Change in em100[master]: Update xz - coreboot-gerrit

18 Oct 2021

Patrick Georgi has uploaded this change for review. ( https://review.coreboot.org/c/em100/+/58424 )
Change subject: Update xz
......................................................................
Update xz
Copied from https://git.tukaani.org/xz-embedded.git, commit 3f438e151
Some bug fixes, some C standard compliance, some typo fixes:
3f438e15109229bb14ab45f285f4bff5412a9542 Fix spelling in comments.
c61e095215ead4506c7ce775110baf9854d481a3 Fix typos in comments.
8f3ed8b1759abe53ff21f6d9eee1b341e8540e8e Add MicroLZMA decoder.
03d0415b7a4a3616e820e08f39f5309d6d32047b Validate the value before, not after, assigning it to an enum variable.
8122033d26644f970ca192466487218c06a1011e Move s->lzma.len = 0 initialization to lzma_reset().
41e657bfaa84cde5907020b7032d58f9245fc26b Fix a typo in a comment.
6f0e0c41e3682254c2e0be245f275f77df821ffe Add xz_dec_catrun() to support concatenated .xz files.
d8a12bc0c61282b38439ee76b05dbde0200002e1 userspace/Makefile: Add a comment about -std=gnu89 and add -Wno-long-long.
ef038b9db55bba73e2574ae451d62e16ce9c0ef9 Make xz_crc64.c compatible with -std=gnu89 on 32-bit platforms.
82078b6109122ede1f76b76e75e54dcea7fc8d25 xzminidec: Detect read errors from stdin.
Change-Id: I8b5b47cab91630934fc6fd358fe9147826b0c450
---
M xz/xz_crc64.c
M xz/xz_dec_bcj.c
M xz/xz_dec_lzma2.c
M xz/xz_dec_stream.c
M xz/xz_private.h
5 files changed, 251 insertions(+), 15 deletions(-)
git pull ssh://review.coreboot.org:29418/em100 refs/changes/24/58424/1

diff --git a/xz/xz_crc64.c b/xz/xz_crc64.c
index 215e04d..60c40f6 100644
--- a/xz/xz_crc64.c
+++ b/xz/xz_crc64.c
@@ -20,7 +20,11 @@
XZ_EXTERN void xz_crc64_init(void)
 {
-	const uint64_t poly = 0xC96C5795D7870F42;
+	/*
+	 * The ULL suffix is needed for -std=gnu89 compatibility
+	 * on 32-bit platforms.
+	 */
+	const uint64_t poly = 0xC96C5795D7870F42ULL;
uint32_t i;
    uint32_t j;
diff --git a/xz/xz_dec_bcj.c b/xz/xz_dec_bcj.c
index 72ddac6..ef449e9 100644
--- a/xz/xz_dec_bcj.c
+++ b/xz/xz_dec_bcj.c
@@ -422,7 +422,7 @@
/*
     * Flush pending already filtered data to the output buffer. Return
-	 * immediatelly if we couldn't flush everything, or if the next
+	 * immediately if we couldn't flush everything, or if the next
     * filter in the chain had already returned XZ_STREAM_END.
     */
    if (s->temp.filtered > 0) {
diff --git a/xz/xz_dec_lzma2.c b/xz/xz_dec_lzma2.c
index 2deb544..c929f1c 100644
--- a/xz/xz_dec_lzma2.c
+++ b/xz/xz_dec_lzma2.c
@@ -147,8 +147,8 @@
/*
     * LZMA properties or related bit masks (number of literal
-	 * context bits, a mask dervied from the number of literal
-	 * position bits, and a mask dervied from the number
+	 * context bits, a mask derived from the number of literal
+	 * position bits, and a mask derived from the number
     * position bits)
     */
    uint32_t lc;
@@ -248,6 +248,10 @@
     * before the first LZMA chunk.
     */
    bool need_props;
+
+#ifdef XZ_DEC_MICROLZMA
+	bool pedantic_microlzma;
+#endif
 };
struct xz_dec_lzma2 {
@@ -419,6 +423,12 @@
    }
 }
+#ifdef XZ_DEC_MICROLZMA
+#	define DICT_FLUSH_SUPPORTS_SKIPPING true
+#else
+#	define DICT_FLUSH_SUPPORTS_SKIPPING false
+#endif
+
 /*
  * Flush pending data from dictionary to b->out. It is assumed that there is
  * enough space in b->out. This is guaranteed because caller uses dict_limit()
@@ -437,9 +447,14 @@
    	 * decompression because in multi-call mode dict->buf
    	 * has been allocated by us in this file; it's not
    	 * provided by the caller like in single-call mode.
+		 *
+		 * With MicroLZMA, b->out can be NULL to skip bytes that
+		 * the caller doesn't need. This cannot be done with XZ
+		 * because it would break BCJ filters.
    	 */
-		memcpy(b->out + b->out_pos, dict->buf + dict->start,
-				copy_size);
+		if (!DICT_FLUSH_SUPPORTS_SKIPPING || b->out != NULL)
+			memcpy(b->out + b->out_pos, dict->buf + dict->start,
+					copy_size);
    }
dict->start = dict->pos;
@@ -501,11 +516,11 @@
 }
/*
- * Decode one bit. In some versions, this function has been splitted in three
+ * Decode one bit. In some versions, this function has been split in three
  * functions so that the compiler is supposed to be able to more easily avoid
  * an extra branch. In this particular version of the LZMA decoder, this
  * doesn't seem to be a good idea (tested with GCC 3.3.6, 3.4.6, and 4.3.3
- * on x86). Using a non-splitted version results in nicer looking code too.
+ * on x86). Using a non-split version results in nicer looking code too.
  *
  * NOTE: This must return an int. Do not make it return a bool or the speed
  * of the code generated by GCC 3.x decreases 10-15 %. (GCC 4.3 doesn't care,
@@ -778,7 +793,7 @@
 }
/*
- * Reset the LZMA decoder and range decoder state. Dictionary is nore reset
+ * Reset the LZMA decoder and range decoder state. Dictionary is not reset
  * here, because LZMA state may be reset without resetting the dictionary.
  */
 static void lzma_reset(struct xz_dec_lzma2 *s)
@@ -791,6 +806,7 @@
    s->lzma.rep1 = 0;
    s->lzma.rep2 = 0;
    s->lzma.rep3 = 0;
+	s->lzma.len = 0;
/*
     * All probabilities are initialized to the same value. This hack
@@ -1174,8 +1190,6 @@
    	}
    }
-	s->lzma.len = 0;
-
    s->lzma2.sequence = SEQ_CONTROL;
    s->lzma2.need_dict_reset = true;
@@ -1191,3 +1205,140 @@
kfree(s);
 }
+
+#ifdef XZ_DEC_MICROLZMA
+/* This is a wrapper struct to have a nice struct name in the public API. */
+struct xz_dec_microlzma {
+	struct xz_dec_lzma2 s;
+};
+
+enum xz_ret xz_dec_microlzma_run(struct xz_dec_microlzma *s_ptr,
+				 struct xz_buf *b)
+{
+	struct xz_dec_lzma2 *s = &s_ptr->s;
+
+	/*
+	 * sequence is SEQ_PROPERTIES before the first input byte,
+	 * SEQ_LZMA_PREPARE until a total of five bytes have been read,
+	 * and SEQ_LZMA_RUN for the rest of the input stream.
+	 */
+	if (s->lzma2.sequence != SEQ_LZMA_RUN) {
+		if (s->lzma2.sequence == SEQ_PROPERTIES) {
+			/* One byte is needed for the props. */
+			if (b->in_pos >= b->in_size)
+				return XZ_OK;
+
+			/*
+			 * Don't increment b->in_pos here. The same byte is
+			 * also passed to rc_read_init() which will ignore it.
+			 */
+			if (!lzma_props(s, ~b->in[b->in_pos]))
+				return XZ_DATA_ERROR;
+
+			s->lzma2.sequence = SEQ_LZMA_PREPARE;
+		}
+
+		/*
+		 * xz_dec_microlzma_reset() doesn't validate the compressed
+		 * size so we do it here. We have to limit the maximum size
+		 * to avoid integer overflows in lzma2_lzma(). 3 GiB is a nice
+		 * round number and much more than users of this code should
+		 * ever need.
+		 */
+		if (s->lzma2.compressed < RC_INIT_BYTES
+				|| s->lzma2.compressed > (3U << 30))
+			return XZ_DATA_ERROR;
+
+		if (!rc_read_init(&s->rc, b))
+			return XZ_OK;
+
+		s->lzma2.compressed -= RC_INIT_BYTES;
+		s->lzma2.sequence = SEQ_LZMA_RUN;
+
+		dict_reset(&s->dict, b);
+	}
+
+	/* This is to allow increasing b->out_size between calls. */
+	if (DEC_IS_SINGLE(s->dict.mode))
+		s->dict.end = b->out_size - b->out_pos;
+
+	while (true) {
+		dict_limit(&s->dict, min_t(size_t, b->out_size - b->out_pos,
+					   s->lzma2.uncompressed));
+
+		if (!lzma2_lzma(s, b))
+			return XZ_DATA_ERROR;
+
+		s->lzma2.uncompressed -= dict_flush(&s->dict, b);
+
+		if (s->lzma2.uncompressed == 0) {
+			if (s->lzma2.pedantic_microlzma) {
+				if (s->lzma2.compressed > 0 || s->lzma.len > 0
+						|| !rc_is_finished(&s->rc))
+					return XZ_DATA_ERROR;
+			}
+
+			return XZ_STREAM_END;
+		}
+
+		if (b->out_pos == b->out_size)
+			return XZ_OK;
+
+		if (b->in_pos == b->in_size
+				&& s->temp.size < s->lzma2.compressed)
+			return XZ_OK;
+	}
+}
+
+struct xz_dec_microlzma *xz_dec_microlzma_alloc(enum xz_mode mode,
+						uint32_t dict_size)
+{
+	struct xz_dec_microlzma *s;
+
+	/* Restrict dict_size to the same range as in the LZMA2 code. */
+	if (dict_size < 4096 || dict_size > (3U << 30))
+		return NULL;
+
+	s = kmalloc(sizeof(*s), GFP_KERNEL);
+	if (s == NULL)
+		return NULL;
+
+	s->s.dict.mode = mode;
+	s->s.dict.size = dict_size;
+
+	if (DEC_IS_MULTI(mode)) {
+		s->s.dict.end = dict_size;
+
+		s->s.dict.buf = vmalloc(dict_size);
+		if (s->s.dict.buf == NULL) {
+			kfree(s);
+			return NULL;
+		}
+	}
+
+	return s;
+}
+
+void xz_dec_microlzma_reset(struct xz_dec_microlzma *s, uint32_t comp_size,
+			    uint32_t uncomp_size, int uncomp_size_is_exact)
+{
+	/*
+	 * comp_size is validated in xz_dec_microlzma_run().
+	 * uncomp_size can safely be anything.
+	 */
+	s->s.lzma2.compressed = comp_size;
+	s->s.lzma2.uncompressed = uncomp_size;
+	s->s.lzma2.pedantic_microlzma = uncomp_size_is_exact;
+
+	s->s.lzma2.sequence = SEQ_PROPERTIES;
+	s->s.temp.size = 0;
+}
+
+void xz_dec_microlzma_end(struct xz_dec_microlzma *s)
+{
+	if (DEC_IS_MULTI(s->s.dict.mode))
+		vfree(s->s.dict.buf);
+
+	kfree(s);
+}
+#endif
diff --git a/xz/xz_dec_stream.c b/xz/xz_dec_stream.c
index f69581b..2c41f5f 100644
--- a/xz/xz_dec_stream.c
+++ b/xz/xz_dec_stream.c
@@ -35,7 +35,8 @@
    	SEQ_INDEX,
    	SEQ_INDEX_PADDING,
    	SEQ_INDEX_CRC32,
-		SEQ_STREAM_FOOTER
+		SEQ_STREAM_FOOTER,
+		SEQ_STREAM_PADDING
    } sequence;
/* Position in variable-length integers and Check fields */
@@ -423,12 +424,12 @@
     * check types too, but then the check won't be verified and
     * a warning (XZ_UNSUPPORTED_CHECK) will be given.
     */
+	if (s->temp.buf[HEADER_MAGIC_SIZE + 1] > XZ_CHECK_MAX)
+		return XZ_OPTIONS_ERROR;
+
    s->check_type = s->temp.buf[HEADER_MAGIC_SIZE + 1];
#ifdef XZ_DEC_ANY_CHECK
-	if (s->check_type > XZ_CHECK_MAX)
-		return XZ_OPTIONS_ERROR;
-
    if (s->check_type > XZ_CHECK_CRC32 && !IS_CRC64(s->check_type))
    	return XZ_UNSUPPORTED_CHECK;
 #else
@@ -742,6 +743,10 @@
    			return XZ_OK;
return dec_stream_footer(s);
+
+		case SEQ_STREAM_PADDING:
+			/* Never reached, only silencing a warning */
+			break;
    	}
    }
@@ -809,6 +814,79 @@
    return ret;
 }
+#ifdef XZ_DEC_CONCATENATED
+XZ_EXTERN enum xz_ret xz_dec_catrun(struct xz_dec *s, struct xz_buf *b,
+				    int finish)
+{
+	enum xz_ret ret;
+
+	if (DEC_IS_SINGLE(s->mode)) {
+		xz_dec_reset(s);
+		finish = true;
+	}
+
+	while (true) {
+		if (s->sequence == SEQ_STREAM_PADDING) {
+			/*
+			 * Skip Stream Padding. Its size must be a multiple
+			 * of four bytes which is tracked with s->pos.
+			 */
+			while (true) {
+				if (b->in_pos == b->in_size) {
+					/*
+					 * Note that if we are repeatedly
+					 * given no input and finish is false,
+					 * we will keep returning XZ_OK even
+					 * though no progress is being made.
+					 * The lack of XZ_BUF_ERROR support
+					 * isn't a problem here because a
+					 * reasonable caller will eventually
+					 * provide more input or set finish
+					 * to true.
+					 */
+					if (!finish)
+						return XZ_OK;
+
+					if (s->pos != 0)
+						return XZ_DATA_ERROR;
+
+					return XZ_STREAM_END;
+				}
+
+				if (b->in[b->in_pos] != 0x00) {
+					if (s->pos != 0)
+						return XZ_DATA_ERROR;
+
+					break;
+				}
+
+				++b->in_pos;
+				s->pos = (s->pos + 1) & 3;
+			}
+
+			/*
+			 * More input remains. It should be a new Stream.
+			 *
+			 * In single-call mode xz_dec_run() will always call
+			 * xz_dec_reset(). Thus, we need to do it here only
+			 * in multi-call mode.
+			 */
+			if (DEC_IS_MULTI(s->mode))
+				xz_dec_reset(s);
+		}
+
+		ret = xz_dec_run(s, b);
+
+		if (ret != XZ_STREAM_END)
+			break;
+
+		s->sequence = SEQ_STREAM_PADDING;
+	}
+
+	return ret;
+}
+#endif
+
 XZ_EXTERN struct xz_dec *xz_dec_init(enum xz_mode mode, uint32_t dict_max)
 {
    struct xz_dec *s = kmalloc(sizeof(*s), GFP_KERNEL);
diff --git a/xz/xz_private.h b/xz/xz_private.h
index 482b90f..d9fd49b 100644
--- a/xz/xz_private.h
+++ b/xz/xz_private.h
@@ -37,6 +37,9 @@
 #		ifdef CONFIG_XZ_DEC_SPARC
 #			define XZ_DEC_SPARC
 #		endif
+#		ifdef CONFIG_XZ_DEC_MICROLZMA
+#			define XZ_DEC_MICROLZMA
+#		endif
 #		define memeq(a, b, size) (memcmp(a, b, size) == 0)
 #		define memzero(buf, size) memset(buf, 0, size)
 #	endif
-- 
To view, visit https://review.coreboot.org/c/em100/+/58424
To unsubscribe, or for help writing mail filters, visit https://review.coreboot.org/settings

Gerrit-Project: em100
Gerrit-Branch: master
Gerrit-Change-Id: I8b5b47cab91630934fc6fd358fe9147826b0c450
Gerrit-Change-Number: 58424
Gerrit-PatchSet: 1
Gerrit-Owner: Patrick Georgi pgeorgi@google.com
Gerrit-MessageType: newchange



    