1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun * LZO1X Decompressor from LZO
4*4882a593Smuzhiyun *
5*4882a593Smuzhiyun * Copyright (C) 1996-2012 Markus F.X.J. Oberhumer <markus@oberhumer.com>
6*4882a593Smuzhiyun *
7*4882a593Smuzhiyun * The full LZO package can be found at:
8*4882a593Smuzhiyun * http://www.oberhumer.com/opensource/lzo/
9*4882a593Smuzhiyun *
10*4882a593Smuzhiyun * Changed for Linux kernel use by:
11*4882a593Smuzhiyun * Nitin Gupta <nitingupta910@gmail.com>
12*4882a593Smuzhiyun * Richard Purdie <rpurdie@openedhand.com>
13*4882a593Smuzhiyun */
14*4882a593Smuzhiyun
15*4882a593Smuzhiyun #ifndef STATIC
16*4882a593Smuzhiyun #include <linux/module.h>
17*4882a593Smuzhiyun #include <linux/kernel.h>
18*4882a593Smuzhiyun #endif
19*4882a593Smuzhiyun #include <asm/unaligned.h>
20*4882a593Smuzhiyun #include <linux/lzo.h>
21*4882a593Smuzhiyun #include "lzodefs.h"
22*4882a593Smuzhiyun
23*4882a593Smuzhiyun #define HAVE_IP(x) ((size_t)(ip_end - ip) >= (size_t)(x))
24*4882a593Smuzhiyun #define HAVE_OP(x) ((size_t)(op_end - op) >= (size_t)(x))
25*4882a593Smuzhiyun #define NEED_IP(x) if (!HAVE_IP(x)) goto input_overrun
26*4882a593Smuzhiyun #define NEED_OP(x) if (!HAVE_OP(x)) goto output_overrun
27*4882a593Smuzhiyun #define TEST_LB(m_pos) if ((m_pos) < out) goto lookbehind_overrun
28*4882a593Smuzhiyun
29*4882a593Smuzhiyun /* This MAX_255_COUNT is the maximum number of times we can add 255 to a base
30*4882a593Smuzhiyun * count without overflowing an integer. The multiply will overflow when
31*4882a593Smuzhiyun * multiplying 255 by more than MAXINT/255. The sum will overflow earlier
32*4882a593Smuzhiyun * depending on the base count. Since the base count is taken from a u8
33*4882a593Smuzhiyun * and a few bits, it is safe to assume that it will always be lower than
34*4882a593Smuzhiyun * or equal to 2*255, thus we can always prevent any overflow by accepting
35*4882a593Smuzhiyun * two less 255 steps. See Documentation/staging/lzo.rst for more information.
36*4882a593Smuzhiyun */
37*4882a593Smuzhiyun #define MAX_255_COUNT ((((size_t)~0) / 255) - 2)
38*4882a593Smuzhiyun
lzo1x_decompress_safe(const unsigned char * in,size_t in_len,unsigned char * out,size_t * out_len)39*4882a593Smuzhiyun int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
40*4882a593Smuzhiyun unsigned char *out, size_t *out_len)
41*4882a593Smuzhiyun {
42*4882a593Smuzhiyun unsigned char *op;
43*4882a593Smuzhiyun const unsigned char *ip;
44*4882a593Smuzhiyun size_t t, next;
45*4882a593Smuzhiyun size_t state = 0;
46*4882a593Smuzhiyun const unsigned char *m_pos;
47*4882a593Smuzhiyun const unsigned char * const ip_end = in + in_len;
48*4882a593Smuzhiyun unsigned char * const op_end = out + *out_len;
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun unsigned char bitstream_version;
51*4882a593Smuzhiyun
52*4882a593Smuzhiyun op = out;
53*4882a593Smuzhiyun ip = in;
54*4882a593Smuzhiyun
55*4882a593Smuzhiyun if (unlikely(in_len < 3))
56*4882a593Smuzhiyun goto input_overrun;
57*4882a593Smuzhiyun
58*4882a593Smuzhiyun if (likely(in_len >= 5) && likely(*ip == 17)) {
59*4882a593Smuzhiyun bitstream_version = ip[1];
60*4882a593Smuzhiyun ip += 2;
61*4882a593Smuzhiyun } else {
62*4882a593Smuzhiyun bitstream_version = 0;
63*4882a593Smuzhiyun }
64*4882a593Smuzhiyun
65*4882a593Smuzhiyun if (*ip > 17) {
66*4882a593Smuzhiyun t = *ip++ - 17;
67*4882a593Smuzhiyun if (t < 4) {
68*4882a593Smuzhiyun next = t;
69*4882a593Smuzhiyun goto match_next;
70*4882a593Smuzhiyun }
71*4882a593Smuzhiyun goto copy_literal_run;
72*4882a593Smuzhiyun }
73*4882a593Smuzhiyun
74*4882a593Smuzhiyun for (;;) {
75*4882a593Smuzhiyun t = *ip++;
76*4882a593Smuzhiyun if (t < 16) {
77*4882a593Smuzhiyun if (likely(state == 0)) {
78*4882a593Smuzhiyun if (unlikely(t == 0)) {
79*4882a593Smuzhiyun size_t offset;
80*4882a593Smuzhiyun const unsigned char *ip_last = ip;
81*4882a593Smuzhiyun
82*4882a593Smuzhiyun while (unlikely(*ip == 0)) {
83*4882a593Smuzhiyun ip++;
84*4882a593Smuzhiyun NEED_IP(1);
85*4882a593Smuzhiyun }
86*4882a593Smuzhiyun offset = ip - ip_last;
87*4882a593Smuzhiyun if (unlikely(offset > MAX_255_COUNT))
88*4882a593Smuzhiyun return LZO_E_ERROR;
89*4882a593Smuzhiyun
90*4882a593Smuzhiyun offset = (offset << 8) - offset;
91*4882a593Smuzhiyun t += offset + 15 + *ip++;
92*4882a593Smuzhiyun }
93*4882a593Smuzhiyun t += 3;
94*4882a593Smuzhiyun copy_literal_run:
95*4882a593Smuzhiyun #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
96*4882a593Smuzhiyun if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) {
97*4882a593Smuzhiyun const unsigned char *ie = ip + t;
98*4882a593Smuzhiyun unsigned char *oe = op + t;
99*4882a593Smuzhiyun do {
100*4882a593Smuzhiyun COPY8(op, ip);
101*4882a593Smuzhiyun op += 8;
102*4882a593Smuzhiyun ip += 8;
103*4882a593Smuzhiyun COPY8(op, ip);
104*4882a593Smuzhiyun op += 8;
105*4882a593Smuzhiyun ip += 8;
106*4882a593Smuzhiyun } while (ip < ie);
107*4882a593Smuzhiyun ip = ie;
108*4882a593Smuzhiyun op = oe;
109*4882a593Smuzhiyun } else
110*4882a593Smuzhiyun #endif
111*4882a593Smuzhiyun {
112*4882a593Smuzhiyun NEED_OP(t);
113*4882a593Smuzhiyun NEED_IP(t + 3);
114*4882a593Smuzhiyun do {
115*4882a593Smuzhiyun *op++ = *ip++;
116*4882a593Smuzhiyun } while (--t > 0);
117*4882a593Smuzhiyun }
118*4882a593Smuzhiyun state = 4;
119*4882a593Smuzhiyun continue;
120*4882a593Smuzhiyun } else if (state != 4) {
121*4882a593Smuzhiyun next = t & 3;
122*4882a593Smuzhiyun m_pos = op - 1;
123*4882a593Smuzhiyun m_pos -= t >> 2;
124*4882a593Smuzhiyun m_pos -= *ip++ << 2;
125*4882a593Smuzhiyun TEST_LB(m_pos);
126*4882a593Smuzhiyun NEED_OP(2);
127*4882a593Smuzhiyun op[0] = m_pos[0];
128*4882a593Smuzhiyun op[1] = m_pos[1];
129*4882a593Smuzhiyun op += 2;
130*4882a593Smuzhiyun goto match_next;
131*4882a593Smuzhiyun } else {
132*4882a593Smuzhiyun next = t & 3;
133*4882a593Smuzhiyun m_pos = op - (1 + M2_MAX_OFFSET);
134*4882a593Smuzhiyun m_pos -= t >> 2;
135*4882a593Smuzhiyun m_pos -= *ip++ << 2;
136*4882a593Smuzhiyun t = 3;
137*4882a593Smuzhiyun }
138*4882a593Smuzhiyun } else if (t >= 64) {
139*4882a593Smuzhiyun next = t & 3;
140*4882a593Smuzhiyun m_pos = op - 1;
141*4882a593Smuzhiyun m_pos -= (t >> 2) & 7;
142*4882a593Smuzhiyun m_pos -= *ip++ << 3;
143*4882a593Smuzhiyun t = (t >> 5) - 1 + (3 - 1);
144*4882a593Smuzhiyun } else if (t >= 32) {
145*4882a593Smuzhiyun t = (t & 31) + (3 - 1);
146*4882a593Smuzhiyun if (unlikely(t == 2)) {
147*4882a593Smuzhiyun size_t offset;
148*4882a593Smuzhiyun const unsigned char *ip_last = ip;
149*4882a593Smuzhiyun
150*4882a593Smuzhiyun while (unlikely(*ip == 0)) {
151*4882a593Smuzhiyun ip++;
152*4882a593Smuzhiyun NEED_IP(1);
153*4882a593Smuzhiyun }
154*4882a593Smuzhiyun offset = ip - ip_last;
155*4882a593Smuzhiyun if (unlikely(offset > MAX_255_COUNT))
156*4882a593Smuzhiyun return LZO_E_ERROR;
157*4882a593Smuzhiyun
158*4882a593Smuzhiyun offset = (offset << 8) - offset;
159*4882a593Smuzhiyun t += offset + 31 + *ip++;
160*4882a593Smuzhiyun NEED_IP(2);
161*4882a593Smuzhiyun }
162*4882a593Smuzhiyun m_pos = op - 1;
163*4882a593Smuzhiyun next = get_unaligned_le16(ip);
164*4882a593Smuzhiyun ip += 2;
165*4882a593Smuzhiyun m_pos -= next >> 2;
166*4882a593Smuzhiyun next &= 3;
167*4882a593Smuzhiyun } else {
168*4882a593Smuzhiyun NEED_IP(2);
169*4882a593Smuzhiyun next = get_unaligned_le16(ip);
170*4882a593Smuzhiyun if (((next & 0xfffc) == 0xfffc) &&
171*4882a593Smuzhiyun ((t & 0xf8) == 0x18) &&
172*4882a593Smuzhiyun likely(bitstream_version)) {
173*4882a593Smuzhiyun NEED_IP(3);
174*4882a593Smuzhiyun t &= 7;
175*4882a593Smuzhiyun t |= ip[2] << 3;
176*4882a593Smuzhiyun t += MIN_ZERO_RUN_LENGTH;
177*4882a593Smuzhiyun NEED_OP(t);
178*4882a593Smuzhiyun memset(op, 0, t);
179*4882a593Smuzhiyun op += t;
180*4882a593Smuzhiyun next &= 3;
181*4882a593Smuzhiyun ip += 3;
182*4882a593Smuzhiyun goto match_next;
183*4882a593Smuzhiyun } else {
184*4882a593Smuzhiyun m_pos = op;
185*4882a593Smuzhiyun m_pos -= (t & 8) << 11;
186*4882a593Smuzhiyun t = (t & 7) + (3 - 1);
187*4882a593Smuzhiyun if (unlikely(t == 2)) {
188*4882a593Smuzhiyun size_t offset;
189*4882a593Smuzhiyun const unsigned char *ip_last = ip;
190*4882a593Smuzhiyun
191*4882a593Smuzhiyun while (unlikely(*ip == 0)) {
192*4882a593Smuzhiyun ip++;
193*4882a593Smuzhiyun NEED_IP(1);
194*4882a593Smuzhiyun }
195*4882a593Smuzhiyun offset = ip - ip_last;
196*4882a593Smuzhiyun if (unlikely(offset > MAX_255_COUNT))
197*4882a593Smuzhiyun return LZO_E_ERROR;
198*4882a593Smuzhiyun
199*4882a593Smuzhiyun offset = (offset << 8) - offset;
200*4882a593Smuzhiyun t += offset + 7 + *ip++;
201*4882a593Smuzhiyun NEED_IP(2);
202*4882a593Smuzhiyun next = get_unaligned_le16(ip);
203*4882a593Smuzhiyun }
204*4882a593Smuzhiyun ip += 2;
205*4882a593Smuzhiyun m_pos -= next >> 2;
206*4882a593Smuzhiyun next &= 3;
207*4882a593Smuzhiyun if (m_pos == op)
208*4882a593Smuzhiyun goto eof_found;
209*4882a593Smuzhiyun m_pos -= 0x4000;
210*4882a593Smuzhiyun }
211*4882a593Smuzhiyun }
212*4882a593Smuzhiyun TEST_LB(m_pos);
213*4882a593Smuzhiyun #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
214*4882a593Smuzhiyun if (op - m_pos >= 8) {
215*4882a593Smuzhiyun unsigned char *oe = op + t;
216*4882a593Smuzhiyun if (likely(HAVE_OP(t + 15))) {
217*4882a593Smuzhiyun do {
218*4882a593Smuzhiyun COPY8(op, m_pos);
219*4882a593Smuzhiyun op += 8;
220*4882a593Smuzhiyun m_pos += 8;
221*4882a593Smuzhiyun COPY8(op, m_pos);
222*4882a593Smuzhiyun op += 8;
223*4882a593Smuzhiyun m_pos += 8;
224*4882a593Smuzhiyun } while (op < oe);
225*4882a593Smuzhiyun op = oe;
226*4882a593Smuzhiyun if (HAVE_IP(6)) {
227*4882a593Smuzhiyun state = next;
228*4882a593Smuzhiyun COPY4(op, ip);
229*4882a593Smuzhiyun op += next;
230*4882a593Smuzhiyun ip += next;
231*4882a593Smuzhiyun continue;
232*4882a593Smuzhiyun }
233*4882a593Smuzhiyun } else {
234*4882a593Smuzhiyun NEED_OP(t);
235*4882a593Smuzhiyun do {
236*4882a593Smuzhiyun *op++ = *m_pos++;
237*4882a593Smuzhiyun } while (op < oe);
238*4882a593Smuzhiyun }
239*4882a593Smuzhiyun } else
240*4882a593Smuzhiyun #endif
241*4882a593Smuzhiyun {
242*4882a593Smuzhiyun unsigned char *oe = op + t;
243*4882a593Smuzhiyun NEED_OP(t);
244*4882a593Smuzhiyun op[0] = m_pos[0];
245*4882a593Smuzhiyun op[1] = m_pos[1];
246*4882a593Smuzhiyun op += 2;
247*4882a593Smuzhiyun m_pos += 2;
248*4882a593Smuzhiyun do {
249*4882a593Smuzhiyun *op++ = *m_pos++;
250*4882a593Smuzhiyun } while (op < oe);
251*4882a593Smuzhiyun }
252*4882a593Smuzhiyun match_next:
253*4882a593Smuzhiyun state = next;
254*4882a593Smuzhiyun t = next;
255*4882a593Smuzhiyun #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
256*4882a593Smuzhiyun if (likely(HAVE_IP(6) && HAVE_OP(4))) {
257*4882a593Smuzhiyun COPY4(op, ip);
258*4882a593Smuzhiyun op += t;
259*4882a593Smuzhiyun ip += t;
260*4882a593Smuzhiyun } else
261*4882a593Smuzhiyun #endif
262*4882a593Smuzhiyun {
263*4882a593Smuzhiyun NEED_IP(t + 3);
264*4882a593Smuzhiyun NEED_OP(t);
265*4882a593Smuzhiyun while (t > 0) {
266*4882a593Smuzhiyun *op++ = *ip++;
267*4882a593Smuzhiyun t--;
268*4882a593Smuzhiyun }
269*4882a593Smuzhiyun }
270*4882a593Smuzhiyun }
271*4882a593Smuzhiyun
272*4882a593Smuzhiyun eof_found:
273*4882a593Smuzhiyun *out_len = op - out;
274*4882a593Smuzhiyun return (t != 3 ? LZO_E_ERROR :
275*4882a593Smuzhiyun ip == ip_end ? LZO_E_OK :
276*4882a593Smuzhiyun ip < ip_end ? LZO_E_INPUT_NOT_CONSUMED : LZO_E_INPUT_OVERRUN);
277*4882a593Smuzhiyun
278*4882a593Smuzhiyun input_overrun:
279*4882a593Smuzhiyun *out_len = op - out;
280*4882a593Smuzhiyun return LZO_E_INPUT_OVERRUN;
281*4882a593Smuzhiyun
282*4882a593Smuzhiyun output_overrun:
283*4882a593Smuzhiyun *out_len = op - out;
284*4882a593Smuzhiyun return LZO_E_OUTPUT_OVERRUN;
285*4882a593Smuzhiyun
286*4882a593Smuzhiyun lookbehind_overrun:
287*4882a593Smuzhiyun *out_len = op - out;
288*4882a593Smuzhiyun return LZO_E_LOOKBEHIND_OVERRUN;
289*4882a593Smuzhiyun }
290*4882a593Smuzhiyun #ifndef STATIC
291*4882a593Smuzhiyun EXPORT_SYMBOL_GPL(lzo1x_decompress_safe);
292*4882a593Smuzhiyun
293*4882a593Smuzhiyun MODULE_LICENSE("GPL");
294*4882a593Smuzhiyun MODULE_DESCRIPTION("LZO1X Decompressor");
295*4882a593Smuzhiyun
296*4882a593Smuzhiyun #endif
297