Commit Graph

2397 Commits

Author SHA1 Message Date
Jia Tan ae5c07b22a liblzma: Add overflow check for Unpadded size in lzma_index_append().
This was not a security bug since there was no path to overflow
UINT64_MAX in lzma_index_append() or when it calls index_file_size().
The bug was discovered by a failing assert() in vli_ceil4() when called
from index_file_size() when unpadded_sum (the sum of the compressed size
of current Stream and the unpadded_size parameter) exceeds LZMA_VLI_MAX.

Previously, the unpadded_size parameter was checked to be not greater
than UNPADDED_SIZE_MAX, but no check was done once compressed_base was
added.

This could not have caused an integer overflow in index_file_size() when
called by lzma_index_append(). The calculation for file_size breaks down
into the sum of:

- Compressed base from all previous Streams
- 2 * LZMA_STREAM_HEADER_SIZE (size of the current Streams header and
  footer)
- stream_padding (can be set by lzma_index_stream_padding())
- Compressed base from the current Stream
- Unpadded size (parameter to lzma_index_append())

The sum of everything except for Unpadded size must be less than
LZMA_VLI_MAX. This is guarenteed by overflow checks in the functions
that can set these values including lzma_index_stream_padding(),
lzma_index_append(), and lzma_index_cat(). The maximum value for
Unpadded size is enforced by lzma_index_append() to be less than or
equal UNPADDED_SIZE_MAX. Thus, the sum cannot exceed UINT64_MAX since
LZMA_VLI_MAX is half of UINT64_MAX.

Thanks to Joona Kannisto for reporting this.
2023-08-28 23:04:56 +08:00
Jia Tan 1057765aaa Translations: Update the Esperanto translation. 2023-08-28 22:18:29 +08:00
Jia Tan f2e94d064f Translations: Update the Esperanto translation. 2023-08-26 20:10:23 +08:00
Jia Tan 2b871f4dbf Docs: Update INSTALL for --enable-threads method win95.
The Autotools build allows win95 threads and --enable-small together now
if the compiler supports __attribute__((__constructor__)).
2023-08-14 20:39:22 +08:00
Jia Tan 356ad5b26b CMake: Conditionally allow win95 threads and --enable-small. 2023-08-14 20:39:18 +08:00
Jia Tan de574404c4 Build: Conditionally allow win95 threads and --enable-small.
When the compiler supports __attribute__((__constructor__))
mythread_once() is never used, even with --enable-small. A configuration
with win95 threads and --enable-small will compile and be thread safe so
it can be allowed.

This isn't a very common configuration since MSVC does not support
__attribute__((__constructor__)), but MINGW32 and CLANG32 environments
for MSYS2 can use win95 threads and have
__attribute__((__constructor__)) support.
2023-08-09 20:35:16 +08:00
Jamaika1 6bf33b704c
mythread.h: Fix typo error in Vista threads mythread_once().
The "once_" variable was accidentally referred to as just "once". This
prevented building with Vista threads when
HAVE_FUNC_ATTRIBUTE_CONSTRUCTOR was not defined.
2023-08-08 20:07:59 +08:00
Jia Tan 80cb961e53 codespell: Add .codespellrc to set default options.
The .codespellrc allows setting default options to avoid false positive
matches, set additional dictionaries, etc. For now, codespell can be
used locally before committing doc and comment changes.

It should help prevent silly errors and fix up commits in the future.
2023-08-04 22:17:11 +08:00
Jia Tan cd678a6077 Tests: Style fixes to test_lzip_decoder.c. 2023-08-03 20:10:21 +08:00
Jia Tan 1cac5ed4fa Translations: Update the Chinese (simplified) translation. 2023-08-03 15:56:20 +08:00
Lasse Collin 16068f6c30 xz: Omit an empty paragraph on the man page. 2023-08-02 17:15:12 +03:00
Jia Tan 9ae4371b51 Add NEWS for 5.4.4. 2023-08-02 20:30:07 +08:00
Lasse Collin e8c2203b2c build-aux/manconv.sh: Fix US-ASCII and UTF-8 output.
groff defaults to SGR escapes. Using -P-c passes -c to grotty
which restores the old behavior. Perhaps there is a better way to
get pure plain text output but this works for now.
2023-08-02 15:19:43 +03:00
Lasse Collin 9a706167b0 Update THANKS. 2023-08-01 19:10:43 +03:00
Lasse Collin 33e25a0f56 Update THANKS. 2023-08-01 18:22:24 +03:00
ChanTsune 81db3b8898 mythread.h: Disable signal functions in builds targeting Wasm + WASI.
signal.h in WASI SDK doesn't currently provide sigprocmask()
or sigset_t. liblzma doesn't need them so this change makes
liblzma and xzdec build against WASI SDK. xz doesn't build yet
and the tests don't either as tuktest needs setjmp() which
isn't (yet?) implemented in WASI SDK.

Closes: https://github.com/tukaani-project/xz/pull/57
See also: https://github.com/tukaani-project/xz/pull/56

(The original commit was edited a little by Lasse Collin.)
2023-08-01 18:18:05 +03:00
Jia Tan 71c638c611 Add newline to end of .gitignore.
Newline was accidentally removed in commit
01cbb7f023.
2023-08-01 21:58:51 +08:00
Dimitri Papadopoulos Orfanos 42df7c7aa1
Docs: Fix typos found by codespell 2023-07-31 20:02:21 +08:00
Jia Tan 01cbb7f023 Update .gitignore. 2023-07-28 22:17:50 +08:00
Jia Tan f97a1afd56 CMake: Conditionally allow the creation of broken symlinks.
The CMake build will try to create broken symlinks on Unix and Unix-like
platforms. Cygwin and MSYS2 are Unix-like, but may not be able to create
broken symlinks. The value of the CYGWIN or MSYS environment variables
determine if broken symlinks are valid.

The default for MSYS2 does not allow for broken symlinks, so the CMake
build has been broken for MSYS2 since commit
80a1a8bb83.
2023-07-28 22:03:08 +08:00
Jia Tan 7190f4cc7c CI: Fix windows-ci dependency installation.
All of the MSYS2 environments need make, and it does not come with the
toolchain package. The toolchain package will install the needed
compiler toolchains since without this package CMake cannot properly
generate the Makefiles.
2023-07-28 21:56:48 +08:00
Jia Tan a048f472cd CI: Update ci_build.sh CMake to always make Unix Makefiles.
The default for many of the MSYS2 environments is for CMake to create
Ninja build files. This would complicate the build script since we would
need a different command to run the tests. Its simpler to always use
Unix Makefiles so that "make test" is always a usable target for
testing.
2023-07-28 21:54:22 +08:00
Jia Tan 7870396a0c CI: Test CMake builds and test framework with MSYS2. 2023-07-25 20:17:23 +08:00
Jia Tan 6497d1f887 CI: Windows CI rename system matrix variable -> msys2_env.
Calling the MSYS2 environment "system" was a bit vague and should be
more specific.
2023-07-25 20:14:53 +08:00
Jia Tan 785e4121d9 CI: Add Clang64 MSYS2 environment to Windows CI. 2023-07-24 23:11:45 +08:00
Jia Tan d9166b52cf liblzma: Prevent an empty translation unit in Windows builds.
To workaround Automake lacking Windows resource compiler support, an
empty source file is compiled to overwrite the resource files for static
library builds. Translation units without an external declaration are
not allowed by the C standard and result in a warning when used with
-Wempty-translation-unit (Clang) or -pedantic (GCC).
2023-07-24 23:11:13 +08:00
Jia Tan db5019d691 Translations: Update the Vietnamese translation. 2023-07-22 18:37:56 +08:00
Jia Tan f3a055f762 CI: Add Windows runner for Autotools builds with MSYS2.
Only a subset of the tests run by the Linux and MacOS Autotools builds
are run. The most interesting tests are the ones that disable threads,
encoders, and decoders.

The Windows runner will only be run manually since these tests will
likely take much longer than the Linux and MacOS runners. This runner
should be used before merging any large features and before releases.

Currently the clang64 environment fails to due to a warning and
-Werror is enabled for the CI tests. This is still an early version
since the CMake build can be done for MSVC and optionally each of the
MSYS2 environments. GitHub does not allow manually running the CI tests
unless the workflow is checked on the default branch so checking in a
minimum version is a good idea.

Thanks to Arthur S for the original proposing the original patch.

Closes: https://github.com/tukaani-project/xz/pull/34
2023-07-22 18:31:02 +08:00
Jia Tan 556536a352 CI: Add argument to ci_build.sh to pass flags to autogen.sh. 2023-07-22 18:13:43 +08:00
Jia Tan 39a32d36fc Tests: Skip .lz files in test_files.sh if not configured.
Previously if the lzip decoder was not configured then test_files.sh
would pass the lzip tests instead of skipping them.
2023-07-21 18:05:44 +08:00
Jia Tan 194d12724b Tests: Add ARM64 filter test to test_compress.sh. 2023-07-20 22:11:13 +08:00
Jia Tan d850365c44 Translations: Update the Croatian translation. 2023-07-20 20:30:05 +08:00
Jia Tan 24049eb7ac Translations: Update the Korean man page translations. 2023-07-20 20:28:32 +08:00
Jia Tan 4d4a4fa07d Translations: Update the Korean translation. 2023-07-20 20:25:24 +08:00
Jia Tan 237f06d9c5 Translations: Update the Polish translation. 2023-07-20 20:24:05 +08:00
Jia Tan 80c2c83213 Translations: Update the German man page translations. 2023-07-20 20:22:23 +08:00
Jia Tan fdbde14503 Translations: Update the German translation. 2023-07-20 20:18:44 +08:00
Jia Tan 9f3bf5ff5b Translations: Update the Chinese (simplified) translation. 2023-07-20 20:17:10 +08:00
Jia Tan 376938c588 Translations: Update the Swedish translation. 2023-07-20 20:15:47 +08:00
Jia Tan 26b0bc6eb8 Translations: Update the Ukrainian man page translations. 2023-07-20 20:14:00 +08:00
Jia Tan 2d02c8b764 Translations: Update the Ukrainian translation. 2023-07-20 20:09:15 +08:00
Jia Tan f881018b50 Translations: Update the Spanish translation. 2023-07-20 20:06:57 +08:00
Jia Tan 791fe6d3ff Translations: Update the Romanian translation. 2023-07-20 20:05:19 +08:00
Jia Tan 8827e90704 Translations: Update the Romanian man page translations. 2023-07-20 20:02:56 +08:00
Jia Tan 0184d344fa liblzma: Suppress -Wunused-function warning.
Clang 16.0.0 and earlier have a bug that the ifunc resolver function
triggers the -Wunused-function warning. The resolver function is static
and only "used" by the __attribute__((__ifunc()__)).

At this time, the bug is still unresolved, but has been reported:
https://github.com/llvm/llvm-project/issues/63957

This is not a problem in GCC.
2023-07-19 23:36:00 +08:00
Jia Tan 43845fa70f liblzma: Reword lzma_str_list_filters() documentation.
This further improves the documentation from commit
f36ca7982f. The previous wording of
"supported options" was slightly misleading since the options that are
printed are the ones that are relevant for encoding/decoding. It is not
about which options can or must be specified.
2023-07-18 22:57:58 +08:00
Jia Tan 818701ba1c liblzma: Improve comment in string_conversion.c.
The comment used "flag" when referring to decoder options. Just
referring to them as options is more clear and consistent.
2023-07-18 22:56:47 +08:00
Lasse Collin b6b7d06585 xz: Translate the second "%s: " in message.c since French needs "%s : ".
This string is used to print a filename when using "xz -v" and
stderr isn't a terminal.
2023-07-18 17:37:33 +03:00
Lasse Collin be644042c3 xz: Make "%s: %s" translatable because French needs "%s : %s". 2023-07-18 17:34:18 +03:00
Lasse Collin 97fd5cb669 liblzma: Tweak #if condition in memcmplen.h.
Maybe ICC always #defines _MSC_VER on Windows but now
it's very clear which code will get used.
2023-07-18 13:57:54 +03:00