mirror of
				https://source.denx.de/u-boot/u-boot.git
				synced 2025-10-24 22:11:26 +02:00 
			
		
		
		
	While our copy of zlib is missing upstream commit 263b1a05b04e ("Allow
deflatePrime() to insert bits in the middle of a stream.") we do have
Z_FIXED support, and so the majority of the code changes in 5c44459c3b28
("Fix a bug that can crash deflate on some input when using Z_FIXED.")
apply here directly and cleanly.  As this has been assigned a CVE, lets
go and apply these changes.
Link: 5c44459c3b
Reported-by: "Gan, Yau Wai" <yau.wai.gan@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
		
	
			
		
			
				
	
	
		
			340 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			340 lines
		
	
	
		
			12 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /* deflate.h -- internal compression state
 | |
|  * Copyright (C) 1995-2010 Jean-loup Gailly
 | |
|  * For conditions of distribution and use, see copyright notice in zlib.h
 | |
|  */
 | |
| 
 | |
| /* WARNING: this file should *not* be used by applications. It is
 | |
|    part of the implementation of the compression library and is
 | |
|    subject to change. Applications should only use zlib.h.
 | |
|  */
 | |
| 
 | |
| /* @(#) $Id$ */
 | |
| 
 | |
| #ifndef DEFLATE_H
 | |
| #define DEFLATE_H
 | |
| 
 | |
| #include "zutil.h"
 | |
| 
 | |
| /* define NO_GZIP when compiling if you want to disable gzip header and
 | |
|    trailer creation by deflate().  NO_GZIP would be used to avoid linking in
 | |
|    the crc code when it is not needed.  For shared libraries, gzip encoding
 | |
|    should be left enabled. */
 | |
| #ifndef NO_GZIP
 | |
| #  define GZIP
 | |
| #endif
 | |
| 
 | |
| /* ===========================================================================
 | |
|  * Internal compression state.
 | |
|  */
 | |
| 
 | |
| #define LENGTH_CODES 29
 | |
| /* number of length codes, not counting the special END_BLOCK code */
 | |
| 
 | |
| #define LITERALS  256
 | |
| /* number of literal bytes 0..255 */
 | |
| 
 | |
| #define L_CODES (LITERALS+1+LENGTH_CODES)
 | |
| /* number of Literal or Length codes, including the END_BLOCK code */
 | |
| 
 | |
| #define D_CODES   30
 | |
| /* number of distance codes */
 | |
| 
 | |
| #define BL_CODES  19
 | |
| /* number of codes used to transfer the bit lengths */
 | |
| 
 | |
| #define HEAP_SIZE (2*L_CODES+1)
 | |
| /* maximum heap size */
 | |
| 
 | |
| #define MAX_BITS 15
 | |
| /* All codes must not exceed MAX_BITS bits */
 | |
| 
 | |
| #define INIT_STATE    42
 | |
| #define EXTRA_STATE   69
 | |
| #define NAME_STATE    73
 | |
| #define COMMENT_STATE 91
 | |
| #define HCRC_STATE   103
 | |
| #define BUSY_STATE   113
 | |
| #define FINISH_STATE 666
 | |
| /* Stream status */
 | |
| 
 | |
| 
 | |
| /* Data structure describing a single value and its code string. */
 | |
| typedef struct ct_data_s {
 | |
|     union {
 | |
|         ush  freq;       /* frequency count */
 | |
|         ush  code;       /* bit string */
 | |
|     } fc;
 | |
|     union {
 | |
|         ush  dad;        /* father node in Huffman tree */
 | |
|         ush  len;        /* length of bit string */
 | |
|     } dl;
 | |
| } FAR ct_data;
 | |
| 
 | |
| #define Freq fc.freq
 | |
| #define Code fc.code
 | |
| #define Dad  dl.dad
 | |
| #define Len  dl.len
 | |
| 
 | |
| typedef struct static_tree_desc_s  static_tree_desc;
 | |
| 
 | |
| typedef struct tree_desc_s {
 | |
|     ct_data *dyn_tree;           /* the dynamic tree */
 | |
|     int     max_code;            /* largest code with non zero frequency */
 | |
|     static_tree_desc *stat_desc; /* the corresponding static tree */
 | |
| } FAR tree_desc;
 | |
| 
 | |
| typedef ush Pos;
 | |
| typedef Pos FAR Posf;
 | |
| typedef unsigned IPos;
 | |
| 
 | |
| /* A Pos is an index in the character window. We use short instead of int to
 | |
|  * save space in the various tables. IPos is used only for parameter passing.
 | |
|  */
 | |
| 
 | |
| typedef struct internal_state {
 | |
|     z_streamp strm;      /* pointer back to this zlib stream */
 | |
|     int   status;        /* as the name implies */
 | |
|     Bytef *pending_buf;  /* output still pending */
 | |
|     ulg   pending_buf_size; /* size of pending_buf */
 | |
|     Bytef *pending_out;  /* next pending byte to output to the stream */
 | |
|     uInt   pending;      /* nb of bytes in the pending buffer */
 | |
|     int   wrap;          /* bit 0 true for zlib, bit 1 true for gzip */
 | |
|     gz_headerp  gzhead;  /* gzip header information to write */
 | |
|     uInt   gzindex;      /* where in extra, name, or comment */
 | |
|     Byte  method;        /* STORED (for zip only) or DEFLATED */
 | |
|     int   last_flush;    /* value of flush param for previous deflate call */
 | |
| 
 | |
|                 /* used by deflate.c: */
 | |
| 
 | |
|     uInt  w_size;        /* LZ77 window size (32K by default) */
 | |
|     uInt  w_bits;        /* log2(w_size)  (8..16) */
 | |
|     uInt  w_mask;        /* w_size - 1 */
 | |
| 
 | |
|     Bytef *window;
 | |
|     /* Sliding window. Input bytes are read into the second half of the window,
 | |
|      * and move to the first half later to keep a dictionary of at least wSize
 | |
|      * bytes. With this organization, matches are limited to a distance of
 | |
|      * wSize-MAX_MATCH bytes, but this ensures that IO is always
 | |
|      * performed with a length multiple of the block size. Also, it limits
 | |
|      * the window size to 64K, which is quite useful on MSDOS.
 | |
|      * To do: use the user input buffer as sliding window.
 | |
|      */
 | |
| 
 | |
|     ulg window_size;
 | |
|     /* Actual size of window: 2*wSize, except when the user input buffer
 | |
|      * is directly used as sliding window.
 | |
|      */
 | |
| 
 | |
|     Posf *prev;
 | |
|     /* Link to older string with same hash index. To limit the size of this
 | |
|      * array to 64K, this link is maintained only for the last 32K strings.
 | |
|      * An index in this array is thus a window index modulo 32K.
 | |
|      */
 | |
| 
 | |
|     Posf *head; /* Heads of the hash chains or NIL. */
 | |
| 
 | |
|     uInt  ins_h;          /* hash index of string to be inserted */
 | |
|     uInt  hash_size;      /* number of elements in hash table */
 | |
|     uInt  hash_bits;      /* log2(hash_size) */
 | |
|     uInt  hash_mask;      /* hash_size-1 */
 | |
| 
 | |
|     uInt  hash_shift;
 | |
|     /* Number of bits by which ins_h must be shifted at each input
 | |
|      * step. It must be such that after MIN_MATCH steps, the oldest
 | |
|      * byte no longer takes part in the hash key, that is:
 | |
|      *   hash_shift * MIN_MATCH >= hash_bits
 | |
|      */
 | |
| 
 | |
|     long block_start;
 | |
|     /* Window position at the beginning of the current output block. Gets
 | |
|      * negative when the window is moved backwards.
 | |
|      */
 | |
| 
 | |
|     uInt match_length;           /* length of best match */
 | |
|     IPos prev_match;             /* previous match */
 | |
|     int match_available;         /* set if previous match exists */
 | |
|     uInt strstart;               /* start of string to insert */
 | |
|     uInt match_start;            /* start of matching string */
 | |
|     uInt lookahead;              /* number of valid bytes ahead in window */
 | |
| 
 | |
|     uInt prev_length;
 | |
|     /* Length of the best match at previous step. Matches not greater than this
 | |
|      * are discarded. This is used in the lazy match evaluation.
 | |
|      */
 | |
| 
 | |
|     uInt max_chain_length;
 | |
|     /* To speed up deflation, hash chains are never searched beyond this
 | |
|      * length.  A higher limit improves compression ratio but degrades the
 | |
|      * speed.
 | |
|      */
 | |
| 
 | |
|     uInt max_lazy_match;
 | |
|     /* Attempt to find a better match only when the current match is strictly
 | |
|      * smaller than this value. This mechanism is used only for compression
 | |
|      * levels >= 4.
 | |
|      */
 | |
| #   define max_insert_length  max_lazy_match
 | |
|     /* Insert new strings in the hash table only if the match length is not
 | |
|      * greater than this length. This saves time but degrades compression.
 | |
|      * max_insert_length is used only for compression levels <= 3.
 | |
|      */
 | |
| 
 | |
|     int level;    /* compression level (1..9) */
 | |
|     int strategy; /* favor or force Huffman coding*/
 | |
| 
 | |
|     uInt good_match;
 | |
|     /* Use a faster search when the previous match is longer than this */
 | |
| 
 | |
|     int nice_match; /* Stop searching when current match exceeds this */
 | |
| 
 | |
|                 /* used by trees.c: */
 | |
|     /* Didn't use ct_data typedef below to supress compiler warning */
 | |
|     struct ct_data_s dyn_ltree[HEAP_SIZE];   /* literal and length tree */
 | |
|     struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
 | |
|     struct ct_data_s bl_tree[2*BL_CODES+1];  /* Huffman tree for bit lengths */
 | |
| 
 | |
|     struct tree_desc_s l_desc;               /* desc. for literal tree */
 | |
|     struct tree_desc_s d_desc;               /* desc. for distance tree */
 | |
|     struct tree_desc_s bl_desc;              /* desc. for bit length tree */
 | |
| 
 | |
|     ush bl_count[MAX_BITS+1];
 | |
|     /* number of codes at each bit length for an optimal tree */
 | |
| 
 | |
|     int heap[2*L_CODES+1];      /* heap used to build the Huffman trees */
 | |
|     int heap_len;               /* number of elements in the heap */
 | |
|     int heap_max;               /* element of largest frequency */
 | |
|     /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
 | |
|      * The same heap array is used to build all trees.
 | |
|      */
 | |
| 
 | |
|     uch depth[2*L_CODES+1];
 | |
|     /* Depth of each subtree used as tie breaker for trees of equal frequency
 | |
|      */
 | |
| 
 | |
|     uchf *sym_buf;        /* buffer for distances and literals/lengths */
 | |
| 
 | |
|     uInt  lit_bufsize;
 | |
|     /* Size of match buffer for literals/lengths.  There are 4 reasons for
 | |
|      * limiting lit_bufsize to 64K:
 | |
|      *   - frequencies can be kept in 16 bit counters
 | |
|      *   - if compression is not successful for the first block, all input
 | |
|      *     data is still in the window so we can still emit a stored block even
 | |
|      *     when input comes from standard input.  (This can also be done for
 | |
|      *     all blocks if lit_bufsize is not greater than 32K.)
 | |
|      *   - if compression is not successful for a file smaller than 64K, we can
 | |
|      *     even emit a stored file instead of a stored block (saving 5 bytes).
 | |
|      *     This is applicable only for zip (not gzip or zlib).
 | |
|      *   - creating new Huffman trees less frequently may not provide fast
 | |
|      *     adaptation to changes in the input data statistics. (Take for
 | |
|      *     example a binary file with poorly compressible code followed by
 | |
|      *     a highly compressible string table.) Smaller buffer sizes give
 | |
|      *     fast adaptation but have of course the overhead of transmitting
 | |
|      *     trees more frequently.
 | |
|      *   - I can't count above 4
 | |
|      */
 | |
| 
 | |
|     uInt sym_next;      /* running index in sym_buf */
 | |
|     uInt sym_end;       /* symbol table full when sym_next reaches this */
 | |
| 
 | |
|     ulg opt_len;        /* bit length of current block with optimal trees */
 | |
|     ulg static_len;     /* bit length of current block with static trees */
 | |
|     uInt matches;       /* number of string matches in current block */
 | |
|     int last_eob_len;   /* bit length of EOB code for last block */
 | |
| 
 | |
| #ifdef DEBUG
 | |
|     ulg compressed_len; /* total bit length of compressed file mod 2^32 */
 | |
|     ulg bits_sent;      /* bit length of compressed data sent mod 2^32 */
 | |
| #endif
 | |
| 
 | |
|     ush bi_buf;
 | |
|     /* Output buffer. bits are inserted starting at the bottom (least
 | |
|      * significant bits).
 | |
|      */
 | |
|     int bi_valid;
 | |
|     /* Number of valid bits in bi_buf.  All bits above the last valid bit
 | |
|      * are always zero.
 | |
|      */
 | |
| 
 | |
|     ulg high_water;
 | |
|     /* High water mark offset in window for initialized bytes -- bytes above
 | |
|      * this are set to zero in order to avoid memory check warnings when
 | |
|      * longest match routines access bytes past the input.  This is then
 | |
|      * updated to the new high water mark.
 | |
|      */
 | |
| 
 | |
| } FAR deflate_state;
 | |
| 
 | |
| /* Output a byte on the stream.
 | |
|  * IN assertion: there is enough room in pending_buf.
 | |
|  */
 | |
| #define put_byte(s, c) {s->pending_buf[s->pending++] = (c);}
 | |
| 
 | |
| 
 | |
| #define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
 | |
| /* Minimum amount of lookahead, except at the end of the input file.
 | |
|  * See deflate.c for comments about the MIN_MATCH+1.
 | |
|  */
 | |
| 
 | |
| #define MAX_DIST(s)  ((s)->w_size-MIN_LOOKAHEAD)
 | |
| /* In order to simplify the code, particularly on 16 bit machines, match
 | |
|  * distances are limited to MAX_DIST instead of WSIZE.
 | |
|  */
 | |
| 
 | |
| #define WIN_INIT MAX_MATCH
 | |
| /* Number of bytes after end of data in window to initialize in order to avoid
 | |
|    memory checker errors from longest match routines */
 | |
| 
 | |
|         /* in trees.c */
 | |
| void ZLIB_INTERNAL _tr_init OF((deflate_state *s));
 | |
| int ZLIB_INTERNAL _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc));
 | |
| void ZLIB_INTERNAL _tr_flush_block OF((deflate_state *s, charf *buf,
 | |
|                         ulg stored_len, int last));
 | |
| void ZLIB_INTERNAL _tr_align OF((deflate_state *s));
 | |
| void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf,
 | |
|                         ulg stored_len, int last));
 | |
| 
 | |
| #define d_code(dist) \
 | |
|    ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)])
 | |
| /* Mapping from a distance to a distance code. dist is the distance - 1 and
 | |
|  * must not have side effects. _dist_code[256] and _dist_code[257] are never
 | |
|  * used.
 | |
|  */
 | |
| 
 | |
| #ifndef DEBUG
 | |
| /* Inline versions of _tr_tally for speed: */
 | |
| 
 | |
| #if defined(GEN_TREES_H) || !defined(STDC)
 | |
|   extern uch ZLIB_INTERNAL _length_code[];
 | |
|   extern uch ZLIB_INTERNAL _dist_code[];
 | |
| #else
 | |
|   extern const uch ZLIB_INTERNAL _length_code[];
 | |
|   extern const uch ZLIB_INTERNAL _dist_code[];
 | |
| #endif
 | |
| 
 | |
| # define _tr_tally_lit(s, c, flush) \
 | |
|   { uch cc = (c); \
 | |
|     s->sym_buf[s->sym_next++] = 0; \
 | |
|     s->sym_buf[s->sym_next++] = 0; \
 | |
|     s->sym_buf[s->sym_next++] = cc; \
 | |
|     s->dyn_ltree[cc].Freq++; \
 | |
|     flush = (s->sym_next == s->sym_end); \
 | |
|    }
 | |
| # define _tr_tally_dist(s, distance, length, flush) \
 | |
|   { uch len = (length); \
 | |
|     ush dist = (distance); \
 | |
|     s->sym_buf[s->sym_next++] = dist; \
 | |
|     s->sym_buf[s->sym_next++] = dist >> 8; \
 | |
|     s->sym_buf[s->sym_next++] = len; \
 | |
|     dist--; \
 | |
|     s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
 | |
|     s->dyn_dtree[d_code(dist)].Freq++; \
 | |
|     flush = (s->sym_next == s->sym_end); \
 | |
|   }
 | |
| #else
 | |
| # define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
 | |
| # define _tr_tally_dist(s, distance, length, flush) \
 | |
|               flush = _tr_tally(s, distance, length)
 | |
| #endif
 | |
| 
 | |
| #endif /* DEFLATE_H */
 |