1
// SPDX-License-Identifier: 0BSD
2

3
///////////////////////////////////////////////////////////////////////////////
4
//
5
/// \file       block_header_decoder.c
6
/// \brief      Decodes Block Header from .xz files
7
//
8
//  Author:     Lasse Collin
9
//
10
///////////////////////////////////////////////////////////////////////////////
11

12
#include "common.h"
13
#include "check.h"
14

15

16
extern LZMA_API(lzma_ret)
17
lzma_block_header_decode(lzma_block *block,
18
		const lzma_allocator *allocator, const uint8_t *in)
19
{
20
	// NOTE: We consider the header to be corrupt not only when the
21
	// CRC32 doesn't match, but also when variable-length integers
22
	// are invalid or over 63 bits, or if the header is too small
23
	// to contain the claimed information.
24

25
	// Catch unexpected NULL pointers.
26
	if (block == NULL || block->filters == NULL || in == NULL)
27
		return LZMA_PROG_ERROR;
28

29
	// Initialize the filter options array. This way the caller can
30
	// safely free() the options even if an error occurs in this function.
31
	for (size_t i = 0; i <= LZMA_FILTERS_MAX; ++i) {
32
		block->filters[i].id = LZMA_VLI_UNKNOWN;
33
		block->filters[i].options = NULL;
34
	}
35

36
	// Versions 0 and 1 are supported. If a newer version was specified,
37
	// we need to downgrade it.
38
	if (block->version > 1)
39
		block->version = 1;
40

41
	// This isn't a Block Header option, but since the decompressor will
42
	// read it if version >= 1, it's better to initialize it here than
43
	// to expect the caller to do it since in almost all cases this
44
	// should be false.
45
	block->ignore_check = false;
46

47
	// Validate Block Header Size and Check type. The caller must have
48
	// already set these, so it is a programming error if this test fails.
49
	if (lzma_block_header_size_decode(in[0]) != block->header_size
50
			|| (unsigned int)(block->check) > LZMA_CHECK_ID_MAX)
51
		return LZMA_PROG_ERROR;
52

53
	// Exclude the CRC32 field.
54
	const size_t in_size = block->header_size - 4;
55

56
	// Verify CRC32
57
	if (lzma_crc32(in, in_size, 0) != read32le(in + in_size)) {
58
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
59
		return LZMA_DATA_ERROR;
60
#endif
61
	}
62

63
	// Check for unsupported flags.
64
	if (in[1] & 0x3C)
65
		return LZMA_OPTIONS_ERROR;
66

67
	// Start after the Block Header Size and Block Flags fields.
68
	size_t in_pos = 2;
69

70
	// Compressed Size
71
	if (in[1] & 0x40) {
72
		return_if_error(lzma_vli_decode(&block->compressed_size,
73
				NULL, in, &in_pos, in_size));
74

75
		// Validate Compressed Size. This checks that it isn't zero
76
		// and that the total size of the Block is a valid VLI.
77
		if (lzma_block_unpadded_size(block) == 0)
78
			return LZMA_DATA_ERROR;
79
	} else {
80
		block->compressed_size = LZMA_VLI_UNKNOWN;
81
	}
82

83
	// Uncompressed Size
84
	if (in[1] & 0x80)
85
		return_if_error(lzma_vli_decode(&block->uncompressed_size,
86
				NULL, in, &in_pos, in_size));
87
	else
88
		block->uncompressed_size = LZMA_VLI_UNKNOWN;
89

90
	// Filter Flags
91
	const size_t filter_count = (in[1] & 3U) + 1;
92
	for (size_t i = 0; i < filter_count; ++i) {
93
		const lzma_ret ret = lzma_filter_flags_decode(
94
				&block->filters[i], allocator,
95
				in, &in_pos, in_size);
96
		if (ret != LZMA_OK) {
97
			lzma_filters_free(block->filters, allocator);
98
			return ret;
99
		}
100
	}
101

102
	// Padding
103
	while (in_pos < in_size) {
104
		if (in[in_pos++] != 0x00) {
105
			lzma_filters_free(block->filters, allocator);
106

107
			// Possibly some new field present so use
108
			// LZMA_OPTIONS_ERROR instead of LZMA_DATA_ERROR.
109
			return LZMA_OPTIONS_ERROR;
110
		}
111
	}
112

113
	return LZMA_OK;
114
}
115

116