wok-current view linux/stuff/linux-unlzma-2.6.30.6.u @ rev 4746
Up: libmodplug* (0.8.7). Security fix.
author | Eric Joseph-Alexandre <erjo@slitaz.org> |
---|---|
date | Fri Jan 08 11:35:58 2010 +0100 (2010-01-08) |
parents | |
children |
line source
1 --- linux-2.6.30.4/init/initramfs.c
2 +++ linux-2.6.30.4/init/initramfs.c
3 @@ -425,7 +425,8 @@
4 return len - count;
5 }
7 -static int __init flush_buffer(void *bufv, unsigned len)
8 +#define flush_buffer cpio_flush_buffer
9 +int __init flush_buffer(void *bufv, unsigned len)
10 {
11 char *buf = (char *) bufv;
12 int written;
14 --- linux-2.6.30.4/lib/decompress_unlzma.c
15 +++ linux-2.6.30.4/lib/decompress_unlzma.c
16 @@ -278,6 +278,10 @@
17 size_t global_pos;
18 int(*flush)(void*, unsigned int);
19 struct lzma_header *header;
20 + int is_cpio_flush;
21 + uint8_t **buffer_index;
22 + int next_index;
23 + int max_index;
24 };
26 struct cstate {
27 @@ -294,6 +298,14 @@
28 static inline uint8_t INIT peek_old_byte(struct writer *wr,
29 uint32_t offs)
30 {
31 + if (wr->is_cpio_flush) {
32 + int32_t pos;
33 + while (offs > wr->header->dict_size)
34 + offs -= wr->header->dict_size;
35 + pos = wr->buffer_pos - offs;
36 + return wr->buffer_index[pos / LZMA_IOBUF_SIZE]
37 + [pos % LZMA_IOBUF_SIZE];
38 + }
39 if (!wr->flush) {
40 int32_t pos;
41 while (offs > wr->header->dict_size)
42 @@ -309,8 +321,41 @@
44 }
46 +static inline void INIT write_byte_if_cpio(struct writer *wr, uint8_t byte)
47 +{
48 + if (wr->buffer_pos % LZMA_IOBUF_SIZE == 0) {
49 + // if the following large_malloc fails, the initramfs
50 + // whould not be load with is_cpio_flush forced 0 too.
51 + // Remember we do not allocate historic buffer.
52 + // Let's assume it will never fail !
53 + if (wr->next_index >= wr->max_index) {
54 + // realloc wr->buffer_index
55 + uint8_t **p = wr->buffer_index;
56 + wr->buffer_index = (uint8_t **)
57 + large_malloc(LZMA_IOBUF_SIZE +
58 + sizeof(*p) * wr->max_index);
59 + if (wr->max_index) {
60 + memcpy(wr->buffer_index, p,
61 + sizeof(*p) * wr->max_index);
62 + free(p);
63 + }
64 + wr->max_index += LZMA_IOBUF_SIZE / sizeof(*p);
65 + }
66 + wr->buffer_index[wr->next_index++] =
67 + (uint8_t *) large_malloc(LZMA_IOBUF_SIZE);
68 + }
69 + wr->buffer_index[wr->buffer_pos / LZMA_IOBUF_SIZE]
70 + [wr->buffer_pos % LZMA_IOBUF_SIZE] =
71 + wr->previous_byte = byte;
72 + wr->buffer_pos++;
73 +}
74 +
75 static inline void INIT write_byte(struct writer *wr, uint8_t byte)
76 {
77 + if (wr->is_cpio_flush) {
78 + write_byte_if_cpio(wr, byte);
79 + return;
80 + }
81 wr->buffer[wr->buffer_pos++] = wr->previous_byte = byte;
82 if (wr->flush && wr->buffer_pos == wr->header->dict_size) {
83 wr->buffer_pos = 0;
84 @@ -328,7 +373,21 @@
85 static inline void INIT copy_bytes(struct writer *wr,
86 uint32_t rep0, int len)
87 {
88 - do {
89 + if (wr->is_cpio_flush) {
90 + int32_t pos;
91 + uint32_t offs = rep0;
92 + while (offs > wr->header->dict_size)
93 + offs -= wr->header->dict_size;
94 + pos = wr->buffer_pos - offs;
95 + do {
96 + write_byte_if_cpio(wr,
97 + wr->buffer_index[pos / LZMA_IOBUF_SIZE]
98 + [pos % LZMA_IOBUF_SIZE]);
99 + pos++;
100 + len--;
101 + } while (len != 0 && wr->buffer_pos < wr->header->dst_size);
102 + }
103 + else do {
104 copy_byte(wr, rep0);
105 len--;
106 } while (len != 0 && wr->buffer_pos < wr->header->dst_size);
107 @@ -339,6 +398,9 @@
108 int pos_state, uint16_t *prob,
109 int lc, uint32_t literal_pos_mask) {
110 int mi = 1;
111 + static const int state[LZMA_NUM_STATES] =
112 + { 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 4, 5 };
113 +
114 rc_update_bit_0(rc, prob);
115 prob = (p + LZMA_LITERAL +
116 (LZMA_LIT_SIZE
117 @@ -369,18 +431,13 @@
118 rc_get_bit(rc, prob_lit, &mi);
119 }
120 write_byte(wr, mi);
121 - if (cst->state < 4)
122 - cst->state = 0;
123 - else if (cst->state < 10)
124 - cst->state -= 3;
125 - else
126 - cst->state -= 6;
127 + cst->state = state[cst->state];
128 }
130 static inline void INIT process_bit1(struct writer *wr, struct rc *rc,
131 struct cstate *cst, uint16_t *p,
132 int pos_state, uint16_t *prob) {
133 - int offset;
134 + int offset;
135 uint16_t *prob_len;
136 int num_bits;
137 int len;
138 @@ -396,7 +453,7 @@
139 prob = p + LZMA_LEN_CODER;
140 } else {
141 rc_update_bit_1(rc, prob);
142 - prob = p + LZMA_IS_REP_G0 + cst->state;
143 + prob += LZMA_IS_REP_G0 - LZMA_IS_REP;
144 if (rc_is_bit_0(rc, prob)) {
145 rc_update_bit_0(rc, prob);
146 prob = (p + LZMA_IS_REP_0_LONG
147 @@ -417,13 +474,13 @@
148 uint32_t distance;
150 rc_update_bit_1(rc, prob);
151 - prob = p + LZMA_IS_REP_G1 + cst->state;
152 + prob += LZMA_IS_REP_G1 - LZMA_IS_REP_G0;
153 if (rc_is_bit_0(rc, prob)) {
154 rc_update_bit_0(rc, prob);
155 distance = cst->rep1;
156 } else {
157 rc_update_bit_1(rc, prob);
158 - prob = p + LZMA_IS_REP_G2 + cst->state;
159 + prob += LZMA_IS_REP_G2 - LZMA_IS_REP_G1;
160 if (rc_is_bit_0(rc, prob)) {
161 rc_update_bit_0(rc, prob);
162 distance = cst->rep2;
163 @@ -444,24 +501,24 @@
164 prob_len = prob + LZMA_LEN_CHOICE;
165 if (rc_is_bit_0(rc, prob_len)) {
166 rc_update_bit_0(rc, prob_len);
167 - prob_len = (prob + LZMA_LEN_LOW
168 + prob_len += LZMA_LEN_LOW - LZMA_LEN_CHOICE
169 + (pos_state <<
170 - LZMA_LEN_NUM_LOW_BITS));
171 + LZMA_LEN_NUM_LOW_BITS);
172 offset = 0;
173 num_bits = LZMA_LEN_NUM_LOW_BITS;
174 } else {
175 rc_update_bit_1(rc, prob_len);
176 - prob_len = prob + LZMA_LEN_CHOICE_2;
177 + prob_len += LZMA_LEN_CHOICE_2 - LZMA_LEN_CHOICE;
178 if (rc_is_bit_0(rc, prob_len)) {
179 rc_update_bit_0(rc, prob_len);
180 - prob_len = (prob + LZMA_LEN_MID
181 + prob_len += LZMA_LEN_MID - LZMA_LEN_CHOICE_2
182 + (pos_state <<
183 - LZMA_LEN_NUM_MID_BITS));
184 + LZMA_LEN_NUM_MID_BITS);
185 offset = 1 << LZMA_LEN_NUM_LOW_BITS;
186 num_bits = LZMA_LEN_NUM_MID_BITS;
187 } else {
188 rc_update_bit_1(rc, prob_len);
189 - prob_len = prob + LZMA_LEN_HIGH;
190 + prob_len += LZMA_LEN_HIGH - LZMA_LEN_CHOICE_2;
191 offset = ((1 << LZMA_LEN_NUM_LOW_BITS)
192 + (1 << LZMA_LEN_NUM_MID_BITS));
193 num_bits = LZMA_LEN_NUM_HIGH_BITS;
194 @@ -529,6 +586,7 @@
195 void(*error_fn)(char *x)
196 )
197 {
198 + extern int cpio_flush_buffer(void*, unsigned int);
199 struct lzma_header header;
200 int lc, pb, lp;
201 uint32_t pos_state_mask;
202 @@ -563,6 +621,10 @@
203 wr.global_pos = 0;
204 wr.previous_byte = 0;
205 wr.buffer_pos = 0;
206 + wr.is_cpio_flush = 0;
207 + if (flush == cpio_flush_buffer)
208 + wr.is_cpio_flush = 1;
209 + wr.buffer_index = NULL;
211 rc_init(&rc, fill, inbuf, in_len);
213 @@ -596,23 +658,23 @@
214 if (header.dict_size == 0)
215 header.dict_size = 1;
217 - if (output)
218 + if (output || wr.is_cpio_flush)
219 wr.buffer = output;
220 else {
221 wr.bufsize = MIN(header.dst_size, header.dict_size);
222 wr.buffer = large_malloc(wr.bufsize);
223 }
224 - if (wr.buffer == NULL)
225 + if (wr.buffer == NULL && !wr.is_cpio_flush)
226 goto exit_1;
228 num_probs = LZMA_BASE_SIZE + (LZMA_LIT_SIZE << (lc + lp));
229 p = (uint16_t *) large_malloc(num_probs * sizeof(*p));
230 if (p == 0)
231 goto exit_2;
232 - num_probs = LZMA_LITERAL + (LZMA_LIT_SIZE << (lc + lp));
233 + num_probs += LZMA_LITERAL - LZMA_BASE_SIZE;
234 for (i = 0; i < num_probs; i++)
235 p[i] = (1 << RC_MODEL_TOTAL_BITS) >> 1;
236 -
237 + wr.max_index = wr.next_index = 0;
238 rc_init_code(&rc);
240 while (get_pos(&wr) < header.dst_size) {
241 @@ -631,12 +693,25 @@
243 if (posp)
244 *posp = rc.ptr-rc.buffer;
245 - if (wr.flush)
246 + if (wr.is_cpio_flush) {
247 + int i;
248 + for (i = 0; i < wr.next_index -1; i++) {
249 + wr.flush(wr.buffer_index[i], LZMA_IOBUF_SIZE);
250 + large_free(wr.buffer_index[i]);
251 + }
252 + if (i < wr.next_index) {
253 + wr.flush(wr.buffer_index[i],
254 + wr.buffer_pos % LZMA_IOBUF_SIZE);
255 + large_free(wr.buffer_index[i]);
256 + }
257 + large_free(wr.buffer_index);
258 + }
259 + else if (wr.flush)
260 wr.flush(wr.buffer, wr.buffer_pos);
261 ret = 0;
262 large_free(p);
263 exit_2:
264 - if (!output)
265 + if (!output && !wr.is_cpio_flush)
266 large_free(wr.buffer);
267 exit_1:
268 if (!buf)