Commit Graph

2110 Commits

Author SHA1 Message Date
Jia Tan d74fb5f060 xzdec: Add sandbox support for Pledge, Capsicum, and Landlock.
A very strict sandbox is used when the last file is decompressed. The
likely most common use case of xzdec is to decompress a single file.
The Pledge sandbox is applied to the entire process with slightly more
relaxed promises, until the last file is processed.

Thanks to Christian Weisgerber for the initial patch adding Pledge
sandboxing.
2023-12-19 21:18:28 +08:00
Jia Tan b34b6a9912 liblzma: Initialize lzma_lz_encoder pointers with NULL.
This fixes the recent change to lzma_lz_encoder that used memzero
instead of the NULL constant. On some compilers the NULL constant
(always 0) may not equal the NULL pointer (this only needs to guarentee
to not point to valid memory address).

Later code compares the pointers to the NULL pointer so we must
initialize them with the NULL pointer instead of 0 to guarentee
code correctness.
2023-12-20 21:38:39 +08:00
Jia Tan 183a62f0b5 liblzma: Set all values in lzma_lz_encoder to NULL after allocation.
The first member of lzma_lz_encoder doesn't necessarily need to be set
to NULL since it will always be set before anything tries to use it.
However the function pointer members must be set to NULL since other
functions rely on this NULL value to determine if this behavior is
supported or not.

This fixes a somewhat serious bug, where the options_update() and
set_out_limit() function pointers are not set to NULL. This seems to
have been forgotten since these function pointers were added many years
after the original two (code() and end()).

The problem is that by not setting this to NULL we are relying on the
memory allocation to zero things out if lzma_filters_update() is called
on a LZMA1 encoder. The function pointer for set_out_limit() is less
serious because there is not an API function that could call this in an
incorrect way. set_out_limit() is only called by the MicroLZMA encoder,
which must use LZMA1 where set_out_limit() is always set. Its currently
not possible to call set_out_limit() on an LZMA2 encoder at this time.

So calling lzma_filters_update() on an LZMA1 encoder had undefined
behavior since its possible that memory could be manipulated so the
options_update member pointed to a different instruction sequence.

This is unlikely to be a bug in an existing application since it relies
on calling lzma_filters_update() on an LZMA1 encoder in the first place.
For instance, it does not affect xz because lzma_filters_update() can
only be used when encoding to the .xz format.

This is fixed by using memzero() to set all members of lzma_lz_encoder
to NULL after it is allocated. This ensures this mistake will not occur
here in the future if any additional function pointers are added.
2023-12-16 20:51:38 +08:00
Jia Tan 1a1bb381db liblzma: Tweak a comment. 2023-12-16 20:30:55 +08:00
Jia Tan 55810780e0 liblzma: Make parameter names in function definition match declaration.
lzma_raw_encoder() and lzma_raw_encoder_init() used "options" as the
parameter name instead of "filters" (used by the declaration). "filters"
is more clear since the parameter represents the list of filters passed
to the raw encoder, each of which contains filter options.
2023-12-16 20:28:21 +08:00
Jia Tan 5dad6f628a liblzma: Improve lzma encoder init function consistency.
lzma_encoder_init() did not check for NULL options, but
lzma2_encoder_init() did. This is more of a code style improvement than
anything else to help make lzma_encoder_init() and lzma2_encoder_init()
more similar.
2023-12-16 20:18:47 +08:00
Jia Tan e1b1a9d637 Docs: Update repository URL in Changelog. 2023-12-16 11:20:20 +08:00
Jia Tan f9b82bc64a CI: Update Upload Artifact Action. 2023-12-15 16:56:31 +08:00
Jia Tan d0b24efe6c Tests: Silence -Wsign-conversion warning on GCC version < 10.
Since GCC version 10, GCC no longer complains about simple implicit
integer conversions with Arithmetic operators.

For instance:

    uint8_t a = 5;
    uint32_t b = a + 5;

Give a warning on GCC 9 and earlier but this:

    uint8_t a = 5;
    uint32_t b = (a + 5) * 2;

Gives a warning with GCC 10+.
2023-12-07 21:48:07 +08:00
Jia Tan 4a972a8ee3 Update THANKS. 2023-12-07 20:06:57 +08:00
Jia Tan ee2f483500 Tests: Minor cleanups to OSS-Fuzz files.
Most of these fixes are small typos and tweaks. A few were caused by bad
advice from me. Here is the summary of what is changed:

- Author line edits

- Small comment changes/additions

- Using the return value in the error messages in the fuzz targets'
  coder initialization code

- Removed fuzz_encode_stream.options. This set a max length, which may
  prevent some worthwhile code paths from being properly exercised.

- Removed the max_len option from fuzz_decode_stream.options for the
  same reason as fuzz_encode_stream. The alone decoder fuzz target still
  has this restriction.

- Altered the dictionary contents for fuzz_lzma.dict. Instead of keeping
  the properties static and varying the dictionary size, the properties
  are varied and the dictionary size is kept small. The dictionary size
  doesn't have much impact on the code paths but the properties do.

Closes: https://github.com/tukaani-project/xz/pull/73
2023-12-07 20:06:57 +08:00
Maksym Vatsyk 483bb90eec Tests: Add fuzz_encode_stream ossfuzz target.
This fuzz target handles .xz stream encoding. The first byte of input
is used to dynamically set the preset level in order to increase the
fuzz coverage of complex critical code paths.
2023-12-07 20:06:57 +08:00
Maksym Vatsyk 7ca8c9869d Tests: Add fuzz_decode_alone OSS-Fuzz target
This fuzz target that handles LZMA alone decoding. A new fuzz
dictionary .dict was also created with common LZMA header values to
help speed up the discovery of valid headers.
2023-12-07 20:06:57 +08:00
Maksym Vatsyk 37581a77ad Tests: Update OSS-Fuzz Makefile.
All .c files can be built as separate fuzz targets. This simplifies
the Makefile by allowing us to use wildcards instead of having a
Makefile target for each fuzz target.
2023-12-07 20:06:54 +08:00
Maksym Vatsyk 28ce6a1c2a Tests: Move common OSS-Fuzz target code to .h file. 2023-12-07 20:06:54 +08:00
Maksym Vatsyk bf0521ea15 Tests: Rename OSS-Fuzz files. 2023-12-07 20:06:51 +08:00
Jia Tan 685094b8e1 Update THANKS. 2023-11-30 23:10:43 +08:00
Kian-Meng Ang 3b3023e00b Tests: Fix typos 2023-11-30 23:08:05 +08:00
Kian-Meng Ang 424d46ead8 xz: Fix typo 2023-11-30 23:08:05 +08:00
Jia Tan 35558adf9c Update THANKS. 2023-11-30 20:41:00 +08:00
Jia Tan fd170e8557 CI: Test musl libc builds on Ubuntu runner. 2023-11-30 20:09:46 +08:00
Jia Tan db2b4aa068 CI: Allow ci_build.sh to set a different C compiler. 2023-11-30 20:09:46 +08:00
Jia Tan ff7badef53 CMake: Use consistent indentation with check_c_source_compiles(). 2023-11-30 20:09:46 +08:00
Jia Tan d4af167570 CMake: Change __attribute__((__ifunc__())) detection.
This renames ALLOW_ATTR_IFUNC to USE_ATTR_IFUNC and applies the ifunc
detection changes that were made to the Autotools build.

Fixes: https://github.com/tukaani-project/xz/issues/70
2023-11-30 20:07:34 +08:00
Jia Tan 20ecee40a0 Docs: Update INSTALL for --enable_ifunc change. 2023-11-30 20:05:09 +08:00
Jia Tan ffb456593d Build: Change --enable-ifunc handling.
Some compilers support __attribute__((__ifunc__())) even though the
dynamic linker does not. The compiler is able to create the binary
but it will fail on startup. So it is not enough to just test if
the attribute is supported.

The default value for enable_ifunc is now auto, which will attempt
to compile a program using __attribute__((__ifunc__())). There are
additional checks in this program if glibc is being used or if it
is running on FreeBSD.

Setting --enable-ifunc will skip this test and always enable
__attribute__((__ifunc__())), even if is not supported.
2023-11-30 20:04:42 +08:00
Lasse Collin 12b89bcc99 xz: Tweak a comment. 2023-11-23 17:39:10 +02:00
Jia Tan 2ab2e4b5a5 xz: Use is_tty() in message.c. 2023-11-23 22:40:27 +08:00
Jia Tan 584e3a258f xz: Create separate is_tty() function.
The new is_tty() will report if a file descriptor is a terminal or not.
On POSIX systems, it is a wrapper around isatty(). However, the native
Windows implementation of isatty() will return true for all character
devices, not just terminals. So is_tty() has a special case for Windows
so it can use alternative Windows API functions to determine if a file
descriptor is a terminal.

This fixes a bug with MSVC and MinGW-w64 builds that refused to read from
or write to non-terminal character devices because xz thought it was a
terminal. For instance:

    xz foo -c > /dev/null

would fail because /dev/null was assumed to be a terminal.
2023-11-23 22:40:20 +08:00
Jia Tan 6b05f827f5 tuklib_integer: Fix typo discovered by codespell.
Based on internet dictionary searches, 'choise' is an outdated spelling
of 'choice'.
2023-11-22 20:39:41 +08:00
Lasse Collin 659aca0d69 xz: Move the check for --suffix with --format=raw a few lines earlier.
Now it reads from argv[] instead of args->arg_names.
2023-11-18 01:56:09 +08:00
Jia Tan ca278eb2b7 Tests: Create test_suffix.sh.
This tests some complicated interactions with the --suffix= option.
The suffix option must be used with --format=raw, but can optionally
be used to override the default .xz suffix.

This test also verifies some recent bugs have been correctly solved
and to hopefully avoid further regressions in the future.
2023-11-18 01:56:05 +08:00
Jia Tan 2a732aba22 xz: Fix a bug with --files and --files0 in raw mode without a suffix.
The following command caused a segmentation fault:

    xz -Fraw --lzma1 --files=foo

when foo was a valid file. The usage of --files or --files0 was not
being checked when compressing or decompressing in raw mode without a
suffix. The suffix checking code was meant to validate that all files
to be processed are "-" (if not writing to standard out), meaning the
data is only coming from standard in. In this case, there were no file
names to check since --files and --files0 store their file name in a
different place.

Later code assumed the suffix was set and caused a segmentation fault.
Now, the above command results in an error.
2023-11-17 23:16:55 +08:00
Jia Tan 299920bab9 Tests: Fix typo in a comment. 2023-11-17 20:04:58 +08:00
Jia Tan f481523baa xz: Refactor suffix test with raw format.
The previous version set opt_stdout, but this caused an issue with
copying an input file to standard out when decompressing an unknown file
type. The following needs to result in an error:

    echo foo | xz -df

since -c, --stdout is not used. This fixes the previous error by not
setting opt_stdout.
2023-11-15 23:40:13 +08:00
Jia Tan 837ea40b1c xz: Move suffix check after stdout mode is detected.
This fixes a bug introduced in cc5aa9ab13
when the suffix check was initially moved. This caused a situation that
previously worked:

    echo foo | xz -Fraw --lzma1 | wc -c

to fail because the old code knew that this would write to standard out
so a suffix was not needed.
2023-11-14 20:27:46 +08:00
Jia Tan d4f4a4d040 xz: Detect when all data will be written to standard out earlier.
If the -c, --stdout argument is not used, then we can still detect when
the data will be written to standard out if all of the provided
filenames are "-" (denoting standard in) or if no filenames are
provided.
2023-11-14 20:27:04 +08:00
Jia Tan 2ade7246e7 liblzma: Add missing comments to lz_encoder.h. 2023-11-09 01:21:53 +08:00
Jia Tan 5fe1450603 Add NEWS for 5.4.5. 2023-11-01 20:58:58 +08:00
Lasse Collin 46007049cd liblzma: Fix compilation of fastpos_tablegen.c.
The macro lzma_attr_visibility_hidden has to be defined to make
fastpos.h usable. The visibility attribute is irrelevant to
fastpos_tablegen.c so simply #define the macro to an empty value.

fastpos_tablegen.c is never built by the included build systems
and so the problem wasn't noticed earlier. It's just a standalone
program for generating fastpos_table.c.

Fixes: https://github.com/tukaani-project/xz/pull/69
Thanks to GitHub user Jamaika1.
2023-10-31 21:41:09 +02:00
Jia Tan 148e20607e Build: Fix text wrapping in an output message. 2023-10-31 21:54:11 +08:00
Lasse Collin 8c36ab79cb liblzma: Add a note why crc_always_inline exists for now.
Solaris Studio is a possible example (not tested) which
supports the always_inline attribute but might not get
detected by the common.h #ifdefs.
2023-10-30 18:44:32 +02:00
Lasse Collin e7a86b94cd liblzma: Use lzma_always_inline in memcmplen.h. 2023-10-30 18:44:32 +02:00
Lasse Collin dcfe563299 liblzma: #define lzma_always_inline in common.h. 2023-10-30 18:44:32 +02:00
Lasse Collin 41113fe30a liblzma: Use lzma_attr_visibility_hidden on private extern declarations.
These variables are internal to liblzma and not exposed in the API.
2023-10-30 18:06:25 +02:00
Lasse Collin a2f5ca706a liblzma: #define lzma_attr_visibility_hidden in common.h.
In ELF shared libs:

-fvisibility=hidden affects definitions of symbols but not
declarations.[*] This doesn't affect direct calls to functions
inside liblzma as a linker can replace a call to lzma_foo@plt
with a call directly to lzma_foo when -fvisibility=hidden is used.

[*] It has to be like this because otherwise every installed
    header file would need to explictly set the symbol visibility
    to default.

When accessing extern variables that aren't defined in the
same translation unit, compiler assumes that the variable has
the default visibility and thus indirection is needed. Unlike
function calls, linker cannot optimize this.

Using __attribute__((__visibility__("hidden"))) with the extern
variable declarations tells the compiler that indirection isn't
needed because the definition is in the same shared library.

About 15+ years ago, someone told me that it would be good if
the CRC tables would be defined in the same translation unit
as the C code of the CRC functions. While I understood that it
could help a tiny amount, I didn't want to change the code because
a separate translation unit for the CRC tables was needed for the
x86 assembly code anyway. But when visibility attributes are
supported, simply marking the extern declaration with the
hidden attribute will get identical result. When there are only
a few affected variables, this is trivial to do. I wish I had
understood this back then already.
2023-10-30 18:03:39 +02:00
Lasse Collin 2c7ee92e44 liblzma: Refer to MinGW-w64 instead of MinGW in the API headers.
MinGW (formely a MinGW.org Project, later the MinGW.OSDN Project
at <https://osdn.net/projects/mingw/>) has GCC 9.2.0 as the
most recent GCC package (released 2021-02-02). The project might
still be alive but majority of people have switched to MinGW-w64.
Thus it seems clearer to refer to MinGW-w64 in our API headers too.
Building with MinGW is likely to still work but I haven't tested it
in the recent years.
2023-10-26 21:46:06 +03:00
Lasse Collin 597f49b614 CMake: Use -D_FILE_OFFSET_BITS=64 if (and only if) needed.
A CMake option LARGE_FILE_SUPPORT is created if and only if
-D_FILE_OFFSET_BITS=64 affects sizeof(off_t).

This is needed on many 32-bit platforms and even with 64-bit builds
with MinGW-w64 to get support for files larger than 2 GiB.
2023-10-26 21:46:06 +03:00
Lasse Collin 1bc548b821 CMake: Generate and install liblzma.pc if not using MSVC.
Autotools based build uses -pthread and thus adds it to Libs.private
in liblzma.pc. CMake doesn't use -pthread at all if pthread functions
are available in libc so Libs.private doesn't get -pthread either.
2023-10-26 21:46:06 +03:00
Lasse Collin 2add71966f CMake: Rearrange the PACKAGE_ variables.
The windres workaround now replaces spaces with \x20 so
the package name isn't repeated.

These changes will help with creation of liblzma.pc.
2023-10-26 21:46:06 +03:00