Lines 162-167
Link Here
|
162 |
unsigned char pt_len[NPT]; |
162 |
unsigned char pt_len[NPT]; |
163 |
unsigned char sub_bit_buf; |
163 |
unsigned char sub_bit_buf; |
164 |
uint16_t pt_table[PTABLESIZE]; |
164 |
uint16_t pt_table[PTABLESIZE]; |
|
|
165 |
int status; |
165 |
} arj_decode_t; |
166 |
} arj_decode_t; |
166 |
|
167 |
|
167 |
static int fill_buf(arj_decode_t *decode_data, int n) |
168 |
static int fill_buf(arj_decode_t *decode_data, int n) |
Lines 172-177
Link Here
|
172 |
if (decode_data->comp_size != 0) { |
173 |
if (decode_data->comp_size != 0) { |
173 |
decode_data->comp_size--; |
174 |
decode_data->comp_size--; |
174 |
if (cli_readn(decode_data->fd, &decode_data->sub_bit_buf, 1) != 1) { |
175 |
if (cli_readn(decode_data->fd, &decode_data->sub_bit_buf, 1) != 1) { |
|
|
176 |
decode_data->status = CL_EIO; |
175 |
return CL_EIO; |
177 |
return CL_EIO; |
176 |
} |
178 |
} |
177 |
} else { |
179 |
} else { |
Lines 230-235
Link Here
|
230 |
for (i = 0; (int)i < nchar; i++) { |
232 |
for (i = 0; (int)i < nchar; i++) { |
231 |
if (bitlen[i] >= 17) { |
233 |
if (bitlen[i] >= 17) { |
232 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
234 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
|
|
235 |
decode_data->status = CL_EARJ; |
233 |
return CL_EARJ; |
236 |
return CL_EARJ; |
234 |
} |
237 |
} |
235 |
count[bitlen[i]]++; |
238 |
count[bitlen[i]]++; |
Lines 240-251
Link Here
|
240 |
start[i+1] = start[i] + (count[i] << (16 - i)); |
243 |
start[i+1] = start[i] + (count[i] << (16 - i)); |
241 |
} |
244 |
} |
242 |
if (start[17] != (unsigned short) (1 << 16)) { |
245 |
if (start[17] != (unsigned short) (1 << 16)) { |
|
|
246 |
decode_data->status = CL_EARJ; |
243 |
return CL_EARJ; |
247 |
return CL_EARJ; |
244 |
} |
248 |
} |
245 |
|
249 |
|
246 |
jutbits = 16 - tablebits; |
250 |
jutbits = 16 - tablebits; |
247 |
if (tablebits >= 17) { |
251 |
if (tablebits >= 17) { |
248 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
252 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
|
|
253 |
decode_data->status = CL_EARJ; |
249 |
return CL_EARJ; |
254 |
return CL_EARJ; |
250 |
} |
255 |
} |
251 |
for (i = 1; (int)i <= tablebits; i++) { |
256 |
for (i = 1; (int)i <= tablebits; i++) { |
Lines 263-268
Link Here
|
263 |
while (i != k) { |
268 |
while (i != k) { |
264 |
if (i >= tablesize) { |
269 |
if (i >= tablesize) { |
265 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
270 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
|
|
271 |
decode_data->status = CL_EARJ; |
266 |
return CL_EARJ; |
272 |
return CL_EARJ; |
267 |
} |
273 |
} |
268 |
table[i++] = 0; |
274 |
table[i++] = 0; |
Lines 277-288
Link Here
|
277 |
} |
283 |
} |
278 |
if (len >= 17) { |
284 |
if (len >= 17) { |
279 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
285 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
|
|
286 |
decode_data->status = CL_EARJ; |
280 |
return CL_EARJ; |
287 |
return CL_EARJ; |
281 |
} |
288 |
} |
282 |
k = start[len]; |
289 |
k = start[len]; |
283 |
nextcode = k + weight[len]; |
290 |
nextcode = k + weight[len]; |
284 |
if ((int)len <= tablebits) { |
291 |
if ((int)len <= tablebits) { |
285 |
if (nextcode > (unsigned int) tablesize) { |
292 |
if (nextcode > (unsigned int) tablesize) { |
|
|
293 |
decode_data->status = CL_EARJ; |
286 |
return CL_EARJ; |
294 |
return CL_EARJ; |
287 |
} |
295 |
} |
288 |
for (i = start[len]; i < nextcode; i++) { |
296 |
for (i = start[len]; i < nextcode; i++) { |
Lines 295-300
Link Here
|
295 |
if (*p == 0) { |
303 |
if (*p == 0) { |
296 |
if (avail >= (2 * NC - 1)) { |
304 |
if (avail >= (2 * NC - 1)) { |
297 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
305 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
|
|
306 |
decode_data->status = CL_EARJ; |
298 |
return CL_EARJ; |
307 |
return CL_EARJ; |
299 |
} |
308 |
} |
300 |
decode_data->right[avail] = decode_data->left[avail] = 0; |
309 |
decode_data->right[avail] = decode_data->left[avail] = 0; |
Lines 302-307
Link Here
|
302 |
} |
311 |
} |
303 |
if (*p >= (2 * NC - 1)) { |
312 |
if (*p >= (2 * NC - 1)) { |
304 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
313 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
|
|
314 |
decode_data->status = CL_EARJ; |
305 |
return CL_EARJ; |
315 |
return CL_EARJ; |
306 |
} |
316 |
} |
307 |
if (k & mask) { |
317 |
if (k & mask) { |
Lines 319-325
Link Here
|
319 |
return CL_SUCCESS; |
329 |
return CL_SUCCESS; |
320 |
} |
330 |
} |
321 |
|
331 |
|
322 |
static void read_pt_len(arj_decode_t *decode_data, int nn, int nbit, int i_special) |
332 |
static int read_pt_len(arj_decode_t *decode_data, int nn, int nbit, int i_special) |
323 |
{ |
333 |
{ |
324 |
int i, n; |
334 |
int i, n; |
325 |
short c; |
335 |
short c; |
Lines 329-335
Link Here
|
329 |
if (n == 0) { |
339 |
if (n == 0) { |
330 |
if (nn > NPT) { |
340 |
if (nn > NPT) { |
331 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
341 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
332 |
return; |
342 |
decode_data->status = CL_EARJ; |
|
|
343 |
return CL_EARJ; |
333 |
} |
344 |
} |
334 |
c = arj_getbits(decode_data, nbit); |
345 |
c = arj_getbits(decode_data, nbit); |
335 |
for (i = 0; i < nn; i++) { |
346 |
for (i = 0; i < nn; i++) { |
Lines 350-358
Link Here
|
350 |
} |
361 |
} |
351 |
} |
362 |
} |
352 |
fill_buf(decode_data, (c < 7) ? 3 : (int)(c - 3)); |
363 |
fill_buf(decode_data, (c < 7) ? 3 : (int)(c - 3)); |
|
|
364 |
if (decode_data->status != CL_SUCCESS) { |
365 |
return decode_data->status; |
366 |
} |
353 |
decode_data->pt_len[i++] = (unsigned char) c; |
367 |
decode_data->pt_len[i++] = (unsigned char) c; |
354 |
if (i == i_special) { |
368 |
if (i == i_special) { |
355 |
c = arj_getbits(decode_data, 2); |
369 |
c = arj_getbits(decode_data, 2); |
|
|
370 |
if (decode_data->status != CL_SUCCESS) { |
371 |
return decode_data->status; |
372 |
} |
356 |
while ((--c >= 0) && (i < NPT)) { |
373 |
while ((--c >= 0) && (i < NPT)) { |
357 |
decode_data->pt_len[i++] = 0; |
374 |
decode_data->pt_len[i++] = 0; |
358 |
} |
375 |
} |
Lines 361-368
Link Here
|
361 |
while ((i < nn) && (i < NPT)) { |
378 |
while ((i < nn) && (i < NPT)) { |
362 |
decode_data->pt_len[i++] = 0; |
379 |
decode_data->pt_len[i++] = 0; |
363 |
} |
380 |
} |
364 |
make_table(decode_data, nn, decode_data->pt_len, 8, decode_data->pt_table, PTABLESIZE); |
381 |
if (make_table(decode_data, nn, decode_data->pt_len, 8, decode_data->pt_table, PTABLESIZE) != CL_SUCCESS) { |
|
|
382 |
return CL_EARJ; |
383 |
} |
365 |
} |
384 |
} |
|
|
385 |
return CL_SUCCESS; |
366 |
} |
386 |
} |
367 |
|
387 |
|
368 |
static int read_c_len(arj_decode_t *decode_data) |
388 |
static int read_c_len(arj_decode_t *decode_data) |
Lines 371-378
Link Here
|
371 |
unsigned short mask; |
391 |
unsigned short mask; |
372 |
|
392 |
|
373 |
n = arj_getbits(decode_data, CBIT); |
393 |
n = arj_getbits(decode_data, CBIT); |
|
|
394 |
if (decode_data->status != CL_SUCCESS) { |
395 |
return decode_data->status; |
396 |
} |
374 |
if (n == 0) { |
397 |
if (n == 0) { |
375 |
c = arj_getbits(decode_data, CBIT); |
398 |
c = arj_getbits(decode_data, CBIT); |
|
|
399 |
if (decode_data->status != CL_SUCCESS) { |
400 |
return decode_data->status; |
401 |
} |
376 |
for (i = 0; i < NC; i++) { |
402 |
for (i = 0; i < NC; i++) { |
377 |
decode_data->c_len[i] = 0; |
403 |
decode_data->c_len[i] = 0; |
378 |
} |
404 |
} |
Lines 388-393
Link Here
|
388 |
do { |
414 |
do { |
389 |
if (c >= (2 * NC - 1)) { |
415 |
if (c >= (2 * NC - 1)) { |
390 |
cli_warnmsg("ERROR: bounds exceeded\n"); |
416 |
cli_warnmsg("ERROR: bounds exceeded\n"); |
|
|
417 |
decode_data->status = CL_EFORMAT; |
391 |
return CL_EFORMAT; |
418 |
return CL_EFORMAT; |
392 |
} |
419 |
} |
393 |
if (decode_data->bit_buf & mask) { |
420 |
if (decode_data->bit_buf & mask) { |
Lines 400-408
Link Here
|
400 |
} |
427 |
} |
401 |
if (c >= 19) { |
428 |
if (c >= 19) { |
402 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
429 |
cli_dbgmsg("UNARJ: bounds exceeded\n"); |
|
|
430 |
decode_data->status = CL_EARJ; |
403 |
return CL_EARJ; |
431 |
return CL_EARJ; |
404 |
} |
432 |
} |
405 |
fill_buf(decode_data, (int)(decode_data->pt_len[c])); |
433 |
fill_buf(decode_data, (int)(decode_data->pt_len[c])); |
|
|
434 |
if (decode_data->status != CL_SUCCESS) { |
435 |
return decode_data->status; |
436 |
} |
406 |
if (c <= 2) { |
437 |
if (c <= 2) { |
407 |
if (c == 0) { |
438 |
if (c == 0) { |
408 |
c = 1; |
439 |
c = 1; |
Lines 411-419
Link Here
|
411 |
} else { |
442 |
} else { |
412 |
c = arj_getbits(decode_data, CBIT) + 20; |
443 |
c = arj_getbits(decode_data, CBIT) + 20; |
413 |
} |
444 |
} |
|
|
445 |
if (decode_data->status != CL_SUCCESS) { |
446 |
return decode_data->status; |
447 |
} |
414 |
while (--c >= 0) { |
448 |
while (--c >= 0) { |
415 |
if (i >= NC) { |
449 |
if (i >= NC) { |
416 |
cli_warnmsg("ERROR: bounds exceeded\n"); |
450 |
cli_warnmsg("ERROR: bounds exceeded\n"); |
|
|
451 |
decode_data->status = CL_EFORMAT; |
417 |
return CL_EFORMAT; |
452 |
return CL_EFORMAT; |
418 |
} |
453 |
} |
419 |
decode_data->c_len[i++] = 0; |
454 |
decode_data->c_len[i++] = 0; |
Lines 421-426
Link Here
|
421 |
} else { |
456 |
} else { |
422 |
if (i >= NC) { |
457 |
if (i >= NC) { |
423 |
cli_warnmsg("ERROR: bounds exceeded\n"); |
458 |
cli_warnmsg("ERROR: bounds exceeded\n"); |
|
|
459 |
decode_data->status = CL_EFORMAT; |
424 |
return CL_EFORMAT; |
460 |
return CL_EFORMAT; |
425 |
} |
461 |
} |
426 |
decode_data->c_len[i++] = (unsigned char) (c - 2); |
462 |
decode_data->c_len[i++] = (unsigned char) (c - 2); |
Lines 429-435
Link Here
|
429 |
while (i < NC) { |
465 |
while (i < NC) { |
430 |
decode_data->c_len[i++] = 0; |
466 |
decode_data->c_len[i++] = 0; |
431 |
} |
467 |
} |
432 |
make_table(decode_data, NC, decode_data->c_len, 12, decode_data->c_table, CTABLESIZE); |
468 |
if (make_table(decode_data, NC, decode_data->c_len, 12, decode_data->c_table, CTABLESIZE) != CL_SUCCESS) { |
|
|
469 |
return CL_EARJ; |
470 |
} |
433 |
} |
471 |
} |
434 |
return CL_SUCCESS; |
472 |
return CL_SUCCESS; |
435 |
} |
473 |
} |
Lines 452-457
Link Here
|
452 |
do { |
490 |
do { |
453 |
if (j >= (2 * NC - 1)) { |
491 |
if (j >= (2 * NC - 1)) { |
454 |
cli_warnmsg("ERROR: bounds exceeded\n"); |
492 |
cli_warnmsg("ERROR: bounds exceeded\n"); |
|
|
493 |
decode_data->status = CL_EARJ; |
455 |
return 0; |
494 |
return 0; |
456 |
} |
495 |
} |
457 |
if (decode_data->bit_buf & mask) { |
496 |
if (decode_data->bit_buf & mask) { |
Lines 476-481
Link Here
|
476 |
do { |
515 |
do { |
477 |
if (j >= (2 * NC - 1)) { |
516 |
if (j >= (2 * NC - 1)) { |
478 |
cli_warnmsg("ERROR: bounds exceeded\n"); |
517 |
cli_warnmsg("ERROR: bounds exceeded\n"); |
|
|
518 |
decode_data->status = CL_EARJ; |
479 |
return 0; |
519 |
return 0; |
480 |
} |
520 |
} |
481 |
if (decode_data->bit_buf & mask) { |
521 |
if (decode_data->bit_buf & mask) { |
Lines 510-517
Link Here
|
510 |
decode_data.comp_size = metadata->comp_size; |
550 |
decode_data.comp_size = metadata->comp_size; |
511 |
ret = decode_start(&decode_data); |
551 |
ret = decode_start(&decode_data); |
512 |
if (ret != CL_SUCCESS) { |
552 |
if (ret != CL_SUCCESS) { |
|
|
553 |
free(decode_data.text); |
513 |
return ret; |
554 |
return ret; |
514 |
} |
555 |
} |
|
|
556 |
decode_data.status = CL_SUCCESS; |
515 |
|
557 |
|
516 |
while (count < metadata->orig_size) { |
558 |
while (count < metadata->orig_size) { |
517 |
if ((chr = decode_c(&decode_data)) <= UCHAR_MAX) { |
559 |
if ((chr = decode_c(&decode_data)) <= UCHAR_MAX) { |
Lines 519-525
Link Here
|
519 |
count++; |
561 |
count++; |
520 |
if (++out_ptr >= DDICSIZ) { |
562 |
if (++out_ptr >= DDICSIZ) { |
521 |
out_ptr = 0; |
563 |
out_ptr = 0; |
522 |
write_text(metadata->ofd, decode_data.text, DDICSIZ); |
564 |
if (write_text(metadata->ofd, decode_data.text, DDICSIZ) != CL_SUCCESS) { |
|
|
565 |
free(decode_data.text); |
566 |
return CL_EIO; |
567 |
} |
523 |
} |
568 |
} |
524 |
} else { |
569 |
} else { |
525 |
j = chr - (UCHAR_MAX + 1 - THRESHOLD); |
570 |
j = chr - (UCHAR_MAX + 1 - THRESHOLD); |
Lines 541-547
Link Here
|
541 |
decode_data.text[out_ptr] = decode_data.text[i]; |
586 |
decode_data.text[out_ptr] = decode_data.text[i]; |
542 |
if (++out_ptr >= DDICSIZ) { |
587 |
if (++out_ptr >= DDICSIZ) { |
543 |
out_ptr = 0; |
588 |
out_ptr = 0; |
544 |
write_text(metadata->ofd, decode_data.text, DDICSIZ); |
589 |
if (write_text(metadata->ofd, decode_data.text, DDICSIZ) != CL_SUCCESS) { |
|
|
590 |
free(decode_data.text); |
591 |
return CL_EIO; |
592 |
} |
545 |
} |
593 |
} |
546 |
if (++i >= DDICSIZ) { |
594 |
if (++i >= DDICSIZ) { |
547 |
i = 0; |
595 |
i = 0; |
Lines 549-554
Link Here
|
549 |
} |
597 |
} |
550 |
} |
598 |
} |
551 |
} |
599 |
} |
|
|
600 |
if (decode_data.status != CL_SUCCESS) { |
601 |
free(decode_data.text); |
602 |
return decode_data.status; |
603 |
} |
552 |
} |
604 |
} |
553 |
if (out_ptr != 0) { |
605 |
if (out_ptr != 0) { |
554 |
write_text(metadata->ofd, decode_data.text, out_ptr); |
606 |
write_text(metadata->ofd, decode_data.text, out_ptr); |
Lines 625-645
Link Here
|
625 |
return ret; |
677 |
return ret; |
626 |
} |
678 |
} |
627 |
decode_data.getlen = decode_data.getbuf = 0; |
679 |
decode_data.getlen = decode_data.getbuf = 0; |
628 |
|
680 |
decode_data.status = CL_SUCCESS; |
|
|
681 |
|
629 |
while (count < metadata->orig_size) { |
682 |
while (count < metadata->orig_size) { |
630 |
chr = decode_len(&decode_data); |
683 |
chr = decode_len(&decode_data); |
|
|
684 |
if (decode_data.status != CL_SUCCESS) { |
685 |
free(decode_data.text); |
686 |
return decode_data.status; |
687 |
} |
631 |
if (chr == 0) { |
688 |
if (chr == 0) { |
632 |
ARJ_GETBITS(dd, chr, CHAR_BIT); |
689 |
ARJ_GETBITS(dd, chr, CHAR_BIT); |
|
|
690 |
if (decode_data.status != CL_SUCCESS) { |
691 |
free(decode_data.text); |
692 |
return decode_data.status; |
693 |
} |
633 |
decode_data.text[out_ptr] = (unsigned char) chr; |
694 |
decode_data.text[out_ptr] = (unsigned char) chr; |
634 |
count++; |
695 |
count++; |
635 |
if (++out_ptr >= DDICSIZ) { |
696 |
if (++out_ptr >= DDICSIZ) { |
636 |
out_ptr = 0; |
697 |
out_ptr = 0; |
637 |
write_text(metadata->ofd, decode_data.text, DDICSIZ); |
698 |
if (write_text(metadata->ofd, decode_data.text, DDICSIZ) != CL_SUCCESS) { |
|
|
699 |
free(decode_data.text); |
700 |
return CL_EIO; |
701 |
} |
638 |
} |
702 |
} |
639 |
} else { |
703 |
} else { |
640 |
j = chr - 1 + THRESHOLD; |
704 |
j = chr - 1 + THRESHOLD; |
641 |
count += j; |
705 |
count += j; |
642 |
pos = decode_ptr(&decode_data); |
706 |
pos = decode_ptr(&decode_data); |
|
|
707 |
if (decode_data.status != CL_SUCCESS) { |
708 |
free(decode_data.text); |
709 |
return decode_data.status; |
710 |
} |
643 |
if ((i = out_ptr - pos - 1) < 0) { |
711 |
if ((i = out_ptr - pos - 1) < 0) { |
644 |
i += DDICSIZ; |
712 |
i += DDICSIZ; |
645 |
} |
713 |
} |
Lines 651-657
Link Here
|
651 |
decode_data.text[out_ptr] = decode_data.text[i]; |
719 |
decode_data.text[out_ptr] = decode_data.text[i]; |
652 |
if (++out_ptr >= DDICSIZ) { |
720 |
if (++out_ptr >= DDICSIZ) { |
653 |
out_ptr = 0; |
721 |
out_ptr = 0; |
654 |
write_text(metadata->ofd, decode_data.text, DDICSIZ); |
722 |
if (write_text(metadata->ofd, decode_data.text, DDICSIZ) != CL_SUCCESS) { |
|
|
723 |
free(decode_data.text); |
724 |
return CL_EIO; |
725 |
} |
655 |
} |
726 |
} |
656 |
if (++i >= DDICSIZ) { |
727 |
if (++i >= DDICSIZ) { |
657 |
i = 0; |
728 |
i = 0; |
Lines 1012-1021
Link Here
|
1012 |
case 1: |
1083 |
case 1: |
1013 |
case 2: |
1084 |
case 2: |
1014 |
case 3: |
1085 |
case 3: |
1015 |
decode(fd, metadata); |
1086 |
ret = decode(fd, metadata); |
1016 |
break; |
1087 |
break; |
1017 |
case 4: |
1088 |
case 4: |
1018 |
decode_f(fd, metadata); |
1089 |
ret = decode_f(fd, metadata); |
1019 |
break; |
1090 |
break; |
1020 |
default: |
1091 |
default: |
1021 |
ret = CL_EFORMAT; |
1092 |
ret = CL_EFORMAT; |