Commit Graph

1349 Commits

Author SHA1 Message Date
Lasse Collin dfe1710784 liblzma: Silence -Wsign-conversion in SSE2 code in memcmplen.h.
Thanks to Christian Hesse for reporting the issue.
Fixes: https://github.com/tukaani-project/xz/issues/44
2023-03-19 22:45:59 +02:00
Lasse Collin b473a92891 Change a few HTTP URLs to HTTPS.
The xz man page timestamp was intentionally left unchanged.
2023-03-18 15:56:07 +02:00
Jia Tan fd90e2f4c2 liblzma: Remove note from lzma_options_bcj about the ARM64 exception.
This was left in by mistake since an early version of the ARM64 filter
used a different struct for its options.
2023-03-17 01:42:28 +08:00
Jia Tan 55ba6e9300 liblzma: Add set lzma.h as the main page for Doxygen documentation.
The \mainpage command is used in the first block of comments in lzma.h.
This changes the previously nearly empty index.html to use the first
comment block in lzma.h for its contents.

lzma.h is no longer documented separately, but this is for the better
since lzma.h only defined a few macros that users do not need to use.
The individual API header files all have a disclaimer that they should
not be #included directly, so there should be no confusion on the fact
that lzma.h should be the only header used by applications.

Additionally, the note "See ../lzma.h for information about liblzma as
a whole." was removed since lzma.h is now the main page of the
generated HTML and does not have its own page anymore. So it would be
confusing in the HTML version and was only a "nice to have" when
browsing the source files.
2023-03-17 01:42:28 +08:00
Jia Tan af55191102 liblzma: Defines masks for return values from lzma_index_checks(). 2023-03-13 20:49:53 +08:00
Lasse Collin 717aa3651c xz: Simplify the error-label in Capsicum sandbox code.
Also remove unneeded "sandbox_allowed = false;" as this code
will never be run more than once (making it work with multiple
input files isn't trivial).
2023-03-11 18:46:45 +02:00
Lasse Collin a0eecc235d xz: Make Capsicum sandbox more strict with stdin and stdout. 2023-03-08 23:22:15 +08:00
Jia Tan 916448d624 Revert: "Add warning if Capsicum sandbox system calls are unsupported."
The warning causes the exit status to be 2, so this will cause problems
for many scripted use cases for xz. The sandbox usage is already very
limited already, so silently disabling this allows it to be more usable.
2023-03-08 23:22:11 +08:00
Jia Tan 01587dda2a xz: Fix -Wunused-label in io_sandbox_enter().
Thanks to Xin Li for recommending the fix.
2023-03-07 20:02:22 +08:00
Jia Tan 5fb9367866 xz: Add warning if Capsicum sandbox system calls are unsupported.
The warning is only used when errno == ENOSYS. Otherwise, xz still
issues a fatal error.
2023-03-06 21:37:45 +08:00
Jia Tan 61ee82cb12 xz: Skip Capsicum sandbox system calls when they are unsupported.
If a system has the Capsicum header files but does not actually
implement the system calls, then this would render xz unusable. Instead,
we can check if errno == ENOSYS and not issue a fatal error.
2023-03-06 21:27:53 +08:00
Jia Tan f070722b57 xz: Reorder cap_enter() to beginning of capsicum sandbox code.
cap_enter() puts the process into the sandbox. If later calls to
cap_rights_limit() fail, then the process can still have some extra
protections.
2023-03-06 21:08:26 +08:00
Jia Tan f1ab1f6b33 liblzma: Clarify lzma_lzma_preset() documentation in lzma12.h.
lzma_lzma_preset() does not guarentee that the lzma_options_lzma are
usable in an encoder even if it returns false (success). If liblzma
is built with default configurations, then the options will always be
usable. However if the match finders hc3, hc4, or bt4 are disabled, then
the options may not be usable depending on the preset level requested.

The documentation was updated to reflect this complexity, since this
behavior was unclear before.
2023-03-01 21:42:31 +08:00
Jia Tan 3cf72c4bcb liblzma: Replace '\n' -> newline in filter.h documentation.
The '\n' renders as a newline when the comments are converted to html
by Doxygen.
2023-02-24 21:09:39 +08:00
Jia Tan 002006be62 liblzma: Shorten return description for two functions in filter.h.
Shorten the description for lzma_raw_encoder_memusage() and
lzma_raw_decoder_memusage().
2023-02-24 21:09:39 +08:00
Jia Tan 463d9359b8 liblzma: Reword a few lines in filter.h 2023-02-24 21:09:39 +08:00
Jia Tan 01441df92c liblzma: Improve documentation in filter.h.
All functions now explicitly specify parameter and return values.
The notes and code annotations were moved before the parameter and
return value descriptions for consistency.

Also, the description above lzma_filter_encoder_is_supported() about
not being able to list available filters was removed since
lzma_str_list_filters() will do this.
2023-02-24 21:09:39 +08:00
Lasse Collin 30e95bb44c liblzma: Avoid null pointer + 0 (undefined behavior in C).
In the C99 and C17 standards, section 6.5.6 paragraph 8 means that
adding 0 to a null pointer is undefined behavior. As of writing,
"clang -fsanitize=undefined" (Clang 15) diagnoses this. However,
I'm not aware of any compiler that would take advantage of this
when optimizing (Clang 15 included). It's good to avoid this anyway
since compilers might some day infer that pointer arithmetic implies
that the pointer is not NULL. That is, the following foo() would then
unconditionally return 0, even for foo(NULL, 0):

    void bar(char *a, char *b);

    int foo(char *a, size_t n)
    {
        bar(a, a + n);
        return a == NULL;
    }

In contrast to C, C++ explicitly allows null pointer + 0. So if
the above is compiled as C++ then there is no undefined behavior
in the foo(NULL, 0) call.

To me it seems that changing the C standard would be the sane
thing to do (just add one sentence) as it would ensure that a huge
amount of old code won't break in the future. Based on web searches
it seems that a large number of codebases (where null pointer + 0
occurs) are being fixed instead to be future-proof in case compilers
will some day optimize based on it (like making the above foo(NULL, 0)
return 0) which in the worst case will cause security bugs.

Some projects don't plan to change it. For example, gnulib and thus
many GNU tools currently require that null pointer + 0 is defined:

    https://lists.gnu.org/archive/html/bug-gnulib/2021-11/msg00000.html

    https://www.gnu.org/software/gnulib/manual/html_node/Other-portability-assumptions.html

In XZ Utils null pointer + 0 issue should be fixed after this
commit. This adds a few if-statements and thus branches to avoid
null pointer + 0. These check for size > 0 instead of ptr != NULL
because this way bugs where size > 0 && ptr == NULL will likely
get caught quickly. None of them are in hot spots so it shouldn't
matter for performance.

A little less readable version would be replacing

    ptr + offset

with

    offset != 0 ? ptr + offset : ptr

or creating a macro for it:

    #define my_ptr_add(ptr, offset) \
            ((offset) != 0 ? ((ptr) + (offset)) : (ptr))

Checking for offset != 0 instead of ptr != NULL allows GCC >= 8.1,
Clang >= 7, and Clang-based ICX to optimize it to the very same code
as ptr + offset. That is, it won't create a branch. So for hot code
this could be a good solution to avoid null pointer + 0. Unfortunately
other compilers like ICC 2021 or MSVC 19.33 (VS2022) will create a
branch from my_ptr_add().

Thanks to Marcin Kowalczyk for reporting the problem:
https://github.com/tukaani-project/xz/issues/36
2023-02-23 20:41:22 +02:00
Jia Tan fa9065fac5 liblzma: Adjust container.h for consistency with filter.h. 2023-02-23 20:27:59 +08:00
Jia Tan 00a721b63d liblzma: Fix small typos and reword a few things in filter.h. 2023-02-23 20:27:59 +08:00
Jia Tan 5b1c171d4f liblzma: Convert list of flags in lzma_mt to bulleted list. 2023-02-23 20:27:59 +08:00
Jia Tan dbd47622eb liblzma: Fix typo in documentation in container.h
lzma_microlzma_decoder -> lzma_microlzma_encoder
2023-02-23 20:27:59 +08:00
Jia Tan 14cd30806d liblzma: Improve documentation for container.h
Standardizing each function to always specify parameters and return
values. Also moved the parameters and return values to the end of each
function description.
2023-02-23 20:27:59 +08:00
Lasse Collin d831072cce liblzma: Very minor API doc tweaks.
Use "member" to refer to struct members as that's the term used
by the C standard.

Use lzma_options_delta.dist and such in docs so that in Doxygen's
HTML output they will link to the doc of the struct member.

Clean up a few trailing white spaces too.
2023-02-16 21:09:00 +02:00
Jia Tan f029daea39 liblzma: Adjust spacing in doc headers in bcj.h. 2023-02-17 00:54:33 +08:00
Jia Tan a5de68bac2 liblzma: Adjust documentation in bcj.h for consistent style. 2023-02-17 00:49:47 +08:00
Jia Tan efa498c13b liblzma: Rename field => member in documentation.
Also adjusted preset value => preset level.
2023-02-17 00:49:47 +08:00
Lasse Collin 718b22a6c5 liblzma: Silence a warning from MSVC.
It gives C4146 here since unary minus with unsigned integer
is still unsigned (which is the intention here). Doing it
with substraction makes it clearer and avoids the warning.

Thanks to Nathan Moinvaziri for reporting this.
2023-02-16 17:59:50 +02:00
Jia Tan 87c53553fa liblzma: Improve documentation for stream_flags.h
Standardizing each function to always specify parameters and return
values. Also moved the parameters and return values to the end of each
function description.

A few small things were reworded and long sentences broken up.
2023-02-16 21:04:54 +08:00
Jia Tan 13d99e75a5 liblzma: Improve documentation in lzma12.h.
All functions now explicitly specify parameter and return values.
2023-02-15 22:21:44 +08:00
Jia Tan 43ec344c86 liblzma: Improve documentation in check.h.
All functions now explicitly specify parameter and return values.
Also moved the note about SHA-256 functions not being exported to the
top of the file.
2023-02-15 00:59:16 +08:00
Jia Tan 9c71db4e88 liblzma: Improve documentation in index.h
All functions now explicitly specify parameter and return values.
2023-02-15 00:20:44 +08:00
Jia Tan 421f2f2e16 liblzma: Reword a comment in index.h. 2023-02-15 00:20:44 +08:00
Jia Tan b675394849 liblzma: Omit lzma_index_iter's internal field from Doxygen docs.
Add \private above this field and its sub-fields since it is not meant
to be modified by users.
2023-02-15 00:20:44 +08:00
Jia Tan 0c9e4fc2ad liblzma: Fix documentation for LZMA_MEMLIMIT_ERROR.
LZMA_MEMLIMIT_ERROR was missing the "<" character needed to put
documentation after a member.
2023-02-14 20:41:05 +08:00
Jia Tan 816fec125a liblzma: Improve documentation for base.h.
Standardizing each function to always specify params and return values.
Also fixed a small grammar mistake.
2023-02-14 20:41:05 +08:00
Jia Tan 862dacef1a liblzma: Add one more missing [out] annotation in vli.h 2023-02-14 00:12:34 +08:00
Jia Tan 867b08ae42 liblzma: Minor improvements to vli.h.
Added [out] annotations to parameters that are pointers and can have
their value changed. Also added a clarification to lzma_vli_is_valid.
2023-02-14 00:08:33 +08:00
Jia Tan 90d0e628ff liblzma: Add comments for macros in delta.h.
Document LZMA_DELTA_DIST_MIN and LZMA_DELTA_DIST_MAX for completeness
and to avoid Doxygen warnings.
2023-02-10 21:38:25 +08:00
Jia Tan 9255fffdb1 liblzma: Improve documentation in index_hash.h.
All functions now explicitly specify parameter and return values.
Also reworded the description of lzma_index_hash_init() for readability.
2023-02-10 21:35:23 +08:00
Lasse Collin 1dbe12b90c xz: Improve the comment about start_time in mytime.c.
start_time is relative to an arbitary point in time, it's not
time of day, so using it for anything else than time differences
wouldn't make sense.
2023-02-07 19:07:45 +02:00
Jia Tan b8bce89be7 xz: Add a comment clarifying the use of start_time in mytime.c. 2023-02-04 20:11:51 +08:00
Jia Tan 912af91b10 liblzma: Improve documentation for version.h.
Specified parameter and return values for API functions and documented
a few more of the macros.
2023-02-04 20:11:36 +08:00
Jia Tan 2c78a83c6f liblzma: Fix bug in lzma_str_from_filters() not checking filters[] length.
The bug is only a problem in applications that do not properly terminate
the filters[] array with LZMA_VLI_UNKNOWN or have more than
LZMA_FILTERS_MAX filters. This bug does not affect xz.
2023-02-03 00:42:27 +08:00
Jia Tan 8dfc029e7a liblzma: Fix typos in comments in string_conversion.c. 2023-02-03 00:42:27 +08:00
Jia Tan 54ad83c1ae liblzma: Clarify block encoder and decoder documentation.
Added a few sentences to the description for lzma_block_encoder() and
lzma_block_decoder() to highlight that the Block Header must be coded
before calling these functions.
2023-02-03 00:22:53 +08:00
Jia Tan f680e771b3 Update lzma_block documentation for lzma_block_uncomp_encode(). 2023-02-03 00:22:53 +08:00
Jia Tan 504cf4af89 liblzma: Minor edits to lzma_block header_size documentation. 2023-02-03 00:22:53 +08:00
Jia Tan 115b720fb5 liblzma: Enumerate functions that read version in lzma_block. 2023-02-03 00:22:53 +08:00
Jia Tan 85ea0979ad liblzma: Clarify comment in block.h. 2023-02-03 00:22:53 +08:00
Jia Tan 1f7ab90d9c liblzma: Improve documentation for block.h.
Standardizing each function to always specify params and return values.
Output pointer parameters are also marked with doxygen style [out] to
make it clear. Any note sections were also moved above the parameter and
return sections for consistency.
2023-02-03 00:22:53 +08:00
Jia Tan c563a4bc55 liblzma: Clarify a comment about LZMA_STR_NO_VALIDATION.
The flag description for LZMA_STR_NO_VALIDATION was previously confusing
about the treatment for filters than cannot be used with .xz format
(lzma1) without using LZMA_STR_ALL_FILTERS. Now, it is clear that
LZMA_STR_NO_VALIDATION is not a super set of LZMA_STR_ALL_FILTERS.
2023-02-01 23:39:45 +08:00
Lasse Collin 610dde15a8 xz: Use clock_gettime() even if CLOCK_MONOTONIC isn't available.
mythread.h and thus liblzma already does it.
2023-01-27 20:02:49 +02:00
Lasse Collin ff592c616e xz: Add SIGTSTP handler for progress indicator time keeping.
This way, if xz is stopped the elapsed time and estimated time
remaining won't get confused by the amount of time spent in
the stopped state.

This raises SIGSTOP. It's not clear to me if this is the correct way.
POSIX and glibc docs say that SIGTSTP shouldn't stop the process if
it is orphaned but this commit doesn't attempt to handle that.

Search for SIGTSTP in section 2.4.3:

https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.html
2023-01-27 19:37:47 +02:00
Lasse Collin af5a4bd5af tuklib_physmem: Check for __has_warning before GCC version.
Clang can be configured to fake a too high GCC version so
this way it's more robust.
2023-01-26 17:39:46 +02:00
Jia Tan f35d98e206 liblzma: Fix documentation in filter.h for lzma_str_to_filters()
The previous documentation for lzma_str_to_filters() was technically
correct, but misleading. lzma_str_to_filters() returns NULL on success,
which is in practice always defined to 0. This is the same value as
LZMA_OK, but lzma_str_to_filters() does not return lzma_ret so we should
be more clear.
2023-01-24 20:48:50 +08:00
Lasse Collin 2f78ecc593 Revert "tuklib_common: Define __has_warning if it is not defined."
This reverts commit 82e3c968bf.

Macros in the reserved namespace (_foo or __foo) shouldn't be #defined
without a very good reason. Here the alternative would have been
to #define tuklib_has_warning(str) to an approriate value.

Also the tuklib_* files should stay namespace clean if possible.
2023-01-24 20:20:51 +08:00
Lasse Collin 8366cf8738 tuklib_physmem: Clean up the way -Wcast-function-type is silenced on Windows.
__has_warning and other __has_foo macros are meant to become
compiler-agnostic so it's not good to check for __clang__ with it.

This also relied on tuklib_common.h for #defining __has_warning
which was confusing as #defining reserved macros is generally
not a good idea.
2023-01-24 20:20:40 +08:00
Lasse Collin 683a3c7e2f xz: Flip the return value of suffix_is_set to match the documentation.
Also edit style to match the existing coding style in the project.
2023-01-24 20:20:04 +08:00
Jia Tan cc5aa9ab13 xz: Refactor duplicated check for custom suffix when using --format=raw 2023-01-21 22:10:51 +08:00
Jia Tan 9663141274 liblzma: Set documentation on all reserved fields to private.
This prevents the reserved fields from being part of the generated
Doxygen documentation.
2023-01-21 21:37:48 +08:00
Jia Tan 6fcf4671b6 liblzma: Highlight liblzma API headers should not be included directly.
This improves the generated Doxygen HTML files to better highlight
how to properly use the liblzma API header files.
2023-01-20 00:51:12 +08:00
Jia Tan b43ff180fb tuklib_physmem: Silence warning from -Wcast-function-type on MinGW-w64.
tuklib_physmem depends on GetProcAddress() for both MSVC and MinGW-w64
to retrieve a function address. The proper way to do this is to cast the
return value to the type of function pointer retrieved. Unfortunately,
this causes a cast-function-type warning, so the best solution is to
simply ignore the warning.
2023-01-19 20:35:09 +08:00
Jia Tan 82e3c968bf tuklib_common: Define __has_warning if it is not defined.
clang supports the __has_warning macro to determine if the version of
clang compiling the code supports a given warning. If we do not define
it for other compilers, it may cause a preprocessor error.
2023-01-19 20:32:40 +08:00
Jia Tan d3e1147705 xz: Add missing comment for coder_set_compression_settings() 2023-01-16 21:35:45 +08:00
Jia Tan 123255b6ed xz: Do not set compression settings with raw format in list mode.
Calling coder_set_compression_settings() in list mode with verbose mode
on caused the filter chain and memory requirements to print. This was
unnecessary since the command results in an error and not consistent
with other formats like lzma and alone.
2023-01-16 20:55:10 +08:00
Lasse Collin 52dc033d0b xz: Use ssize_t for the to-be-ignored return value from write(fd, ptr, 1).
It makes no difference here as the return value fits into an int
too and it then gets ignored but this looks better.
2023-01-12 06:05:58 +02:00
Lasse Collin b1a6d180a3 xz: Silence warnings from -Wsign-conversion in a 32-bit build. 2023-01-12 06:01:12 +02:00
Lasse Collin 31c21c734b liblzma: Silence another warning from -Wsign-conversion in a 32-bit build.
It doesn't warn on a 64-bit system because truncating
a ptrdiff_t (signed long) to uint32_t is diagnosed under
-Wconversion by GCC and -Wshorten-64-to-32 by Clang.
2023-01-12 05:38:48 +02:00
Lasse Collin 37fbdfb726 liblzma: Silence a warning from -Wsign-conversion in a 32-bit build. 2023-01-12 04:46:45 +02:00
Lasse Collin 3f13bf6b9e liblzma: Silence warnings from clang -Wconditional-uninitialized.
This is similar to 2ce4f36f17.
The actual initialization of the variables is done inside
mythread_sync() macro. Clang doesn't seem to see that
the initialization code inside the macro is always executed.
2023-01-12 03:19:59 +02:00
Lasse Collin 6c886cc5b3 Fix warnings from clang -Wdocumentation. 2023-01-12 03:11:40 +02:00
Jia Tan d1561c47ec
xz: Fix warning -Wformat-nonliteral on clang in message.c.
clang and gcc differ in how they handle -Wformat-nonliteral. gcc will
allow a non-literal format string as long as the function takes its
format arguments as a va_list.
2023-01-11 22:46:48 +08:00
Lasse Collin 0b8fa310cf liblzma: CLMUL CRC64: Work around a bug in MSVC, second attempt.
This affects only 32-bit x86 builds. x86-64 is OK as is.

I still cannot easily test this myself. The reporter has tested
this and it passes the tests included in the CMake build and
performance is good: raw CRC64 is 2-3 times faster than the
C version of the slice-by-four method. (Note that liblzma doesn't
include a MSVC-compatible version of the 32-bit x86 assembly code
for the slice-by-four method.)

Thanks to Iouri Kharon for figuring out a fix, testing, and
benchmarking.
2023-01-10 22:15:55 +02:00
Lasse Collin cfabb62a48 Revert "liblzma: CLMUL CRC64: Workaround a bug in MSVC (VS2015-2022)."
This reverts commit 36edc65ab4.

It was reported that it wasn't a good enough fix and MSVC
still produced (different kind of) bad code when building
for 32-bit x86 if optimizations are enabled.

Thanks to Iouri Kharon.
2023-01-10 12:47:16 +02:00
Lasse Collin 0b64215170 sysdefs.h: Don't include strings.h anymore.
On some platforms src/xz/suffix.c may need <strings.h> for
strcasecmp() but suffix.c includes the header when it needs it.

Unless there is an old system that otherwise supports enough C99
to build XZ Utils but doesn't have C89/C90-compatible <string.h>,
there should be no need to include <strings.h> in sysdefs.h.
2023-01-10 11:56:11 +02:00
Lasse Collin ec2fc39fe4 xz: Include <strings.h> in suffix.c if needed for strcasecmp().
SUSv2 and POSIX.1‐2017 declare only a few functions in <strings.h>.
Of these, strcasecmp() is used on some platforms in suffix.c.
Nothing else in the project needs <strings.h> (at least if
building on a modern system).

sysdefs.h currently includes <strings.h> if HAVE_STRINGS_H is
defined and suffix.c relied on this.

Note that dos/config.h doesn't #define HAVE_STRINGS_H even though
DJGPP does have strings.h. It isn't needed with DJGPP as strcasecmp()
is also in <string.h> in DJGPP.
2023-01-10 11:23:41 +02:00
Lasse Collin 7049c4a76c sysdefs.h: Fix a comment. 2023-01-10 10:05:13 +02:00
Lasse Collin 194a5fab69 sysdefs.h: Don't include memory.h anymore even if it were available.
It quite probably was never needed, that is, any system where memory.h
was required likely couldn't compile XZ Utils for other reasons anyway.

XZ Utils 5.2.6 and later source packages were generated using
Autoconf 2.71 which no longer defines HAVE_MEMORY_H. So the code
being removed is no longer used anyway.
2023-01-10 10:04:06 +02:00
Lasse Collin 36edc65ab4 liblzma: CLMUL CRC64: Workaround a bug in MSVC (VS2015-2022).
I haven't tested with MSVC myself and there doesn't seem to be
information about the problem online, so I'm relying on the bug report.

Thanks to Iouri Kharon for the bug report and the patch.
2023-01-09 12:22:05 +02:00
Jia Tan 6fd39664de
Merge pull request #7 from tukaani-project/tuktest_index_hash
Tuktest index hash
2023-01-07 00:10:50 +08:00
Jia Tan 78e0561dfe Style: Change #if !defined() to #ifndef in mythread.h. 2023-01-06 20:43:31 +08:00
Jia Tan 84f9687cba liblzma: Remove common.h include from common/index.h.
common/index.h is needed by liblzma internally and tests. common.h will
include and define many things that are not needed by the tests. Also,
this prevents include order problems because common.h will redefine
LZMA_API resulting in a warning.
2023-01-05 20:57:25 +08:00
Lasse Collin 4103a2e78a Bump version and soname for 5.5.0alpha.
5.5.0alpha won't be released, it's just to mark that
the branch is not for stable 5.4.x.

Once again there is no API/ABI stability for new features
in devel versions. The major soname won't be bumped even
if API/ABI of new features breaks between devel releases.
2023-01-02 17:20:47 +02:00
Jia Tan bb740e3b11
Build: Only define HAVE_PROGRAM_INVOCATION_NAME if it is set to 1.
HAVE_DECL_PROGRAM_INVOCATION_NAME is renamed to
HAVE_PROGRAM_INVOCATION_NAME. Previously,
HAVE_DECL_PROGRAM_INVOCATION_NAME was always set when
building with autotools. CMake would only set this when it was 1, and the
dos/config.h did not define it. The new macro definition is consistent
across build systems.
2023-01-02 22:33:48 +08:00
Jia Tan f16e12d5e7 liblzma: Add NULL check to lzma_index_hash_append.
This is for consistency with lzma_index_append.
2023-01-02 22:20:04 +08:00
Jia Tan 203b008eb2 liblzma: Replaced hardcoded 0x0 index indicator byte with macro 2023-01-02 22:20:04 +08:00
Jia Tan 2fcba17fc4 xz: Includes <time.h> and <sys/time.h> conditionally in mytime.c.
Previously, mytime.c depended on mythread.h for <time.h> to be included.
2022-12-30 23:34:31 +08:00
Jia Tan f82294c831 liblzma: Includes sys/time.h conditionally in mythread
Previously, <sys/time.h> was always included, even if mythread only used
clock_gettime. <time.h> is still needed even if clock_gettime is not used
though because struct timespec is needed for mythread_condtime.
2022-12-30 23:34:31 +08:00
Jia Tan 74dae7d300 Build: No longer require HAVE_DECL_CLOCK_MONOTONIC to always be set.
Previously, if threading was enabled HAVE_DECL_CLOCK_MONOTONIC would always
be set to 0 or 1. However, this macro was needed in xz so if xz was not
built with threading and HAVE_DECL_CLOCK_MONOTONIC was not defined but
HAVE_CLOCK_GETTIME was, it caused a warning during build. Now,
HAVE_DECL_CLOCK_MONOTONIC has been renamed to HAVE_CLOCK_MONOTONIC and
will only be set if it is 1.
2022-12-30 23:34:31 +08:00
Jia Tan 1275ebfba7 liblzma: Update documentation for lzma_filter_encoder. 2022-12-30 23:34:31 +08:00
Jia Tan 5f7ce42a16 liblzma: Fix lzma_microlzma_encoder() return value.
Using return_if_error on lzma_lzma_lclppb_encode was improper because
return_if_error is expecting an lzma_ret value, but
lzma_lzma_lclppb_encode returns a boolean. This could result in
lzma_microlzma_encoder, which would be misleading for applications.
2022-12-30 23:34:31 +08:00
Lasse Collin 8fd225a2c1 liblzma: Update authors list in arm64.c. 2022-12-16 18:30:02 +02:00
Lasse Collin b69da6d4bb Bump version to 5.4.0 and soname to 5.4.0. 2022-12-13 20:46:41 +02:00
Lasse Collin 854f2f5946 xz: Rename --experimental-arm64 to --arm64. 2022-12-11 21:13:57 +02:00
Lasse Collin 31dbd1e5fb liblzma: Change LZMA_FILTER_ARM64 to the official Filter ID 0x0A. 2022-12-11 21:13:06 +02:00
Lasse Collin 01b3549e52 xz: Make args_info.files_name a const pointer. 2022-12-08 19:24:22 +02:00
Lasse Collin bc665b84ea xz: Don't modify argv[].
The code that parses --memlimit options and --block-list modified
the argv[] when parsing the option string from optarg. This was
visible in "ps auxf" and such and could be confusing. I didn't
understand it back in the day when I wrote that code. Now a copy
is allocated when modifiable strings are needed.
2022-12-08 19:18:16 +02:00
Lasse Collin ac2a747e93 liblzma: Check for unexpected NULL pointers in block_header_decode().
The API docs gave an impression that such checks are done
but they actually weren't done. In practice it made little
difference since the calling code has a bug if these are NULL.

Thanks to Jia Tan for the original patch that checked for
block->filters == NULL.
2022-12-08 17:30:09 +02:00
Lasse Collin 24790f49ae Bump version number for 5.3.5beta.
This also sorts the symbol names alphabetically in liblzma_*.map.
2022-12-01 20:59:32 +02:00
Lasse Collin 62b270988e liblzma: Use __has_attribute(__symver__) to fix Clang detection.
If someone sets up Clang to define __GNUC__ to 10 or greater
then symvers broke. __has_attribute is supported by such GCC
and Clang versions that don't support __symver__ so this should
be much better and simpler way to detect if __symver__ is
actually supported.

Thanks to Tomasz Gajc for the bug report.
2022-12-01 20:55:21 +02:00
Lasse Collin f9ca7d4516 liblzma: Omit zero-skipping from ARM64 filter.
It has some complicated downsides and its usefulness is more limited
than I originally thought. So this change is bad for certain very
specific situations but a generic solution that works for other
filters (and is otherwise better too) is planned anyway. And this
way 7-Zip can use the same compatible filter for the .7z format.

This is still marked as experimental with a new temporary Filter ID.
2022-12-01 18:55:00 +02:00
Lasse Collin 5baec3f0a9 xz: Omit the special notes about ARM64 filter on the man page. 2022-12-01 18:13:27 +02:00
Lasse Collin 0c3627b518 liblzma: Don't be over-specific in lzma_str_to_filters API doc. 2022-12-01 18:12:03 +02:00
Lasse Collin 94adf057f2 liblzma: Silence unused variable warning when BCJ filters are disabled.
Thanks to Jia Tan for the original patch.
2022-12-01 17:54:23 +02:00
Jia Tan 7c16e312cb xz: Remove message_filters_to_str function prototype from message.h.
This was forgotten from 7484744af6.
2022-11-30 18:12:35 +02:00
Jia Tan 0a72b9ca2f liblzma: Improve documentation for string to filter functions. 2022-11-29 22:29:15 +02:00
Lasse Collin a6e21fcede liblzma: Two fixes to lzma_str_list_filters() API docs.
Thanks to Jia Tan.
2022-11-29 22:27:42 +02:00
Lasse Collin 7484744af6 xz: Use lzma_str_from_filters().
Two uses: Displaying encoder filter chain when compressing with -vv,
and displaying the decoder filter chain in --list -vv.
2022-11-28 22:05:32 +02:00
Lasse Collin cedeeca2ea liblzma: Add lzma_str_to_filters, _from_filters, and _list_filters.
lzma_str_to_filters() uses static error messages which makes
them not very precise. It tells the position in the string
where an error occurred though which helps quite a bit if
applications take advantage of it. Dynamic error messages can
be added later with a new flag if it seems important enough.
2022-11-28 21:54:24 +02:00
Lasse Collin 072ebf7b13 liblzma: Make lzma_validate_chain() available outside filter_common.c. 2022-11-28 21:02:19 +02:00
Lasse Collin 5f22bd2d37 liblzma: Remove lzma_lz_decoder_uncompressed() as it's now unused. 2022-11-28 10:51:03 +02:00
Lasse Collin cee8320646 liblzma: Use LZMA1EXT feature in lzma_microlzma_decoder().
Here too this avoids the slightly ugly method to set
the uncompressed size.

Also moved the setting of dict_size to the struct initializer.
2022-11-28 10:48:53 +02:00
Lasse Collin e310e8b6a4 liblzma: Use LZMA1EXT feature in lzma_alone_decoder().
This avoids the need to use the slightly ugly method to
set the uncompressed size.
2022-11-28 10:28:20 +02:00
Lasse Collin 33b8a24b66 liblzma: Add LZMA_FILTER_LZMA1EXT to support LZMA1 without end marker.
Some file formats need support for LZMA1 streams that don't use
the end of payload marker (EOPM) alias end of stream (EOS) marker.
So far liblzma API has supported decompressing such streams via
lzma_alone_decoder() when .lzma header specifies a known
uncompressed size. Encoding support hasn't been available in the API.

Instead of adding a new LZMA1-only API for this purpose, this commit
adds a new filter ID for use with raw encoder and decoder. The main
benefit of this approach is that then also filter chains are possible,
for example, if someone wants to implement support for .7z files that
use the x86 BCJ filter with LZMA1 (not BCJ2 as that isn't supported
in liblzma).
2022-11-27 23:16:21 +02:00
Lasse Collin 9a304bf1e4 liblzma: Avoid unneeded use of void pointer in LZMA decoder. 2022-11-27 18:43:07 +02:00
Lasse Collin 218394958c liblzma: Pass the Filter ID to LZ encoder and decoder.
This allows using two Filter IDs with the same
initialization function and data structures.
2022-11-27 18:20:33 +02:00
Lasse Collin 1663c7676b liblzma: Remove two FIXME comments. 2022-11-27 01:03:16 +02:00
Lasse Collin 11fe708db7 xz: Use lzma_filters_free(). 2022-11-26 22:25:30 +02:00
Lasse Collin e782af9110 liblzma: Use lzma_filters_free() in more places. 2022-11-26 22:21:13 +02:00
Lasse Collin 90caaded2d liblzma: Omit simple coder init functions if they are disabled. 2022-11-25 18:04:37 +02:00
Lasse Collin 5cd9f0df78 xz: Allow nice_len 2 and 3 even if match finder requires 3 or 4.
Now that liblzma accepts these, we avoid the extra check and
there's one message less for translators too.
2022-11-24 23:24:59 +02:00
Lasse Collin 3be88ae071 liblzma: Allow nice_len 2 and 3 even if match finder requires 3 or 4.
That is, if the specified nice_len is smaller than the minimum
of the match finder, silently use the match finder's minimum value
instead of reporting an error. The old behavior is annoying to users
and it complicates xz options handling too.
2022-11-24 23:23:55 +02:00
Lasse Collin 93439cfafe liblzma: Add lzma_filters_update() support to the multi-threaded encoder.
A tiny downside of this is that now a 1-4 tiny allocations are made
for every Block because each worker thread needs its own copy of
the filter chain.
2022-11-24 16:25:10 +02:00
Lasse Collin 06824396b2 Build: Don't put GNU/Linux-specific symbol versions into static liblzma.
It not only makes no sense to put symbol versions into a static library
but it can also cause breakage.

By default Libtool #defines PIC if building a shared library and
doesn't define it for static libraries. This is documented in the
Libtool manual. It can be overriden using --with-pic or --without-pic.
configure.ac detects if --with-pic or --without-pic is used and then
gives an error if neither --disable-shared nor --disable-static was
used at the same time. Thus, in normal situations it works to build
both shared and static library at the same time on GNU/Linux,
only --with-pic or --without-pic requires that only one type of
library is built.

Thanks to John Paul Adrian Glaubitz from Debian for reporting
the problem that occurred on ia64:
https://www.mail-archive.com/xz-devel@tukaani.org/msg00610.html
2022-11-24 14:52:44 +02:00
Lasse Collin e1acf71072 liblzma: Refactor to use lzma_filters_free().
lzma_filters_free() sets the options to NULL and ids to
LZMA_VLI_UNKNOWN so there is no need to do it by caller;
the filter arrays will always be left in a safe state.

Also use memcpy() instead of a loop to copy a filter chain
when it is known to be safe to copy LZMA_FILTERS_MAX + 1
(even if the elements past the terminator might be uninitialized).
2022-11-24 01:32:16 +02:00
Lasse Collin cb05dbcf8b liblzma: Fix another invalid free() after memory allocation failure.
This time it can happen when lzma_stream_encoder_mt() is used
to reinitialize an existing multi-threaded Stream encoder
and one of 1-4 tiny allocations in lzma_filters_copy() fail.

It's very similar to the previous bug
10430fbf38, happening with
an array of lzma_filter structures whose old options are freed
but the replacement never arrives due to a memory allocation
failure in lzma_filters_copy().
2022-11-24 01:26:37 +02:00
Jia Tan 75f1a6c26d liblzma: Add support for LZMA_SYNC_FLUSH in the Block encoder.
The documentation mentions that lzma_block_encoder() supports
LZMA_SYNC_FLUSH but it was never added to supported_actions[]
in the internal structure. Because of this, LZMA_SYNC_FLUSH could
not be used with the Block encoder unless it was the next coder
after something like stream_encoder() or stream_encoder_mt().
2022-11-24 01:07:32 +02:00
Lasse Collin d090164517 liblzma: Add new API function lzma_filters_free().
This is small but convenient and should have been added
a long time ago.
2022-11-24 01:02:50 +02:00
Lasse Collin 48c1b99dc5 liblzma: Add lzma_attr_warn_unused_result to lzma_filters_copy(). 2022-11-23 21:55:22 +02:00
Lasse Collin 10430fbf38 liblzma: Fix invalid free() after memory allocation failure.
The bug was in the single-threaded .xz Stream encoder
in the code that is used for both re-initialization and for
lzma_filters_update(). To trigger it, an application had
to either re-initialize an existing encoder instance with
lzma_stream_encoder() or use lzma_filters_update(), and
then one of the 1-4 tiny allocations in lzma_filters_copy()
(called from stream_encoder_update()) must fail. An error
was correctly reported but the encoder state was corrupted.

This is related to the recent fix in
f8ee61e74e which is good but
it wasn't enough to fix the main problem in stream_encoder.c.
2022-11-23 21:26:21 +02:00
Lasse Collin cafd6dc397 liblzma: Fix language in a comment. 2022-11-22 16:37:15 +02:00
Lasse Collin c392bf8ccb liblzma: Fix infinite loop in LZMA encoder init with dict_size >= 2 GiB.
The encoder doesn't support dictionary sizes larger than 1536 MiB.
This is validated, for example, when calculating the memory usage
via lzma_raw_encoder_memusage(). It is also enforced by the LZ
part of the encoder initialization. However, LZMA encoder with
LZMA_MODE_NORMAL did an unsafe calculation with dict_size before
such validation and that results in an infinite loop if dict_size
was 2 << 30 or greater.
2022-11-22 11:23:23 +02:00
Lasse Collin f50534c973 liblzma: Fix two Doxygen commands in the API headers.
These were caught by clang -Wdocumentation.
2022-11-21 13:02:33 +02:00
Lasse Collin 649d4872ed xz: Refactor duplicate code from hardware_memlimit_mtenc_get(). 2022-11-19 19:09:55 +02:00
Lasse Collin d327743bb5 xz: Add support --threads=+N so that -T+1 gives threaded mode. 2022-11-19 19:06:13 +02:00
Lasse Collin b9a67d9a5f Bump version number for 5.3.4alpha. 2022-11-15 11:18:28 +02:00
Lasse Collin b56bc8251d Revert "liblzma: Simple/BCJ filters: Allow disabling generic BCJ options."
This reverts commit 177bdc922c
and also does equivalent change to arm64.c.

Now that ARM64 filter will use lzma_options_bcj, this change
is not needed anymore.
2022-11-14 23:19:57 +02:00
Lasse Collin 8370ec8edf Replace the experimental ARM64 filter with a new experimental version.
This is incompatible with the previous version.

This has space/tab fixes in filter_*.c and bcj.h too.
2022-11-14 23:16:38 +02:00
Lasse Collin f644473a21 liblzma: Add fast CRC64 for 32/64-bit x86 using SSSE3 + SSE4.1 + CLMUL.
It also works on E2K as it supports these intrinsics.

On x86-64 runtime detection is used so the code keeps working on
older processors too. A CLMUL-only build can be done by using
-msse4.1 -mpclmul in CFLAGS and this will reduce the library
size since the generic implementation and its 8 KiB lookup table
will be omitted.

On 32-bit x86 this isn't used by default for now because by default
on 32-bit x86 the separate assembly file crc64_x86.S is used.
If --disable-assembler is used then this new CLMUL code is used
the same way as on 64-bit x86. However, a CLMUL-only build
(-msse4.1 -mpclmul) won't omit the 8 KiB lookup table on
32-bit x86 due to a currently-missing check for disabled
assembler usage.

The configure.ac check should be such that the code won't be
built if something in the toolchain doesn't support it but
--disable-clmul-crc option can be used to unconditionally
disable this feature.

CLMUL speeds up decompression of files that have compressed very
well (assuming CRC64 is used as a check type). It is know that
the CLMUL code is significantly slower than the generic code for
tiny inputs (especially 1-8 bytes but up to 16 bytes). If that
is a real-world problem then there is already a commented-out
variant that uses the generic version for small inputs.

Thanks to Ilya Kurdyukov for the original patch which was
derived from a white paper from Intel [1] (published in 2009)
and public domain code from [2] (released in 2016).

[1] https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/fast-crc-computation-generic-polynomials-pclmulqdq-paper.pdf
[2] https://github.com/rawrunprotected/crc
2022-11-14 23:05:46 +02:00
Lasse Collin eb0f1450ad liblzma: Use __attribute__((__constructor__)) if available.
This uses it for CRC table initializations when using --disable-small.
It avoids mythread_once() overhead. It also means that then
--disable-small --disable-threads is thread-safe if this attribute
is supported.
2022-11-14 16:00:52 +02:00
Lasse Collin a39961ef21 liblzma: Fix building with Intel ICC (the classic compiler).
It claims __GNUC__ >= 10 but doesn't support __symver__ attribute.

Thanks to Stephen Sachs.
2022-11-11 17:15:25 +02:00
Lasse Collin c715f683dc liblzma: Fix incorrect #ifdef for x86 SSE2 support.
__SSE2__ is the correct macro for SSE2 support with GCC, Clang,
and ICC. __SSE2_MATH__ means doing floating point math with SSE2
instead of 387. Often the latter macro is defined if the first
one is but it was still a bug.
2022-11-11 14:35:58 +02:00
Lasse Collin 3c7860cf49 xzdiff: Add support for .lz files.
The other scripts don't need changes for .lz support because
in those scripts it is enough that xz supports .lz.
2022-11-11 13:16:21 +02:00
Lasse Collin d76c752a6d Scripts: Ignore warnings from xz.
In practice this means making the scripts work when
the input files have an unsupported check type which
isn't a problem in practice unless support for
some check types has been disabled at build time.
2022-11-11 12:23:58 +02:00
Lasse Collin 0918159ce4 xz: Update the man page about BCJ filters, including upcoming --arm64.
The --arm64 isn't actually implemented yet in the form
described in this commit.

Thanks to Jia Tan.
2022-11-09 19:09:26 +02:00
Lasse Collin ba2ae3596f xz: Add --arm64 to --long-help and omit endianness from ARM(-Thumb).
Modern 32-bit ARM in big endian mode use little endian for
instruction encoding still, so the filters work on such
executables too. It's likely less confusing for users this way.

The --arm64 option hasn't been implemented yet (there is
--experimental-arm64 but it's different). The --arm64 option
is added now anyway because this is the likely result and the
strings need to be ready for translators.

Thanks to Jia Tan.
2022-11-09 18:14:14 +02:00
Lasse Collin 731db13e6f xz: Remove the commented-out FORMAT_GZIP, gzip, .gz, and .tgz. 2022-11-09 14:31:10 +02:00
Lasse Collin 3176f992c5 xz: Add .lz (lzip) decompression support.
If configured with --disable-lzip-decoder then --long-help will
still list `lzip' in --format but I left it like that since
due to translations it would be messy to have two help strings.
Features are disabled only in special situations so wrong help
in such a situation shouldn't matter much.

Thanks to Michał Górny for the original patch.
2022-11-09 14:28:41 +02:00
Lasse Collin 034086e1ae liblzma: Add .lz support to lzma_auto_decoder().
Thanks to Michał Górny for the original patch.
2022-11-09 14:25:26 +02:00
Lasse Collin 0538db038f liblzma: Add .lz (lzip) decompression support (format versions 0 and 1).
Support for format version 0 was removed from lzip 1.18 for some
reason. .lz format version 0 files are rare (and old) but some
source packages were released in this format, and some people might
have personal files in this format too. It's very little extra code
to support it along side format version 1 so this commits adds
support for both.

The Sync Flush marker extentension to the original .lz format
version 1 isn't supported. It would require changes to the
LZMA decoder itself. Such files are very rare anyway.

See the API doc for lzma_lzip_decoder() for more details about
the .lz format support.

Thanks to Michał Górny for the original patch.
2022-11-09 14:24:20 +02:00
Lasse Collin 633d48a075 liblzma: Add the missing Makefile.inc change for --disable-microlzma.
This was forgotten from commit 59c4d6e139.
2022-11-09 14:17:23 +02:00
Lasse Collin 724285dadb xz: Add comments about stdin and src_st.st_size.
"xz -v < regular_file > out.xz" doesn't display the percentage
and estimated remaining time because it doesn't even try to
check the input file size when input is read from stdin.
This could be improved but for now there's just a comment
to remind about it.
2022-11-09 14:10:52 +02:00
Lasse Collin f723eec68b xz: Fix displaying of file sizes in progress indicator in passthru mode.
It worked for one input file since the counters are zero when
xz starts but they weren't reset when starting a new file in
passthru mode. For example, if files A, B, and C are one byte each,
then "xz -dcvf A B C" would show file sizes as 1, 2, and 3 bytes
instead of 1, 1, and 1 byte.
2022-11-09 12:48:22 +02:00
Lasse Collin 69265d0f22 xz: Add a comment why --to-stdout is not in --help.
It is on the man page still.
2022-11-09 11:27:20 +02:00
Lasse Collin fe6b8852a3 xz: Make xz -lvv show that the upcoming --arm64 needs 5.4.0 to decompress. 2022-11-08 23:05:37 +02:00
Lasse Collin 4746f5ec72 liblzma: Update API docs about decoder flags. 2022-11-08 14:13:03 +02:00
Lasse Collin 8779a9db5d liblzma: Use the return_if_error() macro in alone_decoder.c. 2022-11-08 14:01:50 +02:00
Lasse Collin 3f4990b682 liblzma: Fix a comment in auto_decoder.c. 2022-11-08 14:00:58 +02:00
Lasse Collin 026a5897c7 xz: Initialize the pledge(2) sandbox at the very beginning of main().
It feels better that the initializations are sandboxed too.
They don't do anything that the pledge() call wouldn't allow.
2022-11-08 13:43:19 +02:00
Lasse Collin 49a59f6ca0 xz: Extend --robot --info-memory output.
Now it includes everything that the human-readable --info-memory shows.
2022-11-07 22:51:16 +02:00
Lasse Collin 5e2450c75c liblzma: Include cached memory in reported memusage in threaded decoder.
This affects lzma_memusage() and lzma_memlimit_set() when used
with the threaded decompressor. Now all allocations are reported
by lzma_memusage() (so it's not misleading) and lzma_memlimit_set()
cannot lower the limit below that value.

The alternative would have been to allow lowering the limit if
doing so is possible by freeing the cached memory but since
the primary use case of lzma_memlimit_set() is to increase
memlimit after LZMA_MEMLIMIT_ERROR this simple approach
was selected.

The cached memory was always included when enforcing
the memory usage limit while decoding.

Thanks to Jia Tan.
2022-11-07 17:22:04 +02:00
Jia Tan 1fc6e7dd1f xz: Avoid a compiler warning in progress_speed() in message.c.
This should be smaller too since it avoids the string constants.
2022-11-07 16:24:56 +02:00
Lasse Collin e53e0e2186 Windows: Fix mythread_once() macro with Vista threads.
Don't call InitOnceComplete() if initialization was already done.

So far mythread_once() has been needed only when building
with --enable-small. windows/build.bash does this together
with --disable-threads so the Vista-specific mythread_once()
is never needed by those builds. VS project files or
CMake-builds don't support HAVE_SMALL builds at all.
2022-10-31 13:31:58 +02:00
Lasse Collin 48dde3bab9 liblzma: Silence -Wconversion warning from crc64_fast.c. 2022-10-31 11:54:44 +02:00
Lasse Collin 054ccd6d14 xz: Fix --single-stream with an empty .xz Stream.
Example:

    $ xz -dc --single-stream good-0-empty.xz
    xz: good-0-empty.xz: Internal error (bug)

The code, that is tries to catch some input file issues early,
didn't anticipate LZMA_STREAM_END which is possible in that
code only when --single-stream is used.
2022-10-25 23:09:11 +03:00
Lasse Collin 563288ea70 xz: Add support for OpenBSD's pledge() sandbox. 2022-10-25 21:30:48 +03:00
Lasse Collin f9913e8ee2 xz: Fix decompressor behavior if input uses an unsupported check type.
Now files with unsupported check will make xz display
a warning, set the exit status to 2 (unless --no-warn is used),
and then decompress the file normally. This is how it was
supposed to work since the beginning but this was broken by
the commit 231c3c7098, that is,
a little before 5.0.0 was released. The buggy behavior displayed
a message, set exit status 1 (error), and xz didn't attempt to
to decompress the file.

This doesn't matter today except for special builds that disable
CRC64 or SHA-256 at build time (but such builds should be used
in special situations only). The bug matters if new check type
is added in the future and an old xz version is used to decompress
such a file; however, it's likely that such files would use a new
filter too and an old xz wouldn't be able to decompress the file
anyway.

The first hunk in the commit is the actual fix. The second hunk
is a cleanup since LZMA_TELL_ANY_CHECK isn't used in xz.

There is a test file for unsupported check type but it wasn't
used by test_files.sh, perhaps due to different behavior between
xz and the simpler xzdec.
2022-10-25 19:07:17 +03:00
Lasse Collin aa4fe145b9 xz: Clarify the man page: input file isn't removed if an error occurs. 2022-10-25 18:36:19 +03:00
Lasse Collin 8b46ae8cde xz: Refactor to remove is_empty_filename().
Long ago it was used in list.c too but nowadays it's needed
only in io_open_src() so it's nicer to avoid a separate function.
2022-10-25 18:30:55 +03:00
Lasse Collin 8562401597 xz: If input file cannot be removed, treat it as a warning, not error.
Treating it as a warning (message + exit status 2) matches gzip
and it seems more logical as at that point the output file has
already been successfully closed. When it's a warning it is
possible to suppress it with --no-warn.
2022-10-25 18:23:54 +03:00
Lasse Collin fda9f85f52 liblzma: Threaded decoder: Stop the worker threads on errors.
It's waste of CPU time and electricity to leave the unfinished
worker threads running when it is known that their output will
get ignored.
2022-10-24 16:25:09 +03:00
Lasse Collin 2611c4d905 tuklib_cpucores: Use HW_NCPUONLINE on OpenBSD.
On OpenBSD the number of cores online is often less
than what HW_NCPU would return because OpenBSD disables
simultaneous multi-threading (SMT) by default.

Thanks to Christian Weisgerber.
2022-10-20 20:22:50 +03:00
Jia Tan 14af758a77 liblzma: Fix a compilation issue when encoders are disabled.
When encoders were disabled and threading enabled, outqueue.c and
outqueue.h were not compiled. The multi threaded decoder required
these files, so compilation failed.
2022-10-05 16:11:33 +03:00
Lasse Collin fae37ad2af tuklib_integer: Add 64-bit endianness-converting reads and writes.
Also update the comment in liblzma's memcmplen.h.

Thanks to Michał Górny for the original patch for the reads.
2022-10-05 14:26:00 +03:00
Lasse Collin 508a44372c liblzma: Add API doc note about the .xz decoder LZMA_MEMLIMIT_ERROR bug.
The bug was fixed in 660739f99a.
2022-09-30 12:06:13 +03:00
Jia Tan 8cc9874a79 liblzma: Add dest and src NULL checks to lzma_index_cat.
The documentation states LZMA_PROG_ERROR can be returned from
lzma_index_cat. Previously, lzma_index_cat could not return
LZMA_PROG_ERROR. Now, the validation is similar to
lzma_index_append, which does a NULL check on the index
parameter.
2022-09-28 15:48:03 +03:00
Jia Tan 3d5a99ca37 liblzma: Fix copying of check type statistics in lzma_index_cat().
The check type of the last Stream in dest was never copied to
dest->checks (the code tried to copy it but it was done too late).
This meant that the value returned by lzma_index_checks() would
only include the check type of the last Stream when multiple
lzma_indexes had been concatenated.

In xz --list this meant that the summary would only list the
check type of the last Stream, so in this sense this was only
a visual bug. However, it's possible that some applications
use this information for purposes other than merely showing
it to the users in an informational message. I'm not aware of
such applications though and it's quite possible that such
applications don't exist.

Regular streamed decompression in xz or any other application
doesn't use lzma_index_cat() and so this bug cannot affect them.
2022-09-28 15:29:49 +03:00
Lasse Collin a61d321727 tuklib_physmem: Fix Unicode builds on Windows.
Thanks to ArSaCiA Game.
2022-09-28 12:20:41 +03:00
Lasse Collin 660739f99a liblzma: Stream decoder: Fix restarting after LZMA_MEMLIMIT_ERROR.
If lzma_code() returns LZMA_MEMLIMIT_ERROR it is now possible
to use lzma_memlimit_set() to increase the limit and continue
decoding. This was supposed to work from the beginning but
there was a bug. With other decoders (.lzma or threaded .xz)
this already worked correctly.
2022-09-28 11:05:15 +03:00
Lasse Collin 7e68fda58c liblzma: Stream decoder: Fix comments. 2022-09-28 11:00:23 +03:00
Lasse Collin f664cb2584 liblzma: ARM64: Add comments. 2022-09-20 16:58:22 +03:00
Lasse Collin b557b4a0ee liblzma: ARM64: Fix wrong comment in API doc.
Thanks to Jia Tan.
2022-09-20 16:27:50 +03:00
Lasse Collin d5b0906fa5 xz: Add --experimental-arm64[=width=WIDTH].
It will be renamed to --arm64 once it is stable.

Man page or --long-help weren't updated yet.
2022-09-19 20:24:26 +03:00
Lasse Collin ecb966de30 liblzma: Add experimental ARM64 BCJ filter with a temporary Filter ID.
That is, the Filter ID will be changed once the design is final.
The current version will be removed. So files created with the
tempoary Filter ID won't be supported in the future.
2022-09-19 20:23:46 +03:00
Lasse Collin 177bdc922c liblzma: Simple/BCJ filters: Allow disabling generic BCJ options.
This will be needed for the ARM64 BCJ filter as it will use
its own options struct.
2022-09-17 22:42:18 +03:00
Lasse Collin 097c7b67ce xzgrep: Fix compatibility with old shells.
Running the current xzgrep on Slackware 10.1 with GNU bash 3.00.15:

    xzgrep: line 231: syntax error near unexpected token `;;'

On SCO OpenServer 5.0.7 with Korn Shell 93r:

    syntax error at line 231 : `;;' unexpected

Turns out that some old shells don't like apostrophes (') inside
command substitutions. For example, the following fails:

    x=$(echo foo
    # asdf'zxcv
    echo bar)
    printf '%s\n' "$x"

The problem was introduced by commits
69d1b3fc29 (2022-03-29),
bd7b290f3f (2022-07-18), and
a648978b20 (2022-07-19).
5.2.6 is the only stable release that included
this problem.

Thanks to Kevin R. Bulgrien for reporting the problem
on SCO OpenServer 5.0.7 and for providing the fix.
2022-09-16 14:07:03 +03:00
Lasse Collin f8ee61e74e liblzma: lzma_filters_copy: Keep dest[] unmodified if an error occurs.
lzma_stream_encoder() and lzma_stream_encoder_mt() always assumed
this. Before this patch, failing lzma_filters_copy() could result
in free(invalid_pointer) or invalid memory reads in stream_encoder.c
or stream_encoder_mt.c.

To trigger this, allocating memory for a filter options structure
has to fail. These are tiny allocations so in practice they very
rarely fail.

Certain badness in the filter chain array could also make
lzma_filters_copy() fail but both stream_encoder.c and
stream_encoder_mt.c validate the filter chain before
trying to copy it, so the crash cannot occur this way.
2022-09-09 13:51:57 +03:00
Jia Tan 18d7facd38 liblzma: lzma_index_append: Add missing integer overflow check.
The documentation in src/liblzma/api/lzma/index.h suggests that
both the unpadded (compressed) size and the uncompressed size
are checked for overflow, but only the unpadded size was checked.
The uncompressed check is done first since that is more likely to
occur than the unpadded or index field size overflows.
2022-09-08 15:19:19 +03:00
Lasse Collin 913ddc5572 liblzma: Vaccinate against an ill patch from RHEL/CentOS 7.
RHEL/CentOS 7 shipped with 5.1.2alpha, including the threaded
encoder that is behind #ifdef LZMA_UNSTABLE in the API headers.
In 5.1.2alpha these symbols are under XZ_5.1.2alpha in liblzma.map.
API/ABI compatibility tracking isn't done between development
releases so newer releases didn't have XZ_5.1.2alpha anymore.

Later RHEL/CentOS 7 updated xz to 5.2.2 but they wanted to keep
the exported symbols compatible with 5.1.2alpha. After checking
the ABI changes it turned out that >= 5.2.0 ABI is backward
compatible with the threaded encoder functions from 5.1.2alpha
(but not vice versa as fixes and extensions to these functions
were made between 5.1.2alpha and 5.2.0).

In RHEL/CentOS 7, XZ Utils 5.2.2 was patched with
xz-5.2.2-compat-libs.patch to modify liblzma.map:

  - XZ_5.1.2alpha was added with lzma_stream_encoder_mt and
    lzma_stream_encoder_mt_memusage. This matched XZ Utils 5.1.2alpha.

  - XZ_5.2 was replaced with XZ_5.2.2. It is clear that this was
    an error; the intention was to keep using XZ_5.2 (XZ_5.2.2
    has never been used in XZ Utils). So XZ_5.2.2 lists all
    symbols that were listed under XZ_5.2 before the patch.
    lzma_stream_encoder_mt and _mt_memusage are included too so
    they are listed both here and under XZ_5.1.2alpha.

The patch didn't add any __asm__(".symver ...") lines to the .c
files. Thus the resulting liblzma.so exports the threaded encoder
functions under XZ_5.1.2alpha only. Listing the two functions
also under XZ_5.2.2 in liblzma.map has no effect without
matching .symver lines.

The lack of XZ_5.2 in RHEL/CentOS 7 means that binaries linked
against unpatched XZ Utils 5.2.x won't run on RHEL/CentOS 7.
This is unfortunate but this alone isn't too bad as the problem
is contained within RHEL/CentOS 7 and doesn't affect users
of other distributions. It could also be fixed internally in
RHEL/CentOS 7.

The second problem is more serious: In XZ Utils 5.2.2 the API
headers don't have #ifdef LZMA_UNSTABLE for obvious reasons.
This is true in RHEL/CentOS 7 version too. Thus now programs
using new APIs can be compiled without an extra #define. However,
the programs end up depending on symbol version XZ_5.1.2alpha
(and possibly also XZ_5.2.2) instead of XZ_5.2 as they would
with an unpatched XZ Utils 5.2.2. This means that such binaries
won't run on other distributions shipping XZ Utils >= 5.2.0 as
they don't provide XZ_5.1.2alpha or XZ_5.2.2; they only provide
XZ_5.2 (and XZ_5.0). (This includes RHEL/CentOS 8 as the patch
luckily isn't included there anymore with XZ Utils 5.2.4.)

Binaries built by RHEL/CentOS 7 users get distributed and then
people wonder why they don't run on some other distribution.
Seems that people have found out about the patch and been copying
it to some build scripts, seemingly curing the symptoms but
actually spreading the illness further and outside RHEL/CentOS 7.

The ill patch seems to be from late 2016 (RHEL 7.3) and in 2017 it
had spread at least to EasyBuild. I heard about the events only
recently. :-(

This commit splits liblzma.map into two versions: one for
GNU/Linux and another for other OSes that can use symbol versioning
(FreeBSD, Solaris, maybe others). The Linux-specific file and the
matching additions to .c files add full compatibility with binaries
that have been built against a RHEL/CentOS-patched liblzma. Builds
for OSes other than GNU/Linux won't get the vaccine as they should
be immune to the problem (I really hope that no build script uses
the RHEL/CentOS 7 patch outside GNU/Linux).

The RHEL/CentOS compatibility symbols XZ_5.1.2alpha and XZ_5.2.2
are intentionally put *after* XZ_5.2 in liblzma_linux.map. This way
if one forgets to #define HAVE_SYMBOL_VERSIONS_LINUX when building,
the resulting liblzma.so.5 will have lzma_stream_encoder_mt@@XZ_5.2
since XZ_5.2 {...} is the first one that lists that function.
Without HAVE_SYMBOL_VERSIONS_LINUX @XZ_5.1.2alpha and @XZ_5.2.2
will be missing but that's still a minor problem compared to
only having lzma_stream_encoder_mt@@XZ_5.1.2alpha!

The "local: *;" line was moved to XZ_5.0 so that it doesn't need
to be moved around. It doesn't matter where it is put.

Having two similar liblzma_*.map files is a bit silly as it is,
at least for now, easily possible to generate the generic one
from the Linux-specific file. But that adds extra steps and
increases the risk of mistakes when supporting more than one
build system. So I rather maintain two files in parallel and let
validate_map.sh check that they are in sync when "make mydist"
is run.

This adds .symver lines for lzma_stream_encoder_mt@XZ_5.2.2 and
lzma_stream_encoder_mt_memusage@XZ_5.2.2 even though these
weren't exported by RHEL/CentOS 7 (only @@XZ_5.1.2alpha was
for these two). I added these anyway because someone might
misunderstand the RHEL/CentOS 7 patch and think that @XZ_5.2.2
(@@XZ_5.2.2) versions were exported too.

At glance one could suggest using __typeof__ to copy the function
prototypes when making aliases. However, this doesn't work trivially
because __typeof__ won't copy attributes (lzma_nothrow, lzma_pure)
and it won't change symbol visibility from hidden to default (done
by LZMA_API()). Attributes could be copied with __copy__ attribute
but that needs GCC 9 and a fallback method would be needed anyway.

This uses __symver__ attribute with GCC >= 10 and
__asm__(".symver ...") with everything else. The attribute method
is required for LTO (-flto) support with GCC. Using -flto with
GCC older than 10 is now broken on GNU/Linux and will not be fixed
(can silently result in a broken liblzma build that has dangerously
incorrect symbol versions). LTO builds with Clang seem to work
with the traditional __asm__(".symver ...") method.

Thanks to Boud Roukema for reporting the problem and discussing
the details and testing the fix.
2022-09-08 15:01:29 +03:00
Lasse Collin c1555b1a22 Bump version number for 5.3.3alpha. 2022-08-22 18:16:40 +03:00
Lasse Collin 311e4f85ed xz: Try to clarify --memlimit-mt-decompress vs. --memlimit-compress. 2022-08-22 18:01:21 +03:00
Lasse Collin 02a777f9c4 xz: Revise --info-memory output.
The strings could be more descriptive but it's good
to have some version of this committed now.

--robot mode wasn't changed yet.
2022-08-19 23:40:00 +03:00
Lasse Collin f864f6d42e xz: Update the man page for threaded decompression and memlimits.
This documents the changes made in commits
6c6da57ae2,
cad299008c, and
898faa9728.

The --info-memory bit hasn't been finished yet
even though it's already mentioned in this commit
under --memlimit-mt-decompress and --threads.
2022-08-19 23:15:56 +03:00
Lasse Collin c4e8e5fb31 liblzma: Threaded decoder: Improve LZMA_FAIL_FAST when LZMA_FINISH is used.
It will now return LZMA_DATA_ERROR (not LZMA_OK or LZMA_BUF_ERROR)
if LZMA_FINISH is used and there isn't enough input to finish
decoding the Block Header or the Block. The use of LZMA_DATA_ERROR
is simpler and the less risky than LZMA_BUF_ERROR but this might
be changed before 5.4.0.
2022-08-18 17:16:49 +03:00
Jia Tan 61f8ec804a liblzma: Refactor lzma_mf_is_supported() to use a switch-statement. 2022-07-25 18:30:10 +03:00
Lasse Collin 9cc721af54 xz: Update the man page that change to --keep will be in 5.2.6. 2022-07-24 13:27:48 +03:00
Lasse Collin d796b6d7fd xzgrep man page: Document exit statuses. 2022-07-19 23:19:49 +03:00
Lasse Collin 923bf96b55 xzgrep: Improve error handling, especially signals.
xzgrep wouldn't exit on SIGPIPE or SIGQUIT when it clearly
should have. It's quite possible that it's not perfect still
but at least it's much better.

If multiple exit statuses compete, now it tries to pick
the largest of value.

Some comments were added.

The exit status handling of signals is still broken if the shell
uses values larger than 255 in $? to indicate that a process
died due to a signal ***and*** their "exit" command doesn't take
this into account. This seems to work well with the ksh and yash
versions I tried. However, there is a report in gzip/zgrep that
OpenSolaris 5.11 (not 5.10) has a problem with "exit" truncating
the argument to 8 bits:

    https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22900#25

Such a bug would break xzgrep but I didn't add a workaround
at least for now. 5.11 is old and I don't know if the problem
exists in modern descendants, or if the problem exists in other
ksh implementations in use.
2022-07-19 23:13:24 +03:00
Lasse Collin a648978b20 xzgrep: Make the fix for ZDI-CAN-16587 more robust.
I don't know if this can make a difference in the real world
but it looked kind of suspicious (what happens with sed
implementations that cannot process very long lines?).
At least this commit shouldn't make it worse.
2022-07-19 00:10:55 +03:00
Lasse Collin bd7b290f3f xzgrep: Use grep -H --label when available (GNU, *BSDs).
It avoids the use of sed for prefixing filenames to output lines.
Using sed for that is slower and prone to security bugs so now
the sed method is only used as a fallback.

This also fixes an actual bug: When grepping a binary file,
GNU grep nowadays prints its diagnostics to stderr instead of
stdout and thus the sed-method for prefixing the filename doesn't
work. So with this commit grepping binary files gives reasonable
output with GNU grep now.

This was inspired by zgrep but the implementation is different.
2022-07-18 22:06:10 +03:00
Lasse Collin b56729af9f xzgrep: Use -e to specify the pattern to grep.
Now we don't need the separate test for adding the -q option
as it can be added directly in the two places where it's needed.
2022-07-18 21:10:25 +03:00
Lasse Collin bad61b5997 Scripts: Use printf instead of echo in a few places.
It's a good habbit as echo has some portability corner cases
when the string contents can be anything.
2022-07-18 19:18:48 +03:00
Lasse Collin 6a4a4a7d26 xzgrep: Add more LC_ALL=C to avoid bugs with multibyte characters.
Also replace one use of expr with printf.

The rationale for LC_ALL=C was already mentioned in
69d1b3fc29 that fixed a security
issue. However, unrelated uses weren't changed in that commit yet.

POSIX says that with sed and such tools one should use LC_ALL=C
to ensure predictable behavior when strings contain byte sequences
that aren't valid multibyte characters in the current locale. See
under "Application usage" in here:

https://pubs.opengroup.org/onlinepubs/9699919799/utilities/sed.html

With GNU sed invalid multibyte strings would work without this;
it's documented in its Texinfo manual. Some other implementations
aren't so forgiving.
2022-07-17 21:36:25 +03:00
Lasse Collin b48f9d615f xzgrep: Fix parsing of certain options.
Fix handling of "xzgrep -25 foo" (in GNU grep "grep -25 foo" is
an alias for "grep -C25 foo"). xzgrep would treat "foo" as filename
instead of as a pattern. This bug was fixed in zgrep in gzip in 2012.

Add -E, -F, -G, and -P to the "no argument required" list.

Add -X to "argument required" list. It is an
intentionally-undocumented GNU grep option so this isn't
an important option for xzgrep but it seems that other grep
implementations (well, those that I checked) don't support -X
so I hope this change is an improvement still.

grep -d (grep --directories=ACTION) requires an argument. In
contrast to zgrep, I kept -d in the "no argument required" list
because it's not supported in xzgrep (or zgrep). This way
"xzgrep -d" gives an error about option being unsupported instead
of telling that it requires an argument. Both zgrep and xzgrep
tell that it's unsupported if an argument is specified.

Add comments.
2022-07-17 20:57:06 +03:00
Lasse Collin 107c93ee5c liblzma: Rename a variable and improve a comment. 2022-07-14 18:12:38 +03:00
Lasse Collin 9595a3119b liblzma: Add optional autodetection of LZMA end marker.
Turns out that this is needed for .lzma files as the spec in
LZMA SDK says that end marker may be present even if the size
is stored in the header. Such files are rare but exist in the
real world. The code in liblzma is so old that the spec didn't
exist in LZMA SDK back then and I had understood that such
files weren't possible (the lzma tool in LZMA SDK didn't
create such files).

This modifies the internal API so that LZMA decoder can be told
if EOPM is allowed even when the uncompressed size is known.
It's allowed with .lzma and not with other uses.

Thanks to Karl Beldan for reporting the problem.
2022-07-13 22:24:07 +03:00
Lasse Collin 0c0f8e9761 xz: Document the special memlimit case of 2000 MiB on MIPS32.
See commit fc3d3a7296.
2022-07-12 18:53:04 +03:00
Lasse Collin 2ce4f36f17 liblzma: Silence a warning.
The actual initialization is done via mythread_sync and seems
that GCC doesn't necessarily see that it gets initialized there.
2022-05-23 19:37:18 +03:00
Lasse Collin 5d8f3764ef xz: Fix build with --disable-threads. 2022-04-14 20:53:16 +03:00
Lasse Collin 1d59289727 xz: Change the cap of the default -T0 memlimit for 32-bit xz.
The SIZE_MAX / 3 was 1365 MiB. 1400 MiB gives little more room
and it looks like a round (artificial) number in --info-memory
once --info-memory is made to display it.

Also, using #if avoids useless code on 64-bit builds.
2022-04-14 14:50:17 +03:00
Lasse Collin c77fe55ddb xz: Add a default soft memory usage limit for --threads=0.
This is a soft limit in sense that it only affects the number of
threads. It never makes xz fail and it never makes xz change
settings that would affect the compressed output.

The idea is to make -T0 have more reasonable behavior when
the system has very many cores or when a memory-hungry
compression options are used. This also helps with 32-bit xz,
preventing it from running out of address space.

The downside of this commit is that now the number of threads
might become too low compared to what the user expected. I
hope this to be an acceptable compromise as the old behavior
has been a source of well-argued complaints for a long time.
2022-04-14 14:20:46 +03:00
Lasse Collin 0adc13bfe3 xz: Make -T0 use multithreaded mode on single-core systems.
The main problem withi the old behavior is that the compressed
output is different on single-core systems vs. multicore systems.
This commit fixes it by making -T0 one thread in multithreaded mode
on single-core systems.

The downside of this is that it uses more memory. However, if
--memlimit-compress is used, xz can (thanks to the previous commit)
drop to the single-threaded mode still.
2022-04-14 13:00:40 +03:00
Lasse Collin 898faa9728 xz: Changes to --memlimit-compress and --no-adjust.
In single-threaded mode, --memlimit-compress can make xz scale down
the LZMA2 dictionary size to meet the memory usage limit. This
obviously affects the compressed output. However, if xz was in
threaded mode, --memlimit-compress could make xz reduce the number
of threads but it wouldn't make xz switch from multithreaded mode
to single-threaded mode or scale down the LZMA2 dictionary size.
This seemed illogical and there was even a "FIXME?" about it.

Now --memlimit-compress can make xz switch to single-threaded
mode if one thread in multithreaded mode uses too much memory.
If memory usage is still too high, then the LZMA2 dictionary
size can be scaled down too.

The option --no-adjust was also changed so that it no longer
prevents xz from scaling down the number of threads as that
doesn't affect compressed output (only performance). After
this commit --no-adjust only prevents adjustments that affect
compressed output, that is, with --no-adjust xz won't switch
from multithreaded mode to single-threaded mode and won't
scale down the LZMA2 dictionary size.

The man page wasn't updated yet.
2022-04-14 12:38:00 +03:00
Lasse Collin cad299008c xz: Add --memlimit-mt-decompress along with a default limit value.
--memlimit-mt-decompress allows specifying the limit for
multithreaded decompression. This matches memlimit_threading in
liblzma. This limit can only affect the number of threads being
used; it will never prevent xz from decompressing a file. The
old --memlimit-decompress option is still used at the same time.

If the value of --memlimit-decompress (the default value or
one specified by the user) is less than the value of
--memlimit-mt-decompress , then --memlimit-mt-decompress is
reduced to match --memlimit-decompress.

Man page wasn't updated yet.
2022-04-12 00:04:30 +03:00
Lasse Collin fe87b4cd53 liblzma: Threaded decoder: Improve setting of pending_error.
It doesn't need to be done conditionally. The comments try
to explain it.
2022-04-06 23:11:59 +03:00
Lasse Collin 90621da7f6 liblzma: Add a new flag LZMA_FAIL_FAST for threaded decoder.
In most cases if the input file is corrupt the application won't
care about the uncompressed content at all. With this new flag
the threaded decoder will return an error as soon as any thread
has detected an error; it won't wait to copy out the data before
the location of the error.

I don't plan to use this in xz to keep the behavior consistent
between single-threaded and multi-threaded modes.
2022-04-06 13:16:00 +03:00
Lasse Collin 64b6d496dc liblzma: Threaded decoder: Always wait for output if LZMA_FINISH is used.
This makes the behavior consistent with the single-threaded
decoder when handling truncated .xz files.

Thanks to Jia Tan for finding this issue.
2022-04-05 12:24:57 +03:00
Lasse Collin e671bc8828 liblzma: Threaded decoder: Support zpipe.c-style decoding loop.
This makes it possible to call lzma_code() in a loop that only
reads new input when lzma_code() didn't fill the output buffer
completely. That isn't the calling style suggested by the
liblzma example program 02_decompress.c so perhaps the usefulness
of this feature is limited.

Also, it is possible to write such a loop so that it works
with the single-threaded decoder but not with the threaded
decoder even after this commit, or so that it works only if
lzma_mt.timeout = 0.

The zlib tutorial <https://zlib.net/zlib_how.html> is a well-known
example of a loop where more input is read only when output isn't
full. Porting this as is to liblzma would work with the
single-threaded decoder (if LZMA_CONCATENATED isn't used) but it
wouldn't work with threaded decoder even after this commit because
the loop assumes that no more output is possible when it cannot
read more input ("if (strm.avail_in == 0) break;"). This cannot
be fixed at liblzma side; the loop has to be modified at least
a little.

I'm adding this in any case because the actual code is simple
and short and should have no harmful side-effects in other
situations.
2022-04-02 21:49:59 +03:00
Lasse Collin 69d1b3fc29 xzgrep: Fix escaping of malicious filenames (ZDI-CAN-16587).
Malicious filenames can make xzgrep to write to arbitrary files
or (with a GNU sed extension) lead to arbitrary code execution.

xzgrep from XZ Utils versions up to and including 5.2.5 are
affected. 5.3.1alpha and 5.3.2alpha are affected as well.
This patch works for all of them.

This bug was inherited from gzip's zgrep. gzip 1.12 includes
a fix for zgrep.

The issue with the old sed script is that with multiple newlines,
the N-command will read the second line of input, then the
s-commands will be skipped because it's not the end of the
file yet, then a new sed cycle starts and the pattern space
is printed and emptied. So only the last line or two get escaped.

One way to fix this would be to read all lines into the pattern
space first. However, the included fix is even simpler: All lines
except the last line get a backslash appended at the end. To ensure
that shell command substitution doesn't eat a possible trailing
newline, a colon is appended to the filename before escaping.
The colon is later used to separate the filename from the grep
output so it is fine to add it here instead of a few lines later.

The old code also wasn't POSIX compliant as it used \n in the
replacement section of the s-command. Using \<newline> is the
POSIX compatible method.

LC_ALL=C was added to the two critical sed commands. POSIX sed
manual recommends it when using sed to manipulate pathnames
because in other locales invalid multibyte sequences might
cause issues with some sed implementations. In case of GNU sed,
these particular sed scripts wouldn't have such problems but some
other scripts could have, see:

    info '(sed)Locale Considerations'

This vulnerability was discovered by:
cleemy desu wayo working with Trend Micro Zero Day Initiative

Thanks to Jim Meyering and Paul Eggert discussing the different
ways to fix this and for coordinating the patch release schedule
with gzip.
2022-03-29 20:10:50 +03:00
Lasse Collin bd93b776c1 liblzma: Fix a deadlock in threaded decoder.
If a worker thread has consumed all input so far and it's
waiting on thr->cond and then the main thread enables
partial update for that thread, the code used to deadlock.
This commit allows one dummy decoding pass to occur in this
situation which then also does the partial update.

As part of the fix, this moves thr->progress_* updates to
avoid the second thr->mutex locking.

Thanks to Jia Tan for finding, debugging, and reporting the bug.
2022-03-26 01:15:32 +02:00
Lasse Collin 487c77d487 liblzma: Threaded decoder: Don't stop threads on LZMA_TIMED_OUT.
LZMA_TIMED_OUT is not an error and thus stopping threads on
LZMA_TIMED_OUT breaks the decoder badly.

Thanks to Jia Tan for finding the bug and for the patch.
2022-03-23 16:28:55 +02:00
Lasse Collin 6c6da57ae2 xz: Add initial support for threaded decompression.
If threading support is enabled at build time, this will
use lzma_stream_decoder_mt() even for single-threaded mode.
With memlimit_threading=0 the behavior should be identical.

This needs some work like adding --memlimit-threading=LIMIT.

The original patch from Sebastian Andrzej Siewior included
a method to get currently available RAM on Linux. It might
be one way to go but as it is Linux-only, the available-RAM
approach needs work for portability or using a fallback method
on other OSes.

The man page wasn't updated yet.
2022-03-07 00:36:16 +02:00
Lasse Collin 4cce3e27f5 liblzma: Add threaded .xz decompressor.
I realize that this is about a decade late.

Big thanks to Sebastian Andrzej Siewior for the original patch.
I made a bunch of smaller changes but after a while quite a few
things got rewritten. So any bugs in the commit were created by me.
2022-03-07 00:35:53 +02:00
Lasse Collin 717631b978 liblzma: Fix docs: lzma_block_decoder() cannot return LZMA_UNSUPPORTED_CHECK.
If Check is unsupported, it will be silently ignored.
It's the caller's job to handle it.
2022-03-06 16:54:23 +02:00
Lasse Collin 1a4bb97a00 liblzma: Add new output queue (lzma_outq) features.
Add lzma_outq_clear_cache2() which may leave one buffer allocated
in the cache.

Add lzma_outq_outbuf_memusage() to get the memory needed for
a single lzma_outbuf. This is now used internally in outqueue.c too.

Track both the total amount of memory allocated and the amount of
memory that is in active use (not in cache).

In lzma_outbuf, allow storing the current input position that
matches the current output position. This way the main thread
can notice when no more output is possible without first providing
more input.

Allow specifying return code for lzma_outq_read() in a finished
lzma_outbuf.
2022-03-06 16:41:19 +02:00
Lasse Collin ddbc6f58c2 liblzma: Index hash: Change return value type of hash_append() to void. 2022-03-06 15:18:58 +02:00
Lasse Collin 20e7a33e2d liblzma: Minor addition to lzma_vli_size() API doc.
Thanks to Jia Tan.
2022-02-22 03:42:57 +02:00
Lasse Collin 4f78f5fcf6 liblzma: Check the return value of lzma_index_append() in threaded encoder.
If lzma_index_append() failed (most likely memory allocation failure)
it could have gone unnoticed and the resulting .xz file would have
an incorrect Index. Decompressing such a file would produce the
correct uncompressed data but then an error would occur when
verifying the Index field.
2022-02-22 02:04:18 +02:00
Ed Maste 865e0a3689 liblzma: Use non-executable stack on FreeBSD as on Linux 2022-02-22 01:23:34 +02:00
Lasse Collin 1c9a5786d2 liblzma: Make Block decoder catch certain types of errors better.
Now it limits the input and output buffer sizes that are
passed to a raw decoder. This way there's no need to check
if the sizes can grow too big or overflow when updating
Compressed Size and Uncompressed Size counts. This also means
that a corrupt file cannot cause the raw decoder to process
useless extra input or output that would exceed the size info
in Block Header (and thus cause LZMA_DATA_ERROR anyway).

More importantly, now the size information is verified more
carefully in case raw decoder returns LZMA_OK. This doesn't
really matter with the current single-threaded .xz decoder
as the errors would be detected slightly later anyway. But
this helps avoiding corner cases in the upcoming threaded
decompressor, and it might help other Block decoder uses
outside liblzma too.

The test files bad-1-lzma2-{9,10,11}.xz test these conditions.
With the single-threaded .xz decoder the only difference is
that LZMA_DATA_ERROR is detected in a difference place now.
2022-02-20 20:36:27 +02:00
jiat75 6468f7e41a liblzma: Add NULL checks to LZMA and LZMA2 properties encoders.
Previously lzma_lzma_props_encode() and lzma_lzma2_props_encode()
assumed that the options pointers must be non-NULL because the
with these filters the API says it must never be NULL. It is
good to do these checks anyway.
2022-02-07 00:20:01 +02:00
Lasse Collin 2523c30705 liblzma: Fix uint64_t vs. size_t confusion.
This broke 32-bit builds due to a pointer type mismatch.

This bug was introduced with the output-size-limited encoding
in 625f4c7c99.

Thanks to huangqinjin for the bug report.
2022-02-06 23:19:32 +02:00
Lasse Collin 2024fbf279 xzgrep: Update man page timestamp. 2021-11-13 21:04:05 +02:00
Ville Skyttä 3a512c7787 xzgrep: use `grep -E/-F` instead of `egrep` and `fgrep`
`egrep` and `fgrep` have been deprecated in GNU grep since 2007, and in
current post 3.7 Git they have been made to emit obsolescence warnings:
https://git.savannah.gnu.org/cgit/grep.git/commit/?id=a9515624709865d480e3142fd959bccd1c9372d1
2021-11-13 18:17:33 +02:00
Lasse Collin edf525e2b1 Bump the version number for 5.3.2alpha. 2021-10-28 23:02:11 +03:00
Lasse Collin f2aea1d5a5 xz: Change the coding style of the previous commit.
It isn't any better now but it's consistent with
the rest of the code base.
2021-10-27 23:23:11 +03:00
Alexander Bluhm 892b16cc28 xz: Avoid fchown(2) failure.
OpenBSD does not allow to change the group of a file if the user
does not belong to this group.  In contrast to Linux, OpenBSD also
fails if the new group is the same as the old one.  Do not call
fchown(2) in this case, it would change nothing anyway.

This fixes an issue with Perl Alien::Build module.
https://github.com/PerlAlien/Alien-Build/issues/62
2021-10-27 20:49:41 +03:00
Lasse Collin 2b509c868c liblzma: Fix liblzma.map for the lzma_microlzma_* symbols.
This should have been part of d267d109c3.

Thanks to Gao Xiang.
2021-09-17 17:31:11 +03:00
Lasse Collin 6928aac9da liblzma: Use _MSVC_LANG to detect when "noexcept" can be used with MSVC.
By default, MSVC always sets __cplusplus to 199711L. The real
C++ standard version is available in _MSVC_LANG (or one could
use /Zc:__cplusplus to set __cplusplus correctly).

Fixes <https://sourceforge.net/p/lzmautils/discussion/708858/thread/f6bc3b108a/>.

Thanks to Dan Weiss.
2021-09-09 21:41:51 +03:00
Lasse Collin d267d109c3 liblzma: Rename EROFS LZMA to MicroLZMA.
It still exists primarily for EROFS but MicroLZMA is
a more generic name (that hopefully doesn't clash with
something that already exists).
2021-09-05 20:38:12 +03:00
Lasse Collin 3247e95115 xzdiff: Update the man page about the exit status.
This was forgotten from 194029ffaf.
2021-06-04 19:02:38 +03:00
Lasse Collin 96f5a28a46 xzless: Fix less(1) version detection when it contains a dot.
Sometimes the version number from "less -V" contains a dot,
sometimes not. xzless failed detect the version number when
it does contain a dot. This fixes it.

Thanks to nick87720z for reporting this. Apparently it had been
reported here <https://bugs.gentoo.org/489362> in 2013.
2021-06-04 18:52:48 +03:00
Ivan A. Melnikov fc3d3a7296 Reduce maximum possible memory limit on MIPS32
Due to architectural limitations, address space available to a single
userspace process on MIPS32 is limited to 2 GiB, not 4, even on systems
that have more physical RAM -- e.g. 64-bit systems with 32-bit
userspace, or systems that use XPA (an extension similar to x86's PAE).

So, for MIPS32, we have to impose stronger memory limits. I've chosen
2000MiB to give the process some headroom.
2021-04-11 19:50:41 +03:00
Lasse Collin 6c6f0db340 liblzma: Fix unitialized variable.
This was introduced two weeks ago in the commit
625f4c7c99.

Thanks to Nathan Moinvaziri.
2021-01-29 21:19:08 +02:00
Lasse Collin 6b8abc84a5 liblzma: Fix a wrong comment in stream_encoder_mt.c. 2021-01-24 19:22:35 +02:00
Lasse Collin db465419ae liblzma: In EROFS LZMA decoder, verify that comp_size matches at the end.
When the uncompressed size is known to be exact, after decompressing
the stream exactly comp_size bytes of input must have been consumed.
This is a minor improvement to error detection.
2021-01-17 19:20:50 +02:00
Lasse Collin 774cc0118b liblzma: Make EROFS LZMA decoder work when exact uncomp_size isn't known.
The caller must still not specify an uncompressed size bigger
than the actual uncompressed size.

As a downside, this now needs the exact compressed size.
2021-01-17 18:53:34 +02:00
Lasse Collin 421b0aa352 liblzma: Fix missing normalization in rc_encode_dummy().
Without this fix it could attempt to create too much output.
2021-01-14 20:57:11 +02:00
Lasse Collin 601ec0311e liblzma: Add EROFS LZMA encoder and decoder.
Right now this is just a planned extra-compact format for use
in the EROFS file system in Linux. At this point it's possible
that the format will either change or be abandoned and removed
completely.

The special thing about the encoder is that it uses the
output-size-limited encoding added in the previous commit.
EROFS uses fixed-sized blocks (e.g. 4 KiB) to hold compressed
data so the compressors must be able to create valid streams
that fill the given block size.
2021-01-14 20:10:59 +02:00
Lasse Collin 625f4c7c99 liblzma: Add rough support for output-size-limited encoding in LZMA1.
With this it is possible to encode LZMA1 data without EOPM so that
the encoder will encode as much input as it can without exceeding
the specified output size limit. The resulting LZMA1 stream will
be a normal LZMA1 stream without EOPM. The actual uncompressed size
will be available to the caller via the uncomp_size pointer.

One missing thing is that the LZMA layer doesn't inform the LZ layer
when the encoding is finished and thus the LZ may read more input
when it won't be used. However, this doesn't matter if encoding is
done with a single call (which is the planned use case for now).
For proper multi-call encoding this should be improved.

This commit only adds the functionality for internal use.
Nothing uses it yet.
2021-01-14 18:58:13 +02:00
Lasse Collin 9cdabbeea8 Scripts: Add zstd support to xzdiff. 2021-01-11 23:57:11 +02:00
Lasse Collin 074259f4f3 xz: Make --keep accept symlinks, hardlinks, and setuid/setgid/sticky.
Previously this required using --force but that has other
effects too which might be undesirable. Changing the behavior
of --keep has a small risk of breaking existing scripts but
since this is a fairly special corner case I expect the
likehood of breakage to be low enough.

I think the new behavior is more logical. The only reason for
the old behavior was to be consistent with gzip and bzip2.

Thanks to Vincent Lefevre and Sebastian Andrzej Siewior.
2021-01-11 23:41:16 +02:00
Lasse Collin 73c555b307 Scripts: Fix exit status of xzgrep.
Omit the -q option from xz, gzip, and bzip2. With xz this shouldn't
matter. With gzip it's important because -q makes gzip replace SIGPIPE
with exit status 2. With bzip2 it's important because with -q bzip2
is completely silent if input is corrupt while other decompressors
still give an error message.

Avoiding exit status 2 from gzip is important because bzip2 uses
exit status 2 to indicate corrupt input. Before this commit xzgrep
didn't recognize corrupt .bz2 files because xzgrep was treating
exit status 2 as SIGPIPE for gzip compatibility.

zstd still needs -q because otherwise it is noisy in normal
operation.

The code to detect real SIGPIPE didn't check if the exit status
was due to a signal (>= 128) and so could ignore some other exit
status too.
2021-01-11 23:28:52 +02:00
Lasse Collin 194029ffaf Scripts: Fix exit status of xzdiff/xzcmp.
This is a minor fix since this affects only the situation when
the files differ and the exit status is something else than 0.
In such case there could be SIGPIPE from a decompression tool
and that would result in exit status of 2 from xzdiff/xzcmp
while the correct behavior would be to return 1 or whatever
else diff or cmp may have returned.

This commit omits the -q option from xz/gzip/bzip2/lzop arguments.
I'm not sure why the -q was used in the first place, perhaps it
hides warnings in some situation that I cannot see at the moment.
Hopefully the removal won't introduce a new bug.

With gzip the -q option was harmful because it made gzip return 2
instead of >= 128 with SIGPIPE. Ignoring exit status 2 (warning
from gzip) isn't practical because bzip2 uses exit status 2 to
indicate corrupt input file. It's better if SIGPIPE results in
exit status >= 128.

With bzip2 the removal of -q seems to be good because with -q
it prints nothing if input is corrupt. The other tools aren't
silent in this situation even with -q. On the other hand, if
zstd support is added, it will need -q since otherwise it's
noisy in normal situations.

Thanks to Étienne Mollier and Sebastian Andrzej Siewior.
2021-01-11 22:58:58 +02:00
Lasse Collin f7fa309e1f liblzma: Make lzma_outq usable for threaded decompression too.
Before this commit all output queue buffers were allocated as
a single big allocation. Now each buffer is allocated separately
when needed. Used buffers are cached to avoid reallocation
overhead but the cache will keep only one buffer size at a time.
This should make things work OK in the decompression where most
of the time the buffer sizes will be the same but with some less
common files the buffer sizes may vary.

While this should work fine, it's still a bit preliminary
and may even get reverted if it turns out to be useless for
decompression.
2021-01-09 22:18:23 +02:00
H.J. Lu 4fd79b90c5 liblzma: Enable Intel CET in x86 CRC assembly codes
When Intel CET is enabled, we need to include <cet.h> in assembly codes
to mark Intel CET support and add _CET_ENDBR to indirect jump targets.

Tested on Intel Tiger Lake under CET enabled Linux.
2020-12-23 17:13:33 +02:00
Adam Borowski 1890351f34 Scripts: Add zstd support to xzgrep.
Thanks to Adam Borowski.
2020-12-05 22:39:03 +02:00
Lasse Collin 4575d9d365 xz: Avoid unneeded \f escapes on the man page.
I don't want to use \c in macro arguments but groff_man(7)
suggests that \f has better portability. \f would be needed
for the .TP strings for portability reasons anyway.

Thanks to Bjarni Ingi Gislason.
2020-11-01 22:34:25 +02:00
Lasse Collin 620b32f533 xz: Use non-breaking spaces when intentionally using more than one space.
This silences some style checker warnings. Seems that spaces
in the beginning of a line don't need this treatment.

Thanks to Bjarni Ingi Gislason.
2020-11-01 19:09:53 +02:00
Lasse Collin cb1f34988c xz: Protect the ellipsis (...) on the man page with \&.
This does it only when ... appears outside macro calls.

Thanks to Bjarni Ingi Gislason.
2020-11-01 18:53:25 +02:00
Lasse Collin 5d224da3da xz: Avoid the abbreviation "e.g." on the man page.
A few are simply omitted, most are converted to "for example"
and surrounded with commas. Sounds like that this is better
style, for example, man-pages(7) recommends avoiding such
abbreviations except in parenthesis.

Thanks to Bjarni Ingi Gislason.
2020-11-01 18:44:51 +02:00
Lasse Collin 90457dbe3e xz man page: Change \- (minus) to \(en (en-dash) for a numeric range.
Docs of ancient troff/nroff mention \(em (em-dash) but not \(en
and \- was used for both minus and en-dash. I don't know how
portable \(en is nowadays but it can be changed back if someone
complains. At least GNU groff and OpenBSD's mandoc support it.

Thanks to Bjarni Ingi Gislason for the patch.
2020-07-12 23:10:03 +03:00
Lasse Collin 352ba2d69a Windows: Fix building of resource files when config.h isn't used.
Now CMake + Visual Studio works for building liblzma.dll.

Thanks to Markus Rickert.
2020-07-12 20:46:24 +03:00
Lasse Collin a9e2a87f1d src/scripts/xzgrep.1: Filenames to xzgrep are optional.
xzgrep --help was correct already.
2020-04-06 19:34:48 +03:00
Bjarni Ingi Gislason a7ba275d9b src/script/xzgrep.1: Remove superfluous '.RB'
Output is from: test-groff -b -e -mandoc -T utf8 -rF0 -t -w w -z

  [ "test-groff" is a developmental version of "groff" ]

Input file is ./src/scripts/xzgrep.1

<src/scripts/xzgrep.1>:20 (macro RB): only 1 argument, but more are expected
<src/scripts/xzgrep.1>:23 (macro RB): only 1 argument, but more are expected
<src/scripts/xzgrep.1>:26 (macro RB): only 1 argument, but more are expected
<src/scripts/xzgrep.1>:29 (macro RB): only 1 argument, but more are expected
<src/scripts/xzgrep.1>:32 (macro RB): only 1 argument, but more are expected

 "abc..." does not mean the same as "abc ...".

  The output from nroff and troff is unchanged except for the space
between "file" and "...".

Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
2020-04-06 19:29:15 +03:00
Bjarni Ingi Gislason 133d498db0 xzgrep.1: Delete superfluous '.PP'
Summary:

mandoc -T lint xzgrep.1 :
mandoc: xzgrep.1:79:2: WARNING: skipping paragraph macro: PP empty

  There is no change in the output of "nroff" and "troff".

Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
2020-04-06 19:08:14 +03:00
Bjarni Ingi Gislason 057839ca98 src/xz/xz.1: Correct misused two-fonts macros
Output is from: test-groff -b -e -mandoc -T utf8 -rF0 -t -w w -z

  [ "test-groff" is a developmental version of "groff" ]

Input file is ./src/xz/xz.1

<src/xz/xz.1>:408 (macro BR): only 1 argument, but more are expected
<src/xz/xz.1>:1009 (macro BR): only 1 argument, but more are expected
<src/xz/xz.1>:1743 (macro BR): only 1 argument, but more are expected
<src/xz/xz.1>:1920 (macro BR): only 1 argument, but more are expected
<src/xz/xz.1>:2213 (macro BR): only 1 argument, but more are expected

  Output from nroff and troff is unchanged, except for a font change of a
full stop (.).

Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
2020-04-06 19:08:04 +03:00
Lasse Collin b8e12f5ab4 Typo fixes from fossies.org.
https://fossies.org/linux/misc/xz-5.2.5.tar.xz/codespell.html
2020-03-23 18:07:50 +02:00
Lasse Collin 7812002dd3 xz: Never use thousand separators in DJGPP builds.
DJGPP 2.05 added support for thousands separators but it's
broken at least under WinXP with Finnish locale that uses
a non-breaking space as the thousands separator. Workaround
by disabling thousands separators for DJGPP builds.
2020-03-11 21:15:35 +02:00
Lasse Collin 4572d53e16 liblzma: Fix a comment and RC_SYMBOLS_MAX.
The comment didn't match the value of RC_SYMBOLS_MAX and the value
itself was slightly larger than actually needed. The only harm
about this was that memory usage was a few bytes larger.
2020-03-02 13:54:33 +02:00
Lasse Collin b3ed19a55f liblzma: Remove unneeded <sys/types.h> from fastpos_tablegen.c.
This file only generates fastpos_table.c.
It isn't built as a part of liblzma.
2020-02-24 23:23:18 +02:00
Lasse Collin 7b8982b291 Use defined(__GNUC__) before __GNUC__ in preprocessor lines.
This should silence the equivalent of -Wundef in compilers that
don't define __GNUC__.
2020-02-22 14:15:07 +02:00
Lasse Collin 43dfe04e62 liblzma: Add more uses of lzma_memcmplen() to the normal mode of LZMA.
This gives a tiny encoder speed improvement. This could have been done
in 2014 after the commit 544aaa3d13 but
it was forgotten.
2020-02-21 17:40:02 +02:00
Lasse Collin 7fe3ef2eaa xz: Silence a warning when sig_atomic_t is long int.
It can be true at least on z/OS.
2020-02-21 16:10:44 +02:00
Lasse Collin b0a2a77d10 xz: Avoid unneeded access of a volatile variable. 2020-02-21 15:59:26 +02:00
Lasse Collin 57360bb4fd tuklib_exit: Add missing header.
strerror() needs <string.h> which happened to be included via
tuklib_common.h -> tuklib_config.h -> sysdefs.h if HAVE_CONFIG_H
was defined. This wasn't tested without config.h before so it
had worked fine.
2020-02-20 18:54:04 +02:00
Lasse Collin fddd31175e Revert the previous commit and add a comment.
The previous commit broke crc32_tablegen.c.

If the whole package is built without config.h (with defines
set on the compiler command line) this should still work fine
as long as these headers conform to C99 well enough.
2020-02-18 19:12:35 +02:00
Lasse Collin 4e4e9fbb7e Do not check for HAVE_CONFIG_H in tuklib_config.h.
In XZ Utils sysdefs.h takes care of it and the required headers.
2020-02-17 23:37:20 +02:00
Lasse Collin 2d4cef954f sysdefs.h: Omit the conditionals around string.h and limits.h.
string.h is used unconditionally elsewhere in the project and
configure has always stopped if limits.h is missing, so these
headers must have been always available even on the weirdest
systems.
2020-02-16 12:24:13 +02:00
Lasse Collin 6f7211b6bb Build: Add support for translated man pages using po4a.
The dependency on po4a is optional. It's never required to install
the translated man pages when xz is built from a release tarball.
If po4a is missing when building from xz.git, the translated man
pages won't be generated but otherwise the build will work normally.

The translations are only updated automatically by autogen.sh and
by "make mydist". This makes it easy to keep po4a as an optional
dependency and ensures that I won't forget to put updated
translations to a release tarball.

The translated man pages aren't installed if --disable-nls is used.

The installation of translated man pages abuses Automake internals
by calling "install-man" with redefined dist_man_MANS and man_MANS.
This makes the hairy script code slightly less hairy. If it breaks
some day, this code needs to be fixed; don't blame Automake developers.

Also, this adds more quotes to the existing shell script code in
the Makefile.am "-hook"s.
2020-02-07 15:32:21 +02:00
Lasse Collin 15a133b6d1 xz: Make it a fatal error if enabling the sandbox fails.
Perhaps it's too drastic but on the other hand it will let me
learn about possible problems if people report the errors.
This won't be backported to the v5.2 branch.
2020-02-05 20:40:14 +02:00
Lasse Collin af0fb386ef xz: Comment out annoying sandboxing messages. 2020-02-05 20:33:50 +02:00
Lasse Collin 3539705108 xz: Limit --memlimit-compress to at most 4020 MiB for 32-bit xz.
See the code comment for reasoning. It's far from perfect but
hopefully good enough for certain cases while hopefully doing
nothing bad in other situations.

At presets -5 ... -9, 4020 MiB vs. 4096 MiB makes no difference
on how xz scales down the number of threads.

The limit has to be a few MiB below 4096 MiB because otherwise
things like "xz --lzma2=dict=500MiB" won't scale down the dict
size enough and xz cannot allocate enough memory. With
"ulimit -v $((4096 * 1024))" on x86-64, the limit in xz had
to be no more than 4085 MiB. Some safety margin is good though.

This is hack but it should be useful when running 32-bit xz on
a 64-bit kernel that gives full 4 GiB address space to xz.
Hopefully this is enough to solve this:

https://bugzilla.redhat.com/show_bug.cgi?id=1196786

FreeBSD has a patch that limits the result in tuklib_physmem()
to SIZE_MAX on 32-bit systems. While I think it's not the way
to do it, the results on --memlimit-compress have been good. This
commit should achieve practically identical results for compression
while leaving decompression and tuklib_physmem() and thus
lzma_physmem() unaffected.
2020-02-01 19:56:18 +02:00
Lasse Collin ba76d67585 xz: Set the --flush-timeout deadline when the first input byte arrives.
xz --flush-timeout=2000, old version:

  1. xz is started. The next flush will happen after two seconds.
  2. No input for one second.
  3. A burst of a few kilobytes of input.
  4. No input for one second.
  5. Two seconds have passed and flushing starts.

The first second counted towards the flush-timeout even though
there was no pending data. This can cause flushing to occur more
often than needed.

xz --flush-timeout=2000, after this commit:

  1. xz is started.
  2. No input for one second.
  3. A burst of a few kilobytes of input. The next flush will
     happen after two seconds counted from the time when the
     first bytes of the burst were read.
  4. No input for one second.
  5. No input for another second.
  6. Two seconds have passed and flushing starts.
2020-01-26 20:53:25 +02:00
Lasse Collin fd47fd62bb xz: Move flush_needed from mytime.h to file_pair struct in file_io.h. 2020-01-26 20:25:52 +02:00
Lasse Collin 8150356810 xz: coder.c: Make writing output a separate function.
The same code sequence repeats so it's nicer as a separate function.
Note that in one case there was no test for opt_mode != MODE_TEST,
but that was only because that condition would always be true, so
this commit doesn't change the behavior there.
2020-01-26 14:49:22 +02:00
Lasse Collin 5a49e081a0 xz: Fix semi-busy-waiting in xz --flush-timeout.
When input blocked, xz --flush-timeout=1 would wake up every
millisecond and initiate flushing which would have nothing to
flush and thus would just waste CPU time. The fix disables the
timeout when no input has been seen since the previous flush.
2020-01-26 14:13:42 +02:00
Lasse Collin dcca70fe9f xz: Refactor io_read() a bit. 2020-01-26 13:47:31 +02:00
Lasse Collin 4ae9ab70cd xz: Update a comment in file_io.h. 2020-01-26 13:37:08 +02:00
Lasse Collin 3333ba4a67 xz: Move the setting of flush_needed in file_io.c to a nicer location. 2020-01-26 13:27:51 +02:00
Lasse Collin 7136f1735c Rename unaligned_read32ne to read32ne, and similarly for the others. 2019-12-31 00:47:49 +02:00
Lasse Collin 5e78fcbf2e Rename read32ne to aligned_read32ne, and similarly for the others.
Using the aligned methods requires more care to ensure that
the address really is aligned, so it's nicer if the aligned
methods are prefixed. The next commit will remove the unaligned_
prefix from the unaligned methods which in liblzma are used in
more places than the aligned ones.
2019-12-31 00:29:48 +02:00
Lasse Collin 77bc5bc6dd Revise tuklib_integer.h and .m4.
Add a configure option --enable-unsafe-type-punning to get the
old non-conforming memory access methods. It can be useful with
old compilers or in some other less typical situations but
shouldn't normally be used.

Omit the packed struct trick for unaligned access. While it's
best in some cases, this is simpler. If the memcpy trick doesn't
work, one can request unsafe type punning from configure.

Because CRC32/CRC64 code needs fast aligned reads, if no very
safe way to do it is found, type punning is used as a fallback.
This sucks but since it currently works in practice, it seems to
be the least bad option. It's never needed with GCC >= 4.7 or
Clang >= 3.6 since these support __builtin_assume_aligned and
thus fast aligned access can be done with the memcpy trick.

Other things:
  - Support GCC/Clang __builtin_bswapXX
  - Cleaner bswap fallback macros
  - Minor cleanups
2019-12-31 00:18:24 +02:00
Lasse Collin 43ce4ea7c7 Scripts: Put /usr/xpg4/bin to the beginning of PATH on Solaris.
This adds a configure option --enable-path-for-scripts=PREFIX
which defaults to empty except on Solaris it is /usr/xpg4/bin
to make POSIX grep and others available. The Solaris case had
been documented in INSTALL with a manual fix but it's better
to do this automatically since it is needed on most Solaris
systems anyway.

Thanks to Daniel Richard G.
2019-09-24 23:02:40 +03:00
Lasse Collin 6a89e656eb Fix comment typos in tuklib_mbstr* files. 2019-07-12 18:57:43 +03:00
Lasse Collin ac0b421265 Add missing include to tuklib_mbstr_width.c.
It didn't matter in XZ Utils because sysdefs.h
includes string.h anyway.
2019-07-12 18:30:46 +03:00
Lasse Collin 72a443281f Update tuklib base headers to include stdbool.h. 2019-07-12 18:10:57 +03:00
Lasse Collin de1f47b2b4 xz: Automatically align the strings in --info-memory.
This makes it easier to translate the strings.

Also, the string for amount of RAM was shortened.
2019-06-28 00:54:31 +03:00
Lasse Collin 8ce679125d liblzma: Fix a buggy comment. 2019-06-25 23:15:21 +03:00
Lasse Collin d499e467d9 liblzma: Add a comment. 2019-06-24 23:52:17 +03:00
Lasse Collin a12b13c5f0 liblzma: Silence clang -Wmissing-variable-declarations. 2019-06-24 23:45:21 +03:00
Lasse Collin 1b4675cebf Add LZMA_RET_INTERNAL1..8 to lzma_ret and use one for LZMA_TIMED_OUT.
LZMA_TIMED_OUT is *internally* used as a value for lzma_ret
enumeration. Previously it was #defined to 32 and cast to lzma_ret.
That way it wasn't visible in the public API, but this was hackish.

Now the public API has eight LZMA_RET_INTERNALx members and
LZMA_TIMED_OUT is #defined to LZMA_RET_INTERNAL1. This way
the code is cleaner overall although the public API has a few
extra mysterious enum members.
2019-06-24 23:25:41 +03:00
Lasse Collin 159c43875e xz: Silence a warning from clang -Wsign-conversion in main.c. 2019-06-24 22:57:43 +03:00
Lasse Collin 466cfcd3e5 xz: Make "headings" static in list.c.
Caught by clang -Wmissing-variable-declarations.
2019-06-24 22:52:20 +03:00
Lasse Collin 608517b9b7 liblzma: Remove incorrect uses of lzma_attribute((__unused__)).
Caught by clang -Wused-but-marked-unused.
2019-06-24 22:50:36 +03:00
Lasse Collin 2402f7873d xz: Fix an integer overflow with 32-bit off_t.
Or any off_t which isn't very big (like signed 64 bit integer
that most system have). A small off_t could overflow if the
file being decompressed had long enough run of zero bytes,
which would result in corrupt output.
2019-06-24 20:45:49 +03:00
Lasse Collin 4fd3a8dd0b xz: Cleanup io_seek_src() a bit.
lseek() returns -1 on error and checking for -1 is nicer.
2019-06-24 01:24:17 +03:00
Lasse Collin 1d4a904d8f xz: Change io_seek_src and io_pread arguments from off_t to uint64_t.
This helps fixing warnings from -Wsign-conversion and makes the
code look better too.
2019-06-24 00:40:45 +03:00
Lasse Collin 50120deb01 xz: list.c: Fix some warnings from -Wsign-conversion. 2019-06-24 00:12:38 +03:00
Lasse Collin d0a78751eb tuklib_mbstr_width: Fix a warning from -Wsign-conversion. 2019-06-23 23:22:45 +03:00
Lasse Collin 7883d73530 xz: Fix some of the warnings from -Wsign-conversion. 2019-06-23 23:19:34 +03:00
Lasse Collin c2b994fe3d tuklib_cpucores: Silence warnings from -Wsign-conversion. 2019-06-23 22:27:45 +03:00
Lasse Collin 07c4fa9e1a xzdec: Fix warnings from -Wsign-conversion. 2019-06-23 21:40:47 +03:00
Lasse Collin dfac2c9a1d liblzma: Fix warnings from -Wsign-conversion.
Also, more parentheses were added to the literal_subcoder
macro in lzma_comon.h (better style but no functional change
in the current usage).
2019-06-23 21:38:56 +03:00
Lasse Collin 41838dcc26 tuklib_integer: Silence warnings from -Wsign-conversion. 2019-06-23 19:33:55 +03:00
Lasse Collin 3ce05d235f tuklib_integer: Fix usage of conv macros.
Use a temporary variable instead of e.g.
conv32le(unaligned_read32ne(buf)) because the macro can
evaluate its argument multiple times.
2019-06-20 19:40:30 +03:00
Lasse Collin 039a168e8c liblzma: Fix comments.
Thanks to Bruce Stark.
2019-06-03 20:41:54 +03:00
Lasse Collin c460f6defe liblzma: Fix one more unaligned read to use unaligned_read16ne(). 2019-06-02 00:50:59 +03:00
Lasse Collin 386394fc9f liblzma: memcmplen: Use ctz32() from tuklib_integer.h.
The same compiler-specific #ifdefs are already in tuklib_integer.h
2019-06-01 21:36:13 +03:00
Lasse Collin 264ab971ce tuklib_integer: Cleanup MSVC-specific code. 2019-06-01 21:30:03 +03:00
Lasse Collin 33773c6f2a liblzma: Use unaligned_readXXne functions instead of type punning.
Now gcc -fsanitize=undefined should be clean.

Thanks to Jeffrey Walton.
2019-06-01 19:01:21 +03:00
Lasse Collin 3bc112c2d3 tuklib_integer: Improve unaligned memory access.
Now memcpy() or GNU C packed structs for unaligned access instead
of type punning. See the comment in this commit for details.

Avoiding type punning with unaligned access is needed to
silence gcc -fsanitize=undefined.

New functions: unaliged_readXXne and unaligned_writeXXne where
XX is 16, 32, or 64.
2019-06-01 18:41:16 +03:00
Lasse Collin 2a22de439e liblzma: Avoid memcpy(NULL, foo, 0) because it is undefined behavior.
I should have always known this but I didn't. Here is an example
as a reminder to myself:

    int mycopy(void *dest, void *src, size_t n)
    {
        memcpy(dest, src, n);
        return dest == NULL;
    }

In the example, a compiler may assume that dest != NULL because
passing NULL to memcpy() would be undefined behavior. Testing
with GCC 8.2.1, mycopy(NULL, NULL, 0) returns 1 with -O0 and -O1.
With -O2 the return value is 0 because the compiler infers that
dest cannot be NULL because it was already used with memcpy()
and thus the test for NULL gets optimized out.

In liblzma, if a null-pointer was passed to memcpy(), there were
no checks for NULL *after* the memcpy() call, so I cautiously
suspect that it shouldn't have caused bad behavior in practice,
but it's hard to be sure, and the problematic cases had to be
fixed anyway.

Thanks to Jeffrey Walton.
2019-05-13 20:05:17 +03:00
Lasse Collin 4adb8288ab xz: Update xz man page date. 2019-05-11 20:54:12 +03:00
Antoine Cœur 2fb0ddaa55 spelling 2019-05-11 20:52:37 +03:00
Lasse Collin 4ed3396061 xz: In xz -lvv look at the widths of the check names too.
Now the widths of the check names is used to adjust the width
of the Check column. This way there no longer is a need to restrict
the widths of the check names to be at most ten terminal-columns.
2019-05-01 18:43:10 +03:00
Lasse Collin 2f4281a100 xz: Fix xz -lvv column alignment to look at the translated strings. 2019-05-01 18:33:25 +03:00
Lasse Collin a750c35a7d xz: Automatically align column headings in xz -lvv. 2019-03-04 21:20:39 +02:00
Lasse Collin 6cb42e8aa1 xz: Automatically align strings ending in a colon in --list output.
This should avoid alignment errors in translations with these
strings.
2019-03-04 21:16:59 +02:00
Lasse Collin b55d79461d xz: Fix a crash in progress indicator when in passthru mode.
"xz -dcfv not_an_xz_file" crashed (all four options are
required to trigger it). It caused xz to call
lzma_get_progress(&strm, ...) when no coder was initialized
in strm. In this situation strm.internal is NULL which leads
to a crash in lzma_get_progress().

The bug was introduced when xz started using lzma_get_progress()
to get progress info for multi-threaded compression, so the
bug is present in versions 5.1.3alpha and higher.

Thanks to Filip Palian <Filip.Palian@pjwstk.edu.pl> for
the bug report.
2018-12-20 20:39:20 +02:00
Lasse Collin 4ae5526de0 xz: Update man page timestamp. 2018-11-22 17:20:31 +02:00
Pavel Raiskup 6a36d0d5f4 'have have' typos 2018-11-22 17:19:09 +02:00
Lasse Collin a18ae42a79 liblzma: Don't verify header CRC32s if building for fuzz testing.
FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is #defined when liblzma
is being built for fuzz testing.

Most fuzzed inputs would normally get rejected because of incorrect
CRC32 and the actual header decoding code wouldn't get fuzzed.
Disabling CRC32 checks avoids this problem. The fuzzer program
must still use LZMA_IGNORE_CHECK flag to disable verification of
integrity checks of uncompressed data.
2018-10-26 22:49:10 +03:00
Lasse Collin f76f7516d6 xzless: Rename unused variables to silence static analysers.
In this particular case I don't see this affecting readability
of the code.

Thanks to Pavel Raiskup.
2018-07-27 18:10:44 +03:00
Lasse Collin 3cbcaeb07e liblzma: Remove an always-true condition from lzma_index_cat().
This should help static analysis tools to see that newg
isn't leaked.

Thanks to Pavel Raiskup.
2018-07-27 16:02:58 +03:00
Lasse Collin 76762ae609 liblzma: Improve lzma_properties_decode() API documentation. 2018-05-19 21:23:25 +03:00
Lasse Collin 2267f5b0d2 Bump the version number to 5.3.1alpha. 2018-04-29 18:58:19 +03:00
Ben Boeckel bc19799169 nothrow: use noexcept for C++11 and newer
In C++11, the `throw()` specifier is deprecated and `noexcept` is
preffered instead.
2018-02-06 18:41:45 +02:00
Lasse Collin fb6d4f83cb liblzma: Remove incorrect #ifdef from range_common.h.
In most cases it was harmless but it could affect some
custom build systems.

Thanks to Pippijn van Steenhoven.
2018-02-06 18:02:48 +02:00
Lasse Collin 713bbc1a80 tuklib_integer: New Intel C compiler needs immintrin.h.
Thanks to Melanie Blower (Intel) for the patch.
2018-01-10 21:54:27 +02:00
Lasse Collin 94e3f986aa Fix or hide warnings from GCC 7's -Wimplicit-fallthrough. 2017-08-14 20:08:33 +03:00
Lasse Collin a015cd1f90 xz: Fix "xz --list --robot missing_or_bad_file.xz".
It ended up printing an uninitialized char-array when trying to
print the check names (column 7) on the "totals" line.

This also changes the column 12 (minimum xz version) to
50000002 (xz 5.0.0) instead of 0 when there are no valid
input files.

Thanks to kidmin for the bug report.
2017-05-23 18:34:43 +03:00
Lasse Collin 8269782283 xz: Use lzma_file_info_decoder() for --list. 2017-04-24 19:48:23 +03:00
Lasse Collin e353d0b1cc liblzma: Add lzma_file_info_decoder(). 2017-04-24 19:48:04 +03:00
Lasse Collin 8c9842c265 liblzma: Rename LZMA_SEEK to LZMA_SEEK_NEEDED and seek_in to seek_pos. 2017-04-21 15:05:16 +03:00
Lasse Collin 662b27c417 Update the home page URLs to HTTPS. 2017-04-19 22:17:35 +03:00
Lasse Collin c28f0b3d00 xz: Add io_seek_src(). 2017-04-05 18:47:22 +03:00
Lasse Collin bba477257d xz: Use POSIX_FADV_RANDOM for in "xz --list" mode.
xz --list is random access so POSIX_FADV_SEQUENTIAL was clearly
wrong.
2017-03-30 22:01:54 +03:00
Lasse Collin 310d19816d liblzma: Make lzma_index_decoder_init() visible to other liblzma funcs.
This is to allow other functions to use it without going
via the public API (lzma_index_decoder()).
2017-03-30 20:03:05 +03:00