blob: 1ae076e3359cd81b7475bea21698bbf58cbe4a1c
1 | /* |
2 | * LZO 1x decompression |
3 | * Copyright (c) 2006 Reimar Doeffinger |
4 | * |
5 | * This file is part of FFmpeg. |
6 | * |
7 | * FFmpeg is free software; you can redistribute it and/or |
8 | * modify it under the terms of the GNU Lesser General Public |
9 | * License as published by the Free Software Foundation; either |
10 | * version 2.1 of the License, or (at your option) any later version. |
11 | * |
12 | * FFmpeg is distributed in the hope that it will be useful, |
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
15 | * Lesser General Public License for more details. |
16 | * |
17 | * You should have received a copy of the GNU Lesser General Public |
18 | * License along with FFmpeg; if not, write to the Free Software |
19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
20 | */ |
21 | |
22 | #include <string.h> |
23 | |
24 | #include "avutil.h" |
25 | #include "avassert.h" |
26 | #include "common.h" |
27 | #include "intreadwrite.h" |
28 | #include "lzo.h" |
29 | |
30 | /// Define if we may write up to 12 bytes beyond the output buffer. |
31 | #define OUTBUF_PADDED 1 |
32 | /// Define if we may read up to 8 bytes beyond the input buffer. |
33 | #define INBUF_PADDED 1 |
34 | |
35 | typedef struct LZOContext { |
36 | const uint8_t *in, *in_end; |
37 | uint8_t *out_start, *out, *out_end; |
38 | int error; |
39 | } LZOContext; |
40 | |
41 | /** |
42 | * @brief Reads one byte from the input buffer, avoiding an overrun. |
43 | * @return byte read |
44 | */ |
45 | static inline int get_byte(LZOContext *c) |
46 | { |
47 | if (c->in < c->in_end) |
48 | return *c->in++; |
49 | c->error |= AV_LZO_INPUT_DEPLETED; |
50 | return 1; |
51 | } |
52 | |
53 | #ifdef INBUF_PADDED |
54 | #define GETB(c) (*(c).in++) |
55 | #else |
56 | #define GETB(c) get_byte(&(c)) |
57 | #endif |
58 | |
59 | /** |
60 | * @brief Decodes a length value in the coding used by lzo. |
61 | * @param x previous byte value |
62 | * @param mask bits used from x |
63 | * @return decoded length value |
64 | */ |
65 | static inline int get_len(LZOContext *c, int x, int mask) |
66 | { |
67 | int cnt = x & mask; |
68 | if (!cnt) { |
69 | while (!(x = get_byte(c))) { |
70 | if (cnt >= INT_MAX - 1000) { |
71 | c->error |= AV_LZO_ERROR; |
72 | break; |
73 | } |
74 | cnt += 255; |
75 | } |
76 | cnt += mask + x; |
77 | } |
78 | return cnt; |
79 | } |
80 | |
81 | /** |
82 | * @brief Copies bytes from input to output buffer with checking. |
83 | * @param cnt number of bytes to copy, must be >= 0 |
84 | */ |
85 | static inline void copy(LZOContext *c, int cnt) |
86 | { |
87 | register const uint8_t *src = c->in; |
88 | register uint8_t *dst = c->out; |
89 | av_assert0(cnt >= 0); |
90 | if (cnt > c->in_end - src) { |
91 | cnt = FFMAX(c->in_end - src, 0); |
92 | c->error |= AV_LZO_INPUT_DEPLETED; |
93 | } |
94 | if (cnt > c->out_end - dst) { |
95 | cnt = FFMAX(c->out_end - dst, 0); |
96 | c->error |= AV_LZO_OUTPUT_FULL; |
97 | } |
98 | #if defined(INBUF_PADDED) && defined(OUTBUF_PADDED) |
99 | AV_COPY32U(dst, src); |
100 | src += 4; |
101 | dst += 4; |
102 | cnt -= 4; |
103 | if (cnt > 0) |
104 | #endif |
105 | memcpy(dst, src, cnt); |
106 | c->in = src + cnt; |
107 | c->out = dst + cnt; |
108 | } |
109 | |
110 | /** |
111 | * @brief Copies previously decoded bytes to current position. |
112 | * @param back how many bytes back we start, must be > 0 |
113 | * @param cnt number of bytes to copy, must be > 0 |
114 | * |
115 | * cnt > back is valid, this will copy the bytes we just copied, |
116 | * thus creating a repeating pattern with a period length of back. |
117 | */ |
118 | static inline void copy_backptr(LZOContext *c, int back, int cnt) |
119 | { |
120 | register uint8_t *dst = c->out; |
121 | av_assert0(cnt > 0); |
122 | if (dst - c->out_start < back) { |
123 | c->error |= AV_LZO_INVALID_BACKPTR; |
124 | return; |
125 | } |
126 | if (cnt > c->out_end - dst) { |
127 | cnt = FFMAX(c->out_end - dst, 0); |
128 | c->error |= AV_LZO_OUTPUT_FULL; |
129 | } |
130 | av_memcpy_backptr(dst, back, cnt); |
131 | c->out = dst + cnt; |
132 | } |
133 | |
134 | int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen) |
135 | { |
136 | int state = 0; |
137 | int x; |
138 | LZOContext c; |
139 | if (*outlen <= 0 || *inlen <= 0) { |
140 | int res = 0; |
141 | if (*outlen <= 0) |
142 | res |= AV_LZO_OUTPUT_FULL; |
143 | if (*inlen <= 0) |
144 | res |= AV_LZO_INPUT_DEPLETED; |
145 | return res; |
146 | } |
147 | c.in = in; |
148 | c.in_end = (const uint8_t *)in + *inlen; |
149 | c.out = c.out_start = out; |
150 | c.out_end = (uint8_t *)out + *outlen; |
151 | c.error = 0; |
152 | x = GETB(c); |
153 | if (x > 17) { |
154 | copy(&c, x - 17); |
155 | x = GETB(c); |
156 | if (x < 16) |
157 | c.error |= AV_LZO_ERROR; |
158 | } |
159 | if (c.in > c.in_end) |
160 | c.error |= AV_LZO_INPUT_DEPLETED; |
161 | while (!c.error) { |
162 | int cnt, back; |
163 | if (x > 15) { |
164 | if (x > 63) { |
165 | cnt = (x >> 5) - 1; |
166 | back = (GETB(c) << 3) + ((x >> 2) & 7) + 1; |
167 | } else if (x > 31) { |
168 | cnt = get_len(&c, x, 31); |
169 | x = GETB(c); |
170 | back = (GETB(c) << 6) + (x >> 2) + 1; |
171 | } else { |
172 | cnt = get_len(&c, x, 7); |
173 | back = (1 << 14) + ((x & 8) << 11); |
174 | x = GETB(c); |
175 | back += (GETB(c) << 6) + (x >> 2); |
176 | if (back == (1 << 14)) { |
177 | if (cnt != 1) |
178 | c.error |= AV_LZO_ERROR; |
179 | break; |
180 | } |
181 | } |
182 | } else if (!state) { |
183 | cnt = get_len(&c, x, 15); |
184 | copy(&c, cnt + 3); |
185 | x = GETB(c); |
186 | if (x > 15) |
187 | continue; |
188 | cnt = 1; |
189 | back = (1 << 11) + (GETB(c) << 2) + (x >> 2) + 1; |
190 | } else { |
191 | cnt = 0; |
192 | back = (GETB(c) << 2) + (x >> 2) + 1; |
193 | } |
194 | copy_backptr(&c, back, cnt + 2); |
195 | state = |
196 | cnt = x & 3; |
197 | copy(&c, cnt); |
198 | x = GETB(c); |
199 | } |
200 | *inlen = c.in_end - c.in; |
201 | if (c.in > c.in_end) |
202 | *inlen = 0; |
203 | *outlen = c.out_end - c.out; |
204 | return c.error; |
205 | } |
206 |