -c to grotty
which restores the old behavior. Perhaps there is a better way to
get pure plain text output but this works for now.

(cherry picked from commit 6a1093c000)
2024-05-07 15:30:02 +03:00
Jia Tan 9d4bf2d06f liblzma: Prevent an empty translation unit in Windows builds.
To workaround Automake lacking Windows resource compiler support, an
empty source file is compiled to overwrite the resource files for static
library builds. Translation units without an external declaration are
not allowed by the C standard and result in a warning when used with
-Wempty-translation-unit (Clang) or -pedantic (GCC).

(cherry picked from commit 19899340cf)
2024-05-07 15:28:35 +03:00
Lasse Collin 5a87d91321 liblzma: Tweak #if condition in memcmplen.h.
Maybe ICC always #defines _MSC_VER on Windows but now
it's very clear which code will get used.

(cherry picked from commit b406828a6d)
2024-05-07 15:28:35 +03:00
Lasse Collin 0c53f52657 liblzma: Omit unnecessary parenthesis in a preprocessor directive.
(cherry picked from commit ef4a07ad94)
2024-05-07 15:28:35 +03:00
Jia Tan eede1df4af liblzma: Prevent warning for MSYS2 Windows build.
In lzma_memcmplen(), the <intrin.h> header file is only included if
_MSC_VER and _M_X64 are both defined but _BitScanForward64() was
previously used if _M_X64 was defined. GCC for MSYS2 defines _M_X64 but
not _MSC_VER so _BitScanForward64() was used without including
<intrin.h>.

Now, lzma_memcmplen() will use __builtin_ctzll() for MSYS2 GCC builds as
expected.

(cherry picked from commit 64ee0caaea)
2024-05-07 15:28:35 +03:00
Jia Tan 5f9bf81044 liblzma: Prevent uninitialzed warning in mt stream encoder.
This change only impacts the compiler warning since it was impossible
for the wait_abs struct in stream_encode_mt() to be used before it was
initialized since mythread_condtime_set() will always be called before
mythread_cond_timedwait().

Since the mythread.h code is different between the POSIX and
Windows versions, this warning was only present on Windows builds.

Thanks to Arthur S for reporting the warning and providing an initial
patch.

(cherry picked from commit 1155471651)
2024-05-07 15:23:51 +03:00
Jia Tan 6174ac8e60 Update THANKS.
(cherry picked from commit 62dd1c9bf0)
2024-05-07 15:23:51 +03:00
Benjamin Buch b276ef1f49 CMake: Protects against double find_package
Boost iostream uses `find_package` in quiet mode and then again uses
`find_package` with required. This second call triggers a
`add_library cannot create imported target "LibLZMA::LibLZMA"
because another target with the same name already exists.`

This can simply be fixed by skipping the alias part on secondary
`find_package` runs.

(cherry picked from commit d04eb78ab3)
2024-05-07 15:23:21 +03:00
Jia Tan 774145adfd Bump version and soname for 5.2.12. 2023-05-04 21:55:11 +08:00
Jia Tan dbb481270a Add NEWS for 5.2.12. 2023-05-04 21:55:07 +08:00
Jia Tan 46b19ec4ae Translations: Update the Croatian translation. 2023-05-04 21:42:24 +08:00
Lasse Collin 809a2fd698 tuklib_integer.h: Fix a recent copypaste error in Clang detection.
Wrong line was changed in 7062348bf3.
Also, this has >= instead of == since ints larger than 32 bits would
work too even if not relevant in practice.
2023-05-03 22:55:59 +03:00
Jia Tan fbecaa2eb4 Update THANKS. 2023-05-03 22:33:10 +03:00
Jia Tan b02e74eb73 Windows: Include <intrin.h> when needed.
Legacy Windows did not need to #include <intrin.h> to use the MSVC
intrinsics. Newer versions likely just issue a warning, but the MSVC
documentation says to include the header file for the intrinsics we use.

GCC and Clang can "pretend" to be MSVC on Windows, so extra checks are
needed in tuklib_integer.h to only include <intrin.h> when it will is
actually needed.
2023-05-03 22:33:10 +03:00
Jia Tan 8efb6ea63b tuklib_integer: Use __builtin_clz() with Clang.
Clang has support for __builtin_clz(), but previously Clang would
fallback to either the MSVC intrinsic or the regular C code. This was
discovered due to a bug where a new version of Clang required the
<intrin.h> header file in order to use the MSVC intrinsics.

Thanks to Anton Kochkov for notifying us about the bug.
2023-05-03 22:33:10 +03:00
Lasse Collin 3bd906f1f3 liblzma: Update project maintainers in lzma.h.
AUTHORS was updated earlier, lzma.h was simply forgotten.
2023-05-03 22:33:10 +03:00
Jia Tan 0ab5527c46 liblzma: Cleans up old commented out code. 2023-05-03 22:33:10 +03:00
Jia Tan 275e36013d Build: Removes redundant check for LZMA1 filter support. 2023-05-03 22:33:10 +03:00
Lasse Collin a2e129a81f Build: Add a comment that AC_PROG_CC_C99 is needed for Autoconf 2.69.
It's obsolete in Autoconf >= 2.70 and just an alias for AC_PROG_CC
but Autoconf 2.69 requires AC_PROG_CC_C99 to get a C99 compiler.
2023-03-21 14:24:43 +02:00
Lasse Collin 260683a6e2 Build: configure.ac: Use AS_IF and AS_CASE where required.
This makes no functional difference in the generated configure
(at least with the Autotools versions I have installed) but this
change might prevent future bugs like the one that was just
fixed in the commit 5a5bd7f871.
2023-03-21 14:24:37 +02:00
Lasse Collin edcde3e387 Update THANKS. 2023-03-21 14:15:14 +02:00
Lasse Collin dcd6882cb9 Build: Fix --disable-threads breaking the building of shared libs.
This is broken in the releases 5.2.6 to 5.4.2. A workaround
for these releases is to pass EGREP='grep -E' as an argument
to configure in addition to --disable-threads.

The problem appeared when m4/ax_pthread.m4 was updated in
the commit 6629ed929c which
introduced the use of AC_EGREP_CPP. AC_EGREP_CPP calls
AC_REQUIRE([AC_PROG_EGREP]) to set the shell variable EGREP
but this was only executed if POSIX threads were enabled.
Libtool code also has AC_REQUIRE([AC_PROG_EGREP]) but Autoconf
omits it as AC_PROG_EGREP has already been required earlier.
Thus, if not using POSIX threads, the shell variable EGREP
would be undefined in the Libtool code in configure.

ax_pthread.m4 is fine. The bug was in configure.ac which called
AX_PTHREAD conditionally in an incorrect way. Using AS_CASE
ensures that all AC_REQUIREs get always run.

Thanks to Frank Busse for reporting the bug.
Fixes: https://github.com/tukaani-project/xz/issues/45
2023-03-21 14:15:14 +02:00
Jia Tan 3e206e5c43 Bump version and soname for 5.2.11. 2023-03-18 22:25:59 +08:00
Jia Tan 05b0a071b6 Add NEWS for 5.2.11. 2023-03-18 22:24:49 +08:00
Lasse Collin 84b8cd3ffc Update the copy of GNU GPLv3 from gnu.org to COPYING.GPLv3. 2023-03-18 22:01:59 +08:00
Lasse Collin 090ea9ddd3 Change a few HTTP URLs to HTTPS.
The xz man page timestamp was intentionally left unchanged.
2023-03-18 22:00:28 +08:00
Lasse Collin 01f1da25e5 CMake: Require that the C compiler supports C99 or a newer standard.
Thanks to autoantwort for reporting the issue and suggesting
a different patch:
https://github.com/tukaani-project/xz/pull/42
2023-03-11 21:53:16 +02:00
Lasse Collin 2333bb5454 Update THANKS. 2023-03-11 21:47:58 +02:00
Lasse Collin 09363bea46 liblzma: Avoid null pointer + 0 (undefined behavior in C).
In the C99 and C17 standards, section 6.5.6 paragraph 8 means that
adding 0 to a null pointer is undefined behavior. As of writing,
"clang -fsanitize=undefined" (Clang 15) diagnoses this. However,
I'm not aware of any compiler that would take advantage of this
when optimizing (Clang 15 included). It's good to avoid this anyway
since compilers might some day infer that pointer arithmetic implies
that the pointer is not NULL. That is, the following foo() would then
unconditionally return 0, even for foo(NULL, 0):

    void bar(char *a, char *b);

    int foo(char *a, size_t n)
    {
        bar(a, a + n);
        return a == NULL;
    }

In contrast to C, C++ explicitly allows null pointer + 0. So if
the above is compiled as C++ then there is no undefined behavior
in the foo(NULL, 0) call.

To me it seems that changing the C standard would be the sane
thing to do (just add one sentence) as it would ensure that a huge
amount of old code won't break in the future. Based on web searches
it seems that a large number of codebases (where null pointer + 0
occurs) are being fixed instead to be future-proof in case compilers
will some day optimize based on it (like making the above foo(NULL, 0)
return 0) which in the worst case will cause security bugs.

Some projects don't plan to change it. For example, gnulib and thus
many GNU tools currently require that null pointer + 0 is defined:

    https://lists.gnu.org/archive/html/bug-gnulib/2021-11/msg00000.html

    https://www.gnu.org/software/gnulib/manual/html_node/Other-portability-assumptions.html

In XZ Utils null pointer + 0 issue should be fixed after this
commit. This adds a few if-statements and thus branches to avoid
null pointer + 0. These check for size > 0 instead of ptr != NULL
because this way bugs where size > 0 && ptr == NULL will likely
get caught quickly. None of them are in hot spots so it shouldn't
matter for performance.

A little less readable version would be replacing

    ptr + offset

with

    offset != 0 ? ptr + offset : ptr

or creating a macro for it:

    #define my_ptr_add(ptr, offset) \
            ((offset) != 0 ? ((ptr) + (offset)) : (ptr))

Checking for offset != 0 instead of ptr != NULL allows GCC >= 8.1,
Clang >= 7, and Clang-based ICX to optimize it to the very same code
as ptr + offset. That is, it won't create a branch. So for hot code
this could be a good solution to avoid null pointer + 0. Unfortunately
other compilers like ICC 2021 or MSVC 19.33 (VS2022) will create a
branch from my_ptr_add().

Thanks to Marcin Kowalczyk for reporting the problem:
https://github.com/tukaani-project/xz/issues/36
2023-03-11 21:47:47 +02:00
Lasse Collin d9445b5b2d Update THANKS. 2023-03-11 21:45:27 +02:00
Lasse Collin 3cc8ece2dc Build: Use only the generic symbol versioning on MicroBlaze.
On MicroBlaze, GCC 12 is broken in sense that
__has_attribute(__symver__) returns true but it still doesn't
support the __symver__ attribute even though the platform is ELF
and symbol versioning is supported if using the traditional
__asm__(".symver ...") method. Avoiding the traditional method is
good because it breaks LTO (-flto) builds with GCC.

See also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101766

For now the only extra symbols in liblzma_linux.map are the
compatibility symbols with the patch that spread from RHEL/CentOS 7.
These require the use of __symver__ attribute or __asm__(".symver ...")
in the C code. Compatibility with the patch from CentOS 7 doesn't
seem valuable on MicroBlaze so use liblzma_generic.map on MicroBlaze
instead. It doesn't require anything special in the C code and thus
no LTO issues either.

An alternative would be to detect support for __symver__
attribute in configure.ac and CMakeLists.txt and fall back
to __asm__(".symver ...") but then LTO would be silently broken
on MicroBlaze. It sounds likely that MicroBlaze is a special
case so let's treat it as a such because that is simpler. If
a similar issue exists on some other platform too then hopefully
someone will report it and this can be reconsidered.

(This doesn't do the same fix in CMakeLists.txt. Perhaps it should
but perhaps CMake build of liblzma doesn't matter much on MicroBlaze.
The problem breaks the build so it's easy to notice and can be fixed
later.)

Thanks to Vincent Fazio for reporting the problem and proposing
a patch (in the end that solution wasn't used):
https://github.com/tukaani-project/xz/pull/32
2023-03-11 21:45:26 +02:00
Jia Tan 050c6dbf96 liblzma: Fix documentation for LZMA_MEMLIMIT_ERROR.
LZMA_MEMLIMIT_ERROR was missing the "<" character needed to put
documentation after a member.
2023-03-11 21:45:26 +02:00
Jia Tan 8daaac8e10 tuklib_physmem: Silence warning from -Wcast-function-type on MinGW-w64.
tuklib_physmem depends on GetProcAddress() for both MSVC and MinGW-w64
to retrieve a function address. The proper way to do this is to cast the
return value to the type of function pointer retrieved. Unfortunately,
this causes a cast-function-type warning, so the best solution is to
simply ignore the warning.
2023-03-11 21:45:26 +02:00
Jia Tan 6c9a2c2e46 xz: Add missing comment for coder_set_compression_settings() 2023-03-11 21:45:26 +02:00
Jia Tan ccbb991efa xz: Do not set compression settings with raw format in list mode.
Calling coder_set_compression_settings() in list mode with verbose mode
on caused the filter chain and memory requirements to print. This was
unnecessary since the command results in an error and not consistent
with other formats like lzma and alone.
2023-03-11 21:45:26 +02:00
Lasse Collin 6df383be4a xz: Use ssize_t for the to-be-ignored return value from write(fd, ptr, 1).
It makes no difference here as the return value fits into an int
too and it then gets ignored but this looks better.
2023-03-11 21:45:26 +02:00
Lasse Collin 2ca95b7cfe liblzma: Silence warnings from clang -Wconditional-uninitialized.
This is similar to 2ce4f36f17.
The actual initialization of the variables is done inside
mythread_sync() macro. Clang doesn't seem to see that
the initialization code inside the macro is always executed.
2023-03-11 21:38:31 +02:00
Lasse Collin f900dd937f Fix warnings from clang -Wdocumentation. 2023-03-11 21:37:49 +02:00
Jia Tan 3e2b345cfd xz: Fix warning -Wformat-nonliteral on clang in message.c.
clang and gcc differ in how they handle -Wformat-nonliteral. gcc will
allow a non-literal format string as long as the function takes its
format arguments as a va_list.
2023-03-11 21:37:49 +02:00
Lasse Collin f2192d13b5 CMake/Windows: Add a workaround for windres from GNU binutils.
This is combined from the following commits in the master branch:
443dfebced
6b117d3b1f
5e34774c31

Thanks to Iouri Kharon for the bug report, the original patch,
and testing.
2023-03-11 21:34:26 +02:00
Lasse Collin 35167d71f8 CMake: Update cmake_minimum_required from 3.13...3.16 to 3.13...3.25.
The changes listed on cmake-policies(7) for versions 3.17 to 3.25
shouldn't affect this project.
2023-03-11 21:34:26 +02:00
Lasse Collin f8cae7cee0 Update THANKS. 2023-03-11 21:34:26 +02:00
Lasse Collin 7c337404bf CMake: Fix a copypaste error in xzdec Windows resource file handling.
It was my mistake. Thanks to Iouri Kharon for the bug report.
2023-03-11 21:34:26 +02:00
Lasse Collin 4dbdbd02d2 CMake/Windows: Add resource files to xz.exe and xzdec.exe.
The command line tools cannot be built with MSVC for now but
they can be built with MinGW-w64.

Thanks to Iouri Kharon for the bug report and the original patch.
2023-03-11 21:34:26 +02:00
Jia Tan 2155fef528 liblzma: Update documentation for lzma_filter_encoder. 2023-03-11 21:34:26 +02:00
Jia Cheong Tan 7067c1ca65 Doxygen: Update .gitignore for generating docs for in source build.
In source builds are not recommended, but we should still ignore
the generated artifacts.
2023-03-11 21:34:24 +02:00
Jia Tan f62e5aae51 CMake: Update .gitignore for CMake artifacts from in source build.
In source builds are not recommended, but we can make it easier
by ignoring the generated artifacts from CMake.
2023-03-11 21:33:33 +02:00
Lasse Collin f7c2cc5561 Bump version and soname for 5.2.10. 2022-12-13 13:03:20 +02:00