1/*-
2* Copyright (c) 2003-2007 Tim Kientzle
3* Copyright (c) 2011 Andres Mejia
4* All rights reserved.
5*
6* Redistribution and use in source and binary forms, with or without
7* modification, are permitted provided that the following conditions
8* are met:
9* 1. Redistributions of source code must retain the above copyright
10*    notice, this list of conditions and the following disclaimer.
11* 2. Redistributions in binary form must reproduce the above copyright
12*    notice, this list of conditions and the following disclaimer in the
13*    documentation and/or other materials provided with the distribution.
14*
15* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18* IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25*/
26
27#include "archive_platform.h"
28
29#ifdef HAVE_ERRNO_H
30#include <errno.h>
31#endif
32#include <time.h>
33#include <limits.h>
34#ifdef HAVE_ZLIB_H
35#include <zlib.h> /* crc32 */
36#endif
37
38#include "archive.h"
39#ifndef HAVE_ZLIB_H
40#include "archive_crc32.h"
41#endif
42#include "archive_endian.h"
43#include "archive_entry.h"
44#include "archive_entry_locale.h"
45#include "archive_ppmd7_private.h"
46#include "archive_private.h"
47#include "archive_read_private.h"
48
49/* RAR signature, also known as the mark header */
50#define RAR_SIGNATURE "\x52\x61\x72\x21\x1A\x07\x00"
51
52/* Header types */
53#define MARK_HEAD    0x72
54#define MAIN_HEAD    0x73
55#define FILE_HEAD    0x74
56#define COMM_HEAD    0x75
57#define AV_HEAD      0x76
58#define SUB_HEAD     0x77
59#define PROTECT_HEAD 0x78
60#define SIGN_HEAD    0x79
61#define NEWSUB_HEAD  0x7a
62#define ENDARC_HEAD  0x7b
63
64/* Main Header Flags */
65#define MHD_VOLUME       0x0001
66#define MHD_COMMENT      0x0002
67#define MHD_LOCK         0x0004
68#define MHD_SOLID        0x0008
69#define MHD_NEWNUMBERING 0x0010
70#define MHD_AV           0x0020
71#define MHD_PROTECT      0x0040
72#define MHD_PASSWORD     0x0080
73#define MHD_FIRSTVOLUME  0x0100
74#define MHD_ENCRYPTVER   0x0200
75
76/* Flags common to all headers */
77#define HD_MARKDELETION     0x4000
78#define HD_ADD_SIZE_PRESENT 0x8000
79
80/* File Header Flags */
81#define FHD_SPLIT_BEFORE 0x0001
82#define FHD_SPLIT_AFTER  0x0002
83#define FHD_PASSWORD     0x0004
84#define FHD_COMMENT      0x0008
85#define FHD_SOLID        0x0010
86#define FHD_LARGE        0x0100
87#define FHD_UNICODE      0x0200
88#define FHD_SALT         0x0400
89#define FHD_VERSION      0x0800
90#define FHD_EXTTIME      0x1000
91#define FHD_EXTFLAGS     0x2000
92
93/* File dictionary sizes */
94#define DICTIONARY_SIZE_64   0x00
95#define DICTIONARY_SIZE_128  0x20
96#define DICTIONARY_SIZE_256  0x40
97#define DICTIONARY_SIZE_512  0x60
98#define DICTIONARY_SIZE_1024 0x80
99#define DICTIONARY_SIZE_2048 0xA0
100#define DICTIONARY_SIZE_4096 0xC0
101#define FILE_IS_DIRECTORY    0xE0
102#define DICTIONARY_MASK      FILE_IS_DIRECTORY
103
104/* OS Flags */
105#define OS_MSDOS  0
106#define OS_OS2    1
107#define OS_WIN32  2
108#define OS_UNIX   3
109#define OS_MAC_OS 4
110#define OS_BEOS   5
111
112/* Compression Methods */
113#define COMPRESS_METHOD_STORE   0x30
114/* LZSS */
115#define COMPRESS_METHOD_FASTEST 0x31
116#define COMPRESS_METHOD_FAST    0x32
117#define COMPRESS_METHOD_NORMAL  0x33
118/* PPMd Variant H */
119#define COMPRESS_METHOD_GOOD    0x34
120#define COMPRESS_METHOD_BEST    0x35
121
122#define CRC_POLYNOMIAL 0xEDB88320
123
124#define NS_UNIT 10000000
125
126#define DICTIONARY_MAX_SIZE 0x400000
127
128#define MAINCODE_SIZE      299
129#define OFFSETCODE_SIZE    60
130#define LOWOFFSETCODE_SIZE 17
131#define LENGTHCODE_SIZE    28
132#define HUFFMAN_TABLE_SIZE \
133  MAINCODE_SIZE + OFFSETCODE_SIZE + LOWOFFSETCODE_SIZE + LENGTHCODE_SIZE
134
135#define MAX_SYMBOL_LENGTH 0xF
136#define MAX_SYMBOLS       20
137
138/*
139 * Considering L1,L2 cache miss and a calling of write system-call,
140 * the best size of the output buffer(uncompressed buffer) is 128K.
141 * If the structure of extracting process is changed, this value
142 * might be researched again.
143 */
144#define UNP_BUFFER_SIZE   (128 * 1024)
145
146/* Define this here for non-Windows platforms */
147#if !((defined(__WIN32__) || defined(_WIN32) || defined(__WIN32)) && !defined(__CYGWIN__))
148#define FILE_ATTRIBUTE_DIRECTORY 0x10
149#endif
150
151#undef minimum
152#define minimum(a, b)	((a)<(b)?(a):(b))
153
154/* Stack overflow check */
155#define MAX_COMPRESS_DEPTH 1024
156
157/* Fields common to all headers */
158struct rar_header
159{
160  char crc[2];
161  char type;
162  char flags[2];
163  char size[2];
164};
165
166/* Fields common to all file headers */
167struct rar_file_header
168{
169  char pack_size[4];
170  char unp_size[4];
171  char host_os;
172  char file_crc[4];
173  char file_time[4];
174  char unp_ver;
175  char method;
176  char name_size[2];
177  char file_attr[4];
178};
179
180struct huffman_tree_node
181{
182  int branches[2];
183};
184
185struct huffman_table_entry
186{
187  unsigned int length;
188  int value;
189};
190
191struct huffman_code
192{
193  struct huffman_tree_node *tree;
194  int numentries;
195  int numallocatedentries;
196  int minlength;
197  int maxlength;
198  int tablesize;
199  struct huffman_table_entry *table;
200};
201
202struct lzss
203{
204  unsigned char *window;
205  int mask;
206  int64_t position;
207};
208
209struct data_block_offsets
210{
211  int64_t header_size;
212  int64_t start_offset;
213  int64_t end_offset;
214};
215
216struct rar
217{
218  /* Entries from main RAR header */
219  unsigned main_flags;
220  unsigned long file_crc;
221  char reserved1[2];
222  char reserved2[4];
223  char encryptver;
224
225  /* File header entries */
226  char compression_method;
227  unsigned file_flags;
228  int64_t packed_size;
229  int64_t unp_size;
230  time_t mtime;
231  long mnsec;
232  mode_t mode;
233  char *filename;
234  char *filename_save;
235  size_t filename_save_size;
236  size_t filename_allocated;
237
238  /* File header optional entries */
239  char salt[8];
240  time_t atime;
241  long ansec;
242  time_t ctime;
243  long cnsec;
244  time_t arctime;
245  long arcnsec;
246
247  /* Fields to help with tracking decompression of files. */
248  int64_t bytes_unconsumed;
249  int64_t bytes_remaining;
250  int64_t bytes_uncopied;
251  int64_t offset;
252  int64_t offset_outgoing;
253  int64_t offset_seek;
254  char valid;
255  unsigned int unp_offset;
256  unsigned int unp_buffer_size;
257  unsigned char *unp_buffer;
258  unsigned int dictionary_size;
259  char start_new_block;
260  char entry_eof;
261  unsigned long crc_calculated;
262  int found_first_header;
263  char has_endarc_header;
264  struct data_block_offsets *dbo;
265  unsigned int cursor;
266  unsigned int nodes;
267
268  /* LZSS members */
269  struct huffman_code maincode;
270  struct huffman_code offsetcode;
271  struct huffman_code lowoffsetcode;
272  struct huffman_code lengthcode;
273  unsigned char lengthtable[HUFFMAN_TABLE_SIZE];
274  struct lzss lzss;
275  char output_last_match;
276  unsigned int lastlength;
277  unsigned int lastoffset;
278  unsigned int oldoffset[4];
279  unsigned int lastlowoffset;
280  unsigned int numlowoffsetrepeats;
281  int64_t filterstart;
282  char start_new_table;
283
284  /* PPMd Variant H members */
285  char ppmd_valid;
286  char ppmd_eod;
287  char is_ppmd_block;
288  int ppmd_escape;
289  CPpmd7 ppmd7_context;
290  CPpmd7z_RangeDec range_dec;
291  IByteIn bytein;
292
293  /*
294   * String conversion object.
295   */
296  int init_default_conversion;
297  struct archive_string_conv *sconv_default;
298  struct archive_string_conv *opt_sconv;
299  struct archive_string_conv *sconv_utf8;
300  struct archive_string_conv *sconv_utf16be;
301
302  /*
303   * Bit stream reader.
304   */
305  struct rar_br {
306#define CACHE_TYPE	uint64_t
307#define CACHE_BITS	(8 * sizeof(CACHE_TYPE))
308    /* Cache buffer. */
309    CACHE_TYPE		 cache_buffer;
310    /* Indicates how many bits avail in cache_buffer. */
311    int			 cache_avail;
312    ssize_t		 avail_in;
313    const unsigned char *next_in;
314  } br;
315
316  /*
317   * Custom field to denote that this archive contains encrypted entries
318   */
319  int has_encrypted_entries;
320};
321
322static int archive_read_support_format_rar_capabilities(struct archive_read *);
323static int archive_read_format_rar_has_encrypted_entries(struct archive_read *);
324static int archive_read_format_rar_bid(struct archive_read *, int);
325static int archive_read_format_rar_options(struct archive_read *,
326    const char *, const char *);
327static int archive_read_format_rar_read_header(struct archive_read *,
328    struct archive_entry *);
329static int archive_read_format_rar_read_data(struct archive_read *,
330    const void **, size_t *, int64_t *);
331static int archive_read_format_rar_read_data_skip(struct archive_read *a);
332static int64_t archive_read_format_rar_seek_data(struct archive_read *, int64_t,
333    int);
334static int archive_read_format_rar_cleanup(struct archive_read *);
335
336/* Support functions */
337static int read_header(struct archive_read *, struct archive_entry *, char);
338static time_t get_time(int);
339static int read_exttime(const char *, struct rar *, const char *);
340static int read_symlink_stored(struct archive_read *, struct archive_entry *,
341                               struct archive_string_conv *);
342static int read_data_stored(struct archive_read *, const void **, size_t *,
343                            int64_t *);
344static int read_data_compressed(struct archive_read *, const void **, size_t *,
345                          int64_t *, size_t);
346static int rar_br_preparation(struct archive_read *, struct rar_br *);
347static int parse_codes(struct archive_read *);
348static void free_codes(struct archive_read *);
349static int read_next_symbol(struct archive_read *, struct huffman_code *);
350static int create_code(struct archive_read *, struct huffman_code *,
351                        unsigned char *, int, char);
352static int add_value(struct archive_read *, struct huffman_code *, int, int,
353                     int);
354static int new_node(struct huffman_code *);
355static int make_table(struct archive_read *, struct huffman_code *);
356static int make_table_recurse(struct archive_read *, struct huffman_code *, int,
357                              struct huffman_table_entry *, int, int);
358static int64_t expand(struct archive_read *, int64_t);
359static int copy_from_lzss_window(struct archive_read *, const void **,
360                                   int64_t, int);
361static const void *rar_read_ahead(struct archive_read *, size_t, ssize_t *);
362
363/*
364 * Bit stream reader.
365 */
366/* Check that the cache buffer has enough bits. */
367#define rar_br_has(br, n) ((br)->cache_avail >= n)
368/* Get compressed data by bit. */
369#define rar_br_bits(br, n)        \
370  (((uint32_t)((br)->cache_buffer >>    \
371    ((br)->cache_avail - (n)))) & cache_masks[n])
372#define rar_br_bits_forced(br, n)     \
373  (((uint32_t)((br)->cache_buffer <<    \
374    ((n) - (br)->cache_avail))) & cache_masks[n])
375/* Read ahead to make sure the cache buffer has enough compressed data we
376 * will use.
377 *  True  : completed, there is enough data in the cache buffer.
378 *  False : there is no data in the stream. */
379#define rar_br_read_ahead(a, br, n) \
380  ((rar_br_has(br, (n)) || rar_br_fillup(a, br)) || rar_br_has(br, (n)))
381/* Notify how many bits we consumed. */
382#define rar_br_consume(br, n) ((br)->cache_avail -= (n))
383#define rar_br_consume_unalined_bits(br) ((br)->cache_avail &= ~7)
384
385static const uint32_t cache_masks[] = {
386  0x00000000, 0x00000001, 0x00000003, 0x00000007,
387  0x0000000F, 0x0000001F, 0x0000003F, 0x0000007F,
388  0x000000FF, 0x000001FF, 0x000003FF, 0x000007FF,
389  0x00000FFF, 0x00001FFF, 0x00003FFF, 0x00007FFF,
390  0x0000FFFF, 0x0001FFFF, 0x0003FFFF, 0x0007FFFF,
391  0x000FFFFF, 0x001FFFFF, 0x003FFFFF, 0x007FFFFF,
392  0x00FFFFFF, 0x01FFFFFF, 0x03FFFFFF, 0x07FFFFFF,
393  0x0FFFFFFF, 0x1FFFFFFF, 0x3FFFFFFF, 0x7FFFFFFF,
394  0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
395};
396
397/*
398 * Shift away used bits in the cache data and fill it up with following bits.
399 * Call this when cache buffer does not have enough bits you need.
400 *
401 * Returns 1 if the cache buffer is full.
402 * Returns 0 if the cache buffer is not full; input buffer is empty.
403 */
404static int
405rar_br_fillup(struct archive_read *a, struct rar_br *br)
406{
407  struct rar *rar = (struct rar *)(a->format->data);
408  int n = CACHE_BITS - br->cache_avail;
409
410  for (;;) {
411    switch (n >> 3) {
412    case 8:
413      if (br->avail_in >= 8) {
414        br->cache_buffer =
415            ((uint64_t)br->next_in[0]) << 56 |
416            ((uint64_t)br->next_in[1]) << 48 |
417            ((uint64_t)br->next_in[2]) << 40 |
418            ((uint64_t)br->next_in[3]) << 32 |
419            ((uint32_t)br->next_in[4]) << 24 |
420            ((uint32_t)br->next_in[5]) << 16 |
421            ((uint32_t)br->next_in[6]) << 8 |
422             (uint32_t)br->next_in[7];
423        br->next_in += 8;
424        br->avail_in -= 8;
425        br->cache_avail += 8 * 8;
426        rar->bytes_unconsumed += 8;
427        rar->bytes_remaining -= 8;
428        return (1);
429      }
430      break;
431    case 7:
432      if (br->avail_in >= 7) {
433        br->cache_buffer =
434           (br->cache_buffer << 56) |
435            ((uint64_t)br->next_in[0]) << 48 |
436            ((uint64_t)br->next_in[1]) << 40 |
437            ((uint64_t)br->next_in[2]) << 32 |
438            ((uint32_t)br->next_in[3]) << 24 |
439            ((uint32_t)br->next_in[4]) << 16 |
440            ((uint32_t)br->next_in[5]) << 8 |
441             (uint32_t)br->next_in[6];
442        br->next_in += 7;
443        br->avail_in -= 7;
444        br->cache_avail += 7 * 8;
445        rar->bytes_unconsumed += 7;
446        rar->bytes_remaining -= 7;
447        return (1);
448      }
449      break;
450    case 6:
451      if (br->avail_in >= 6) {
452        br->cache_buffer =
453           (br->cache_buffer << 48) |
454            ((uint64_t)br->next_in[0]) << 40 |
455            ((uint64_t)br->next_in[1]) << 32 |
456            ((uint32_t)br->next_in[2]) << 24 |
457            ((uint32_t)br->next_in[3]) << 16 |
458            ((uint32_t)br->next_in[4]) << 8 |
459             (uint32_t)br->next_in[5];
460        br->next_in += 6;
461        br->avail_in -= 6;
462        br->cache_avail += 6 * 8;
463        rar->bytes_unconsumed += 6;
464        rar->bytes_remaining -= 6;
465        return (1);
466      }
467      break;
468    case 0:
469      /* We have enough compressed data in
470       * the cache buffer.*/
471      return (1);
472    default:
473      break;
474    }
475    if (br->avail_in <= 0) {
476
477      if (rar->bytes_unconsumed > 0) {
478        /* Consume as much as the decompressor
479         * actually used. */
480        __archive_read_consume(a, rar->bytes_unconsumed);
481        rar->bytes_unconsumed = 0;
482      }
483      br->next_in = rar_read_ahead(a, 1, &(br->avail_in));
484      if (br->next_in == NULL)
485        return (0);
486      if (br->avail_in == 0)
487        return (0);
488    }
489    br->cache_buffer =
490       (br->cache_buffer << 8) | *br->next_in++;
491    br->avail_in--;
492    br->cache_avail += 8;
493    n -= 8;
494    rar->bytes_unconsumed++;
495    rar->bytes_remaining--;
496  }
497}
498
499static int
500rar_br_preparation(struct archive_read *a, struct rar_br *br)
501{
502  struct rar *rar = (struct rar *)(a->format->data);
503
504  if (rar->bytes_remaining > 0) {
505    br->next_in = rar_read_ahead(a, 1, &(br->avail_in));
506    if (br->next_in == NULL) {
507      archive_set_error(&a->archive,
508          ARCHIVE_ERRNO_FILE_FORMAT,
509          "Truncated RAR file data");
510      return (ARCHIVE_FATAL);
511    }
512    if (br->cache_avail == 0)
513      (void)rar_br_fillup(a, br);
514  }
515  return (ARCHIVE_OK);
516}
517
518/* Find last bit set */
519static inline int
520rar_fls(unsigned int word)
521{
522  word |= (word >>  1);
523  word |= (word >>  2);
524  word |= (word >>  4);
525  word |= (word >>  8);
526  word |= (word >> 16);
527  return word - (word >> 1);
528}
529
530/* LZSS functions */
531static inline int64_t
532lzss_position(struct lzss *lzss)
533{
534  return lzss->position;
535}
536
537static inline int
538lzss_mask(struct lzss *lzss)
539{
540  return lzss->mask;
541}
542
543static inline int
544lzss_size(struct lzss *lzss)
545{
546  return lzss->mask + 1;
547}
548
549static inline int
550lzss_offset_for_position(struct lzss *lzss, int64_t pos)
551{
552  return (int)(pos & lzss->mask);
553}
554
555static inline unsigned char *
556lzss_pointer_for_position(struct lzss *lzss, int64_t pos)
557{
558  return &lzss->window[lzss_offset_for_position(lzss, pos)];
559}
560
561static inline int
562lzss_current_offset(struct lzss *lzss)
563{
564  return lzss_offset_for_position(lzss, lzss->position);
565}
566
567static inline uint8_t *
568lzss_current_pointer(struct lzss *lzss)
569{
570  return lzss_pointer_for_position(lzss, lzss->position);
571}
572
573static inline void
574lzss_emit_literal(struct rar *rar, uint8_t literal)
575{
576  *lzss_current_pointer(&rar->lzss) = literal;
577  rar->lzss.position++;
578}
579
580static inline void
581lzss_emit_match(struct rar *rar, int offset, int length)
582{
583  int dstoffs = lzss_current_offset(&rar->lzss);
584  int srcoffs = (dstoffs - offset) & lzss_mask(&rar->lzss);
585  int l, li, remaining;
586  unsigned char *d, *s;
587
588  remaining = length;
589  while (remaining > 0) {
590    l = remaining;
591    if (dstoffs > srcoffs) {
592      if (l > lzss_size(&rar->lzss) - dstoffs)
593        l = lzss_size(&rar->lzss) - dstoffs;
594    } else {
595      if (l > lzss_size(&rar->lzss) - srcoffs)
596        l = lzss_size(&rar->lzss) - srcoffs;
597    }
598    d = &(rar->lzss.window[dstoffs]);
599    s = &(rar->lzss.window[srcoffs]);
600    if ((dstoffs + l < srcoffs) || (srcoffs + l < dstoffs))
601      memcpy(d, s, l);
602    else {
603      for (li = 0; li < l; li++)
604        d[li] = s[li];
605    }
606    remaining -= l;
607    dstoffs = (dstoffs + l) & lzss_mask(&(rar->lzss));
608    srcoffs = (srcoffs + l) & lzss_mask(&(rar->lzss));
609  }
610  rar->lzss.position += length;
611}
612
613static Byte
614ppmd_read(void *p)
615{
616  struct archive_read *a = ((IByteIn*)p)->a;
617  struct rar *rar = (struct rar *)(a->format->data);
618  struct rar_br *br = &(rar->br);
619  Byte b;
620  if (!rar_br_read_ahead(a, br, 8))
621  {
622    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
623                      "Truncated RAR file data");
624    rar->valid = 0;
625    return 0;
626  }
627  b = rar_br_bits(br, 8);
628  rar_br_consume(br, 8);
629  return b;
630}
631
632int
633archive_read_support_format_rar(struct archive *_a)
634{
635  struct archive_read *a = (struct archive_read *)_a;
636  struct rar *rar;
637  int r;
638
639  archive_check_magic(_a, ARCHIVE_READ_MAGIC, ARCHIVE_STATE_NEW,
640                      "archive_read_support_format_rar");
641
642  rar = (struct rar *)calloc(sizeof(*rar), 1);
643  if (rar == NULL)
644  {
645    archive_set_error(&a->archive, ENOMEM, "Can't allocate rar data");
646    return (ARCHIVE_FATAL);
647  }
648
649	/*
650	 * Until enough data has been read, we cannot tell about
651	 * any encrypted entries yet.
652	 */
653	rar->has_encrypted_entries = ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
654
655  r = __archive_read_register_format(a,
656                                     rar,
657                                     "rar",
658                                     archive_read_format_rar_bid,
659                                     archive_read_format_rar_options,
660                                     archive_read_format_rar_read_header,
661                                     archive_read_format_rar_read_data,
662                                     archive_read_format_rar_read_data_skip,
663                                     archive_read_format_rar_seek_data,
664                                     archive_read_format_rar_cleanup,
665                                     archive_read_support_format_rar_capabilities,
666                                     archive_read_format_rar_has_encrypted_entries);
667
668  if (r != ARCHIVE_OK)
669    free(rar);
670  return (r);
671}
672
673static int
674archive_read_support_format_rar_capabilities(struct archive_read * a)
675{
676	(void)a; /* UNUSED */
677	return (ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA
678			| ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA);
679}
680
681static int
682archive_read_format_rar_has_encrypted_entries(struct archive_read *_a)
683{
684	if (_a && _a->format) {
685		struct rar * rar = (struct rar *)_a->format->data;
686		if (rar) {
687			return rar->has_encrypted_entries;
688		}
689	}
690	return ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
691}
692
693
694static int
695archive_read_format_rar_bid(struct archive_read *a, int best_bid)
696{
697  const char *p;
698
699  /* If there's already a bid > 30, we'll never win. */
700  if (best_bid > 30)
701	  return (-1);
702
703  if ((p = __archive_read_ahead(a, 7, NULL)) == NULL)
704    return (-1);
705
706  if (memcmp(p, RAR_SIGNATURE, 7) == 0)
707    return (30);
708
709  if ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0) {
710    /* This is a PE file */
711    ssize_t offset = 0x10000;
712    ssize_t window = 4096;
713    ssize_t bytes_avail;
714    while (offset + window <= (1024 * 128)) {
715      const char *buff = __archive_read_ahead(a, offset + window, &bytes_avail);
716      if (buff == NULL) {
717        /* Remaining bytes are less than window. */
718        window >>= 1;
719        if (window < 0x40)
720          return (0);
721        continue;
722      }
723      p = buff + offset;
724      while (p + 7 < buff + bytes_avail) {
725        if (memcmp(p, RAR_SIGNATURE, 7) == 0)
726          return (30);
727        p += 0x10;
728      }
729      offset = p - buff;
730    }
731  }
732  return (0);
733}
734
735static int
736skip_sfx(struct archive_read *a)
737{
738  const void *h;
739  const char *p, *q;
740  size_t skip, total;
741  ssize_t bytes, window;
742
743  total = 0;
744  window = 4096;
745  while (total + window <= (1024 * 128)) {
746    h = __archive_read_ahead(a, window, &bytes);
747    if (h == NULL) {
748      /* Remaining bytes are less than window. */
749      window >>= 1;
750      if (window < 0x40)
751      	goto fatal;
752      continue;
753    }
754    if (bytes < 0x40)
755      goto fatal;
756    p = h;
757    q = p + bytes;
758
759    /*
760     * Scan ahead until we find something that looks
761     * like the RAR header.
762     */
763    while (p + 7 < q) {
764      if (memcmp(p, RAR_SIGNATURE, 7) == 0) {
765      	skip = p - (const char *)h;
766      	__archive_read_consume(a, skip);
767      	return (ARCHIVE_OK);
768      }
769      p += 0x10;
770    }
771    skip = p - (const char *)h;
772    __archive_read_consume(a, skip);
773	total += skip;
774  }
775fatal:
776  archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
777      "Couldn't find out RAR header");
778  return (ARCHIVE_FATAL);
779}
780
781static int
782archive_read_format_rar_options(struct archive_read *a,
783    const char *key, const char *val)
784{
785  struct rar *rar;
786  int ret = ARCHIVE_FAILED;
787
788  rar = (struct rar *)(a->format->data);
789  if (strcmp(key, "hdrcharset")  == 0) {
790    if (val == NULL || val[0] == 0)
791      archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
792          "rar: hdrcharset option needs a character-set name");
793    else {
794      rar->opt_sconv =
795          archive_string_conversion_from_charset(
796              &a->archive, val, 0);
797      if (rar->opt_sconv != NULL)
798        ret = ARCHIVE_OK;
799      else
800        ret = ARCHIVE_FATAL;
801    }
802    return (ret);
803  }
804
805  /* Note: The "warn" return is just to inform the options
806   * supervisor that we didn't handle it.  It will generate
807   * a suitable error if no one used this option. */
808  return (ARCHIVE_WARN);
809}
810
811static int
812archive_read_format_rar_read_header(struct archive_read *a,
813                                    struct archive_entry *entry)
814{
815  const void *h;
816  const char *p;
817  struct rar *rar;
818  size_t skip;
819  char head_type;
820  int ret;
821  unsigned flags;
822  unsigned long crc32_expected;
823
824  a->archive.archive_format = ARCHIVE_FORMAT_RAR;
825  if (a->archive.archive_format_name == NULL)
826    a->archive.archive_format_name = "RAR";
827
828  rar = (struct rar *)(a->format->data);
829
830  /*
831   * It should be sufficient to call archive_read_next_header() for
832   * a reader to determine if an entry is encrypted or not. If the
833   * encryption of an entry is only detectable when calling
834   * archive_read_data(), so be it. We'll do the same check there
835   * as well.
836   */
837  if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
838	  rar->has_encrypted_entries = 0;
839  }
840
841  /* RAR files can be generated without EOF headers, so return ARCHIVE_EOF if
842  * this fails.
843  */
844  if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
845    return (ARCHIVE_EOF);
846
847  p = h;
848  if (rar->found_first_header == 0 &&
849     ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0)) {
850    /* This is an executable ? Must be self-extracting... */
851    ret = skip_sfx(a);
852    if (ret < ARCHIVE_WARN)
853      return (ret);
854  }
855  rar->found_first_header = 1;
856
857  while (1)
858  {
859    unsigned long crc32_val;
860
861    if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
862      return (ARCHIVE_FATAL);
863    p = h;
864
865    head_type = p[2];
866    switch(head_type)
867    {
868    case MARK_HEAD:
869      if (memcmp(p, RAR_SIGNATURE, 7) != 0) {
870        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
871          "Invalid marker header");
872        return (ARCHIVE_FATAL);
873      }
874      __archive_read_consume(a, 7);
875      break;
876
877    case MAIN_HEAD:
878      rar->main_flags = archive_le16dec(p + 3);
879      skip = archive_le16dec(p + 5);
880      if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)) {
881        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
882          "Invalid header size");
883        return (ARCHIVE_FATAL);
884      }
885      if ((h = __archive_read_ahead(a, skip, NULL)) == NULL)
886        return (ARCHIVE_FATAL);
887      p = h;
888      memcpy(rar->reserved1, p + 7, sizeof(rar->reserved1));
889      memcpy(rar->reserved2, p + 7 + sizeof(rar->reserved1),
890             sizeof(rar->reserved2));
891      if (rar->main_flags & MHD_ENCRYPTVER) {
892        if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)+1) {
893          archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
894            "Invalid header size");
895          return (ARCHIVE_FATAL);
896        }
897        rar->encryptver = *(p + 7 + sizeof(rar->reserved1) +
898                            sizeof(rar->reserved2));
899      }
900
901      /* Main header is password encrypted, so we cannot read any
902         file names or any other info about files from the header. */
903      if (rar->main_flags & MHD_PASSWORD)
904      {
905        archive_entry_set_is_metadata_encrypted(entry, 1);
906        archive_entry_set_is_data_encrypted(entry, 1);
907        rar->has_encrypted_entries = 1;
908         archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
909                          "RAR encryption support unavailable.");
910        return (ARCHIVE_FATAL);
911      }
912
913      crc32_val = crc32(0, (const unsigned char *)p + 2, (unsigned)skip - 2);
914      if ((crc32_val & 0xffff) != archive_le16dec(p)) {
915        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
916          "Header CRC error");
917        return (ARCHIVE_FATAL);
918      }
919      __archive_read_consume(a, skip);
920      break;
921
922    case FILE_HEAD:
923      return read_header(a, entry, head_type);
924
925    case COMM_HEAD:
926    case AV_HEAD:
927    case SUB_HEAD:
928    case PROTECT_HEAD:
929    case SIGN_HEAD:
930    case ENDARC_HEAD:
931      flags = archive_le16dec(p + 3);
932      skip = archive_le16dec(p + 5);
933      if (skip < 7) {
934        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
935          "Invalid header size too small");
936        return (ARCHIVE_FATAL);
937      }
938      if (flags & HD_ADD_SIZE_PRESENT)
939      {
940        if (skip < 7 + 4) {
941          archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
942            "Invalid header size too small");
943          return (ARCHIVE_FATAL);
944        }
945        if ((h = __archive_read_ahead(a, skip, NULL)) == NULL)
946          return (ARCHIVE_FATAL);
947        p = h;
948        skip += archive_le32dec(p + 7);
949      }
950
951      /* Skip over the 2-byte CRC at the beginning of the header. */
952      crc32_expected = archive_le16dec(p);
953      __archive_read_consume(a, 2);
954      skip -= 2;
955
956      /* Skim the entire header and compute the CRC. */
957      crc32_val = 0;
958      while (skip > 0) {
959	      size_t to_read = skip;
960	      ssize_t did_read;
961	      if (to_read > 32 * 1024) {
962		      to_read = 32 * 1024;
963	      }
964	      if ((h = __archive_read_ahead(a, to_read, &did_read)) == NULL) {
965		      return (ARCHIVE_FATAL);
966	      }
967	      p = h;
968	      crc32_val = crc32(crc32_val, (const unsigned char *)p, (unsigned)did_read);
969	      __archive_read_consume(a, did_read);
970	      skip -= did_read;
971      }
972      if ((crc32_val & 0xffff) != crc32_expected) {
973	      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
974		  "Header CRC error");
975	      return (ARCHIVE_FATAL);
976      }
977      if (head_type == ENDARC_HEAD)
978	      return (ARCHIVE_EOF);
979      break;
980
981    case NEWSUB_HEAD:
982      if ((ret = read_header(a, entry, head_type)) < ARCHIVE_WARN)
983        return ret;
984      break;
985
986    default:
987      archive_set_error(&a->archive,  ARCHIVE_ERRNO_FILE_FORMAT,
988                        "Bad RAR file");
989      return (ARCHIVE_FATAL);
990    }
991  }
992}
993
994static int
995archive_read_format_rar_read_data(struct archive_read *a, const void **buff,
996                                  size_t *size, int64_t *offset)
997{
998  struct rar *rar = (struct rar *)(a->format->data);
999  int ret;
1000
1001  if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
1002	  rar->has_encrypted_entries = 0;
1003  }
1004
1005  if (rar->bytes_unconsumed > 0) {
1006      /* Consume as much as the decompressor actually used. */
1007      __archive_read_consume(a, rar->bytes_unconsumed);
1008      rar->bytes_unconsumed = 0;
1009  }
1010
1011  *buff = NULL;
1012  if (rar->entry_eof || rar->offset_seek >= rar->unp_size) {
1013    *size = 0;
1014    *offset = rar->offset;
1015    if (*offset < rar->unp_size)
1016      *offset = rar->unp_size;
1017    return (ARCHIVE_EOF);
1018  }
1019
1020  switch (rar->compression_method)
1021  {
1022  case COMPRESS_METHOD_STORE:
1023    ret = read_data_stored(a, buff, size, offset);
1024    break;
1025
1026  case COMPRESS_METHOD_FASTEST:
1027  case COMPRESS_METHOD_FAST:
1028  case COMPRESS_METHOD_NORMAL:
1029  case COMPRESS_METHOD_GOOD:
1030  case COMPRESS_METHOD_BEST:
1031    ret = read_data_compressed(a, buff, size, offset, 0);
1032    if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) {
1033      __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1034      rar->start_new_table = 1;
1035      rar->ppmd_valid = 0;
1036    }
1037    break;
1038
1039  default:
1040    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1041                      "Unsupported compression method for RAR file.");
1042    ret = ARCHIVE_FATAL;
1043    break;
1044  }
1045  return (ret);
1046}
1047
1048static int
1049archive_read_format_rar_read_data_skip(struct archive_read *a)
1050{
1051  struct rar *rar;
1052  int64_t bytes_skipped;
1053  int ret;
1054
1055  rar = (struct rar *)(a->format->data);
1056
1057  if (rar->bytes_unconsumed > 0) {
1058      /* Consume as much as the decompressor actually used. */
1059      __archive_read_consume(a, rar->bytes_unconsumed);
1060      rar->bytes_unconsumed = 0;
1061  }
1062
1063  if (rar->bytes_remaining > 0) {
1064    bytes_skipped = __archive_read_consume(a, rar->bytes_remaining);
1065    if (bytes_skipped < 0)
1066      return (ARCHIVE_FATAL);
1067  }
1068
1069  /* Compressed data to skip must be read from each header in a multivolume
1070   * archive.
1071   */
1072  if (rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER)
1073  {
1074    ret = archive_read_format_rar_read_header(a, a->entry);
1075    if (ret == (ARCHIVE_EOF))
1076      ret = archive_read_format_rar_read_header(a, a->entry);
1077    if (ret != (ARCHIVE_OK))
1078      return ret;
1079    return archive_read_format_rar_read_data_skip(a);
1080  }
1081
1082  return (ARCHIVE_OK);
1083}
1084
1085static int64_t
1086archive_read_format_rar_seek_data(struct archive_read *a, int64_t offset,
1087    int whence)
1088{
1089  int64_t client_offset, ret;
1090  unsigned int i;
1091  struct rar *rar = (struct rar *)(a->format->data);
1092
1093  if (rar->compression_method == COMPRESS_METHOD_STORE)
1094  {
1095    /* Modify the offset for use with SEEK_SET */
1096    switch (whence)
1097    {
1098      case SEEK_CUR:
1099        client_offset = rar->offset_seek;
1100        break;
1101      case SEEK_END:
1102        client_offset = rar->unp_size;
1103        break;
1104      case SEEK_SET:
1105      default:
1106        client_offset = 0;
1107    }
1108    client_offset += offset;
1109    if (client_offset < 0)
1110    {
1111      /* Can't seek past beginning of data block */
1112      return -1;
1113    }
1114    else if (client_offset > rar->unp_size)
1115    {
1116      /*
1117       * Set the returned offset but only seek to the end of
1118       * the data block.
1119       */
1120      rar->offset_seek = client_offset;
1121      client_offset = rar->unp_size;
1122    }
1123
1124    client_offset += rar->dbo[0].start_offset;
1125    i = 0;
1126    while (i < rar->cursor)
1127    {
1128      i++;
1129      client_offset += rar->dbo[i].start_offset - rar->dbo[i-1].end_offset;
1130    }
1131    if (rar->main_flags & MHD_VOLUME)
1132    {
1133      /* Find the appropriate offset among the multivolume archive */
1134      while (1)
1135      {
1136        if (client_offset < rar->dbo[rar->cursor].start_offset &&
1137          rar->file_flags & FHD_SPLIT_BEFORE)
1138        {
1139          /* Search backwards for the correct data block */
1140          if (rar->cursor == 0)
1141          {
1142            archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1143              "Attempt to seek past beginning of RAR data block");
1144            return (ARCHIVE_FAILED);
1145          }
1146          rar->cursor--;
1147          client_offset -= rar->dbo[rar->cursor+1].start_offset -
1148            rar->dbo[rar->cursor].end_offset;
1149          if (client_offset < rar->dbo[rar->cursor].start_offset)
1150            continue;
1151          ret = __archive_read_seek(a, rar->dbo[rar->cursor].start_offset -
1152            rar->dbo[rar->cursor].header_size, SEEK_SET);
1153          if (ret < (ARCHIVE_OK))
1154            return ret;
1155          ret = archive_read_format_rar_read_header(a, a->entry);
1156          if (ret != (ARCHIVE_OK))
1157          {
1158            archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1159              "Error during seek of RAR file");
1160            return (ARCHIVE_FAILED);
1161          }
1162          rar->cursor--;
1163          break;
1164        }
1165        else if (client_offset > rar->dbo[rar->cursor].end_offset &&
1166          rar->file_flags & FHD_SPLIT_AFTER)
1167        {
1168          /* Search forward for the correct data block */
1169          rar->cursor++;
1170          if (rar->cursor < rar->nodes &&
1171            client_offset > rar->dbo[rar->cursor].end_offset)
1172          {
1173            client_offset += rar->dbo[rar->cursor].start_offset -
1174              rar->dbo[rar->cursor-1].end_offset;
1175            continue;
1176          }
1177          rar->cursor--;
1178          ret = __archive_read_seek(a, rar->dbo[rar->cursor].end_offset,
1179                                    SEEK_SET);
1180          if (ret < (ARCHIVE_OK))
1181            return ret;
1182          ret = archive_read_format_rar_read_header(a, a->entry);
1183          if (ret == (ARCHIVE_EOF))
1184          {
1185            rar->has_endarc_header = 1;
1186            ret = archive_read_format_rar_read_header(a, a->entry);
1187          }
1188          if (ret != (ARCHIVE_OK))
1189          {
1190            archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1191              "Error during seek of RAR file");
1192            return (ARCHIVE_FAILED);
1193          }
1194          client_offset += rar->dbo[rar->cursor].start_offset -
1195            rar->dbo[rar->cursor-1].end_offset;
1196          continue;
1197        }
1198        break;
1199      }
1200    }
1201
1202    ret = __archive_read_seek(a, client_offset, SEEK_SET);
1203    if (ret < (ARCHIVE_OK))
1204      return ret;
1205    rar->bytes_remaining = rar->dbo[rar->cursor].end_offset - ret;
1206    i = rar->cursor;
1207    while (i > 0)
1208    {
1209      i--;
1210      ret -= rar->dbo[i+1].start_offset - rar->dbo[i].end_offset;
1211    }
1212    ret -= rar->dbo[0].start_offset;
1213
1214    /* Always restart reading the file after a seek */
1215    __archive_reset_read_data(&a->archive);
1216
1217    rar->bytes_unconsumed = 0;
1218    rar->offset = 0;
1219
1220    /*
1221     * If a seek past the end of file was requested, return the requested
1222     * offset.
1223     */
1224    if (ret == rar->unp_size && rar->offset_seek > rar->unp_size)
1225      return rar->offset_seek;
1226
1227    /* Return the new offset */
1228    rar->offset_seek = ret;
1229    return rar->offset_seek;
1230  }
1231  else
1232  {
1233    archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1234      "Seeking of compressed RAR files is unsupported");
1235  }
1236  return (ARCHIVE_FAILED);
1237}
1238
1239static int
1240archive_read_format_rar_cleanup(struct archive_read *a)
1241{
1242  struct rar *rar;
1243
1244  rar = (struct rar *)(a->format->data);
1245  free_codes(a);
1246  free(rar->filename);
1247  free(rar->filename_save);
1248  free(rar->dbo);
1249  free(rar->unp_buffer);
1250  free(rar->lzss.window);
1251  __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1252  free(rar);
1253  (a->format->data) = NULL;
1254  return (ARCHIVE_OK);
1255}
1256
1257static int
1258read_header(struct archive_read *a, struct archive_entry *entry,
1259            char head_type)
1260{
1261  const void *h;
1262  const char *p, *endp;
1263  struct rar *rar;
1264  struct rar_header rar_header;
1265  struct rar_file_header file_header;
1266  int64_t header_size;
1267  unsigned filename_size, end;
1268  char *filename;
1269  char *strp;
1270  char packed_size[8];
1271  char unp_size[8];
1272  int ttime;
1273  struct archive_string_conv *sconv, *fn_sconv;
1274  unsigned long crc32_val;
1275  int ret = (ARCHIVE_OK), ret2;
1276
1277  rar = (struct rar *)(a->format->data);
1278
1279  /* Setup a string conversion object for non-rar-unicode filenames. */
1280  sconv = rar->opt_sconv;
1281  if (sconv == NULL) {
1282    if (!rar->init_default_conversion) {
1283      rar->sconv_default =
1284          archive_string_default_conversion_for_read(
1285            &(a->archive));
1286      rar->init_default_conversion = 1;
1287    }
1288    sconv = rar->sconv_default;
1289  }
1290
1291
1292  if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
1293    return (ARCHIVE_FATAL);
1294  p = h;
1295  memcpy(&rar_header, p, sizeof(rar_header));
1296  rar->file_flags = archive_le16dec(rar_header.flags);
1297  header_size = archive_le16dec(rar_header.size);
1298  if (header_size < (int64_t)sizeof(file_header) + 7) {
1299    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1300      "Invalid header size");
1301    return (ARCHIVE_FATAL);
1302  }
1303  crc32_val = crc32(0, (const unsigned char *)p + 2, 7 - 2);
1304  __archive_read_consume(a, 7);
1305
1306  if (!(rar->file_flags & FHD_SOLID))
1307  {
1308    rar->compression_method = 0;
1309    rar->packed_size = 0;
1310    rar->unp_size = 0;
1311    rar->mtime = 0;
1312    rar->ctime = 0;
1313    rar->atime = 0;
1314    rar->arctime = 0;
1315    rar->mode = 0;
1316    memset(&rar->salt, 0, sizeof(rar->salt));
1317    rar->atime = 0;
1318    rar->ansec = 0;
1319    rar->ctime = 0;
1320    rar->cnsec = 0;
1321    rar->mtime = 0;
1322    rar->mnsec = 0;
1323    rar->arctime = 0;
1324    rar->arcnsec = 0;
1325  }
1326  else
1327  {
1328    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1329                      "RAR solid archive support unavailable.");
1330    return (ARCHIVE_FATAL);
1331  }
1332
1333  if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL)
1334    return (ARCHIVE_FATAL);
1335
1336  /* File Header CRC check. */
1337  crc32_val = crc32(crc32_val, h, (unsigned)(header_size - 7));
1338  if ((crc32_val & 0xffff) != archive_le16dec(rar_header.crc)) {
1339    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1340      "Header CRC error");
1341    return (ARCHIVE_FATAL);
1342  }
1343  /* If no CRC error, Go on parsing File Header. */
1344  p = h;
1345  endp = p + header_size - 7;
1346  memcpy(&file_header, p, sizeof(file_header));
1347  p += sizeof(file_header);
1348
1349  rar->compression_method = file_header.method;
1350
1351  ttime = archive_le32dec(file_header.file_time);
1352  rar->mtime = get_time(ttime);
1353
1354  rar->file_crc = archive_le32dec(file_header.file_crc);
1355
1356  if (rar->file_flags & FHD_PASSWORD)
1357  {
1358	archive_entry_set_is_data_encrypted(entry, 1);
1359	rar->has_encrypted_entries = 1;
1360    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1361                      "RAR encryption support unavailable.");
1362    /* Since it is only the data part itself that is encrypted we can at least
1363       extract information about the currently processed entry and don't need
1364       to return ARCHIVE_FATAL here. */
1365    /*return (ARCHIVE_FATAL);*/
1366  }
1367
1368  if (rar->file_flags & FHD_LARGE)
1369  {
1370    memcpy(packed_size, file_header.pack_size, 4);
1371    memcpy(packed_size + 4, p, 4); /* High pack size */
1372    p += 4;
1373    memcpy(unp_size, file_header.unp_size, 4);
1374    memcpy(unp_size + 4, p, 4); /* High unpack size */
1375    p += 4;
1376    rar->packed_size = archive_le64dec(&packed_size);
1377    rar->unp_size = archive_le64dec(&unp_size);
1378  }
1379  else
1380  {
1381    rar->packed_size = archive_le32dec(file_header.pack_size);
1382    rar->unp_size = archive_le32dec(file_header.unp_size);
1383  }
1384
1385  if (rar->packed_size < 0 || rar->unp_size < 0)
1386  {
1387    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1388                      "Invalid sizes specified.");
1389    return (ARCHIVE_FATAL);
1390  }
1391
1392  rar->bytes_remaining = rar->packed_size;
1393
1394  /* TODO: RARv3 subblocks contain comments. For now the complete block is
1395   * consumed at the end.
1396   */
1397  if (head_type == NEWSUB_HEAD) {
1398    size_t distance = p - (const char *)h;
1399    header_size += rar->packed_size;
1400    /* Make sure we have the extended data. */
1401    if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL)
1402        return (ARCHIVE_FATAL);
1403    p = h;
1404    endp = p + header_size - 7;
1405    p += distance;
1406  }
1407
1408  filename_size = archive_le16dec(file_header.name_size);
1409  if (p + filename_size > endp) {
1410    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1411      "Invalid filename size");
1412    return (ARCHIVE_FATAL);
1413  }
1414  if (rar->filename_allocated < filename_size * 2 + 2) {
1415    char *newptr;
1416    size_t newsize = filename_size * 2 + 2;
1417    newptr = realloc(rar->filename, newsize);
1418    if (newptr == NULL) {
1419      archive_set_error(&a->archive, ENOMEM,
1420                        "Couldn't allocate memory.");
1421      return (ARCHIVE_FATAL);
1422    }
1423    rar->filename = newptr;
1424    rar->filename_allocated = newsize;
1425  }
1426  filename = rar->filename;
1427  memcpy(filename, p, filename_size);
1428  filename[filename_size] = '\0';
1429  if (rar->file_flags & FHD_UNICODE)
1430  {
1431    if (filename_size != strlen(filename))
1432    {
1433      unsigned char highbyte, flagbits, flagbyte;
1434      unsigned fn_end, offset;
1435
1436      end = filename_size;
1437      fn_end = filename_size * 2;
1438      filename_size = 0;
1439      offset = (unsigned)strlen(filename) + 1;
1440      highbyte = *(p + offset++);
1441      flagbits = 0;
1442      flagbyte = 0;
1443      while (offset < end && filename_size < fn_end)
1444      {
1445        if (!flagbits)
1446        {
1447          flagbyte = *(p + offset++);
1448          flagbits = 8;
1449        }
1450
1451        flagbits -= 2;
1452        switch((flagbyte >> flagbits) & 3)
1453        {
1454          case 0:
1455            filename[filename_size++] = '\0';
1456            filename[filename_size++] = *(p + offset++);
1457            break;
1458          case 1:
1459            filename[filename_size++] = highbyte;
1460            filename[filename_size++] = *(p + offset++);
1461            break;
1462          case 2:
1463            filename[filename_size++] = *(p + offset + 1);
1464            filename[filename_size++] = *(p + offset);
1465            offset += 2;
1466            break;
1467          case 3:
1468          {
1469            char extra, high;
1470            uint8_t length = *(p + offset++);
1471
1472            if (length & 0x80) {
1473              extra = *(p + offset++);
1474              high = (char)highbyte;
1475            } else
1476              extra = high = 0;
1477            length = (length & 0x7f) + 2;
1478            while (length && filename_size < fn_end) {
1479              unsigned cp = filename_size >> 1;
1480              filename[filename_size++] = high;
1481              filename[filename_size++] = p[cp] + extra;
1482              length--;
1483            }
1484          }
1485          break;
1486        }
1487      }
1488      if (filename_size > fn_end) {
1489        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1490          "Invalid filename");
1491        return (ARCHIVE_FATAL);
1492      }
1493      filename[filename_size++] = '\0';
1494      /*
1495       * Do not increment filename_size here as the computations below
1496       * add the space for the terminating NUL explicitly.
1497       */
1498      filename[filename_size] = '\0';
1499
1500      /* Decoded unicode form is UTF-16BE, so we have to update a string
1501       * conversion object for it. */
1502      if (rar->sconv_utf16be == NULL) {
1503        rar->sconv_utf16be = archive_string_conversion_from_charset(
1504           &a->archive, "UTF-16BE", 1);
1505        if (rar->sconv_utf16be == NULL)
1506          return (ARCHIVE_FATAL);
1507      }
1508      fn_sconv = rar->sconv_utf16be;
1509
1510      strp = filename;
1511      while (memcmp(strp, "\x00\x00", 2))
1512      {
1513        if (!memcmp(strp, "\x00\\", 2))
1514          *(strp + 1) = '/';
1515        strp += 2;
1516      }
1517      p += offset;
1518    } else {
1519      /*
1520       * If FHD_UNICODE is set but no unicode data, this file name form
1521       * is UTF-8, so we have to update a string conversion object for
1522       * it accordingly.
1523       */
1524      if (rar->sconv_utf8 == NULL) {
1525        rar->sconv_utf8 = archive_string_conversion_from_charset(
1526           &a->archive, "UTF-8", 1);
1527        if (rar->sconv_utf8 == NULL)
1528          return (ARCHIVE_FATAL);
1529      }
1530      fn_sconv = rar->sconv_utf8;
1531      while ((strp = strchr(filename, '\\')) != NULL)
1532        *strp = '/';
1533      p += filename_size;
1534    }
1535  }
1536  else
1537  {
1538    fn_sconv = sconv;
1539    while ((strp = strchr(filename, '\\')) != NULL)
1540      *strp = '/';
1541    p += filename_size;
1542  }
1543
1544  /* Split file in multivolume RAR. No more need to process header. */
1545  if (rar->filename_save &&
1546    filename_size == rar->filename_save_size &&
1547    !memcmp(rar->filename, rar->filename_save, filename_size + 1))
1548  {
1549    __archive_read_consume(a, header_size - 7);
1550    rar->cursor++;
1551    if (rar->cursor >= rar->nodes)
1552    {
1553      rar->nodes++;
1554      if ((rar->dbo =
1555        realloc(rar->dbo, sizeof(*rar->dbo) * rar->nodes)) == NULL)
1556      {
1557        archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
1558        return (ARCHIVE_FATAL);
1559      }
1560      rar->dbo[rar->cursor].header_size = header_size;
1561      rar->dbo[rar->cursor].start_offset = -1;
1562      rar->dbo[rar->cursor].end_offset = -1;
1563    }
1564    if (rar->dbo[rar->cursor].start_offset < 0)
1565    {
1566      rar->dbo[rar->cursor].start_offset = a->filter->position;
1567      rar->dbo[rar->cursor].end_offset = rar->dbo[rar->cursor].start_offset +
1568        rar->packed_size;
1569    }
1570    return ret;
1571  }
1572
1573  rar->filename_save = (char*)realloc(rar->filename_save,
1574                                      filename_size + 1);
1575  memcpy(rar->filename_save, rar->filename, filename_size + 1);
1576  rar->filename_save_size = filename_size;
1577
1578  /* Set info for seeking */
1579  free(rar->dbo);
1580  if ((rar->dbo = calloc(1, sizeof(*rar->dbo))) == NULL)
1581  {
1582    archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
1583    return (ARCHIVE_FATAL);
1584  }
1585  rar->dbo[0].header_size = header_size;
1586  rar->dbo[0].start_offset = -1;
1587  rar->dbo[0].end_offset = -1;
1588  rar->cursor = 0;
1589  rar->nodes = 1;
1590
1591  if (rar->file_flags & FHD_SALT)
1592  {
1593    if (p + 8 > endp) {
1594      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1595        "Invalid header size");
1596      return (ARCHIVE_FATAL);
1597    }
1598    memcpy(rar->salt, p, 8);
1599    p += 8;
1600  }
1601
1602  if (rar->file_flags & FHD_EXTTIME) {
1603    if (read_exttime(p, rar, endp) < 0) {
1604      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1605        "Invalid header size");
1606      return (ARCHIVE_FATAL);
1607    }
1608  }
1609
1610  __archive_read_consume(a, header_size - 7);
1611  rar->dbo[0].start_offset = a->filter->position;
1612  rar->dbo[0].end_offset = rar->dbo[0].start_offset + rar->packed_size;
1613
1614  switch(file_header.host_os)
1615  {
1616  case OS_MSDOS:
1617  case OS_OS2:
1618  case OS_WIN32:
1619    rar->mode = archive_le32dec(file_header.file_attr);
1620    if (rar->mode & FILE_ATTRIBUTE_DIRECTORY)
1621      rar->mode = AE_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH;
1622    else
1623      rar->mode = AE_IFREG;
1624    rar->mode |= S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
1625    break;
1626
1627  case OS_UNIX:
1628  case OS_MAC_OS:
1629  case OS_BEOS:
1630    rar->mode = archive_le32dec(file_header.file_attr);
1631    break;
1632
1633  default:
1634    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1635                      "Unknown file attributes from RAR file's host OS");
1636    return (ARCHIVE_FATAL);
1637  }
1638
1639  rar->bytes_uncopied = rar->bytes_unconsumed = 0;
1640  rar->lzss.position = rar->offset = 0;
1641  rar->offset_seek = 0;
1642  rar->dictionary_size = 0;
1643  rar->offset_outgoing = 0;
1644  rar->br.cache_avail = 0;
1645  rar->br.avail_in = 0;
1646  rar->crc_calculated = 0;
1647  rar->entry_eof = 0;
1648  rar->valid = 1;
1649  rar->is_ppmd_block = 0;
1650  rar->start_new_table = 1;
1651  free(rar->unp_buffer);
1652  rar->unp_buffer = NULL;
1653  rar->unp_offset = 0;
1654  rar->unp_buffer_size = UNP_BUFFER_SIZE;
1655  memset(rar->lengthtable, 0, sizeof(rar->lengthtable));
1656  __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1657  rar->ppmd_valid = rar->ppmd_eod = 0;
1658
1659  /* Don't set any archive entries for non-file header types */
1660  if (head_type == NEWSUB_HEAD)
1661    return ret;
1662
1663  archive_entry_set_mtime(entry, rar->mtime, rar->mnsec);
1664  archive_entry_set_ctime(entry, rar->ctime, rar->cnsec);
1665  archive_entry_set_atime(entry, rar->atime, rar->ansec);
1666  archive_entry_set_size(entry, rar->unp_size);
1667  archive_entry_set_mode(entry, rar->mode);
1668
1669  if (archive_entry_copy_pathname_l(entry, filename, filename_size, fn_sconv))
1670  {
1671    if (errno == ENOMEM)
1672    {
1673      archive_set_error(&a->archive, ENOMEM,
1674                        "Can't allocate memory for Pathname");
1675      return (ARCHIVE_FATAL);
1676    }
1677    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1678                      "Pathname cannot be converted from %s to current locale.",
1679                      archive_string_conversion_charset_name(fn_sconv));
1680    ret = (ARCHIVE_WARN);
1681  }
1682
1683  if (((rar->mode) & AE_IFMT) == AE_IFLNK)
1684  {
1685    /* Make sure a symbolic-link file does not have its body. */
1686    rar->bytes_remaining = 0;
1687    archive_entry_set_size(entry, 0);
1688
1689    /* Read a symbolic-link name. */
1690    if ((ret2 = read_symlink_stored(a, entry, sconv)) < (ARCHIVE_WARN))
1691      return ret2;
1692    if (ret > ret2)
1693      ret = ret2;
1694  }
1695
1696  if (rar->bytes_remaining == 0)
1697    rar->entry_eof = 1;
1698
1699  return ret;
1700}
1701
1702static time_t
1703get_time(int ttime)
1704{
1705  struct tm tm;
1706  tm.tm_sec = 2 * (ttime & 0x1f);
1707  tm.tm_min = (ttime >> 5) & 0x3f;
1708  tm.tm_hour = (ttime >> 11) & 0x1f;
1709  tm.tm_mday = (ttime >> 16) & 0x1f;
1710  tm.tm_mon = ((ttime >> 21) & 0x0f) - 1;
1711  tm.tm_year = ((ttime >> 25) & 0x7f) + 80;
1712  tm.tm_isdst = -1;
1713  return mktime(&tm);
1714}
1715
1716static int
1717read_exttime(const char *p, struct rar *rar, const char *endp)
1718{
1719  unsigned rmode, flags, rem, j, count;
1720  int ttime, i;
1721  struct tm *tm;
1722  time_t t;
1723  long nsec;
1724#if defined(HAVE_LOCALTIME_R) || defined(HAVE__LOCALTIME64_S)
1725  struct tm tmbuf;
1726#endif
1727#if defined(HAVE__LOCALTIME64_S)
1728  errno_t terr;
1729  __time64_t tmptime;
1730#endif
1731
1732  if (p + 2 > endp)
1733    return (-1);
1734  flags = archive_le16dec(p);
1735  p += 2;
1736
1737  for (i = 3; i >= 0; i--)
1738  {
1739    t = 0;
1740    if (i == 3)
1741      t = rar->mtime;
1742    rmode = flags >> i * 4;
1743    if (rmode & 8)
1744    {
1745      if (!t)
1746      {
1747        if (p + 4 > endp)
1748          return (-1);
1749        ttime = archive_le32dec(p);
1750        t = get_time(ttime);
1751        p += 4;
1752      }
1753      rem = 0;
1754      count = rmode & 3;
1755      if (p + count > endp)
1756        return (-1);
1757      for (j = 0; j < count; j++)
1758      {
1759        rem = (((unsigned)(unsigned char)*p) << 16) | (rem >> 8);
1760        p++;
1761      }
1762#if defined(HAVE_LOCALTIME_R)
1763      tm = localtime_r(&t, &tmbuf);
1764#elif defined(HAVE__LOCALTIME64_S)
1765      tmptime = t;
1766      terr = _localtime64_s(&tmbuf, &tmptime);
1767      if (terr)
1768        tm = NULL;
1769      else
1770        tm = &tmbuf;
1771#else
1772      tm = localtime(&t);
1773#endif
1774      nsec = tm->tm_sec + rem / NS_UNIT;
1775      if (rmode & 4)
1776      {
1777        tm->tm_sec++;
1778        t = mktime(tm);
1779      }
1780      if (i == 3)
1781      {
1782        rar->mtime = t;
1783        rar->mnsec = nsec;
1784      }
1785      else if (i == 2)
1786      {
1787        rar->ctime = t;
1788        rar->cnsec = nsec;
1789      }
1790      else if (i == 1)
1791      {
1792        rar->atime = t;
1793        rar->ansec = nsec;
1794      }
1795      else
1796      {
1797        rar->arctime = t;
1798        rar->arcnsec = nsec;
1799      }
1800    }
1801  }
1802  return (0);
1803}
1804
1805static int
1806read_symlink_stored(struct archive_read *a, struct archive_entry *entry,
1807                    struct archive_string_conv *sconv)
1808{
1809  const void *h;
1810  const char *p;
1811  struct rar *rar;
1812  int ret = (ARCHIVE_OK);
1813
1814  rar = (struct rar *)(a->format->data);
1815  if ((h = rar_read_ahead(a, (size_t)rar->packed_size, NULL)) == NULL)
1816    return (ARCHIVE_FATAL);
1817  p = h;
1818
1819  if (archive_entry_copy_symlink_l(entry,
1820      p, (size_t)rar->packed_size, sconv))
1821  {
1822    if (errno == ENOMEM)
1823    {
1824      archive_set_error(&a->archive, ENOMEM,
1825                        "Can't allocate memory for link");
1826      return (ARCHIVE_FATAL);
1827    }
1828    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1829                      "link cannot be converted from %s to current locale.",
1830                      archive_string_conversion_charset_name(sconv));
1831    ret = (ARCHIVE_WARN);
1832  }
1833  __archive_read_consume(a, rar->packed_size);
1834  return ret;
1835}
1836
1837static int
1838read_data_stored(struct archive_read *a, const void **buff, size_t *size,
1839                 int64_t *offset)
1840{
1841  struct rar *rar;
1842  ssize_t bytes_avail;
1843
1844  rar = (struct rar *)(a->format->data);
1845  if (rar->bytes_remaining == 0 &&
1846    !(rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER))
1847  {
1848    *buff = NULL;
1849    *size = 0;
1850    *offset = rar->offset;
1851    if (rar->file_crc != rar->crc_calculated) {
1852      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1853                        "File CRC error");
1854      return (ARCHIVE_FATAL);
1855    }
1856    rar->entry_eof = 1;
1857    return (ARCHIVE_EOF);
1858  }
1859
1860  *buff = rar_read_ahead(a, 1, &bytes_avail);
1861  if (bytes_avail <= 0)
1862  {
1863    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1864                      "Truncated RAR file data");
1865    return (ARCHIVE_FATAL);
1866  }
1867
1868  *size = bytes_avail;
1869  *offset = rar->offset;
1870  rar->offset += bytes_avail;
1871  rar->offset_seek += bytes_avail;
1872  rar->bytes_remaining -= bytes_avail;
1873  rar->bytes_unconsumed = bytes_avail;
1874  /* Calculate File CRC. */
1875  rar->crc_calculated = crc32(rar->crc_calculated, *buff,
1876    (unsigned)bytes_avail);
1877  return (ARCHIVE_OK);
1878}
1879
1880static int
1881read_data_compressed(struct archive_read *a, const void **buff, size_t *size,
1882               int64_t *offset, size_t looper)
1883{
1884  if (looper++ > MAX_COMPRESS_DEPTH)
1885    return (ARCHIVE_FATAL);
1886
1887  struct rar *rar;
1888  int64_t start, end, actualend;
1889  size_t bs;
1890  int ret = (ARCHIVE_OK), sym, code, lzss_offset, length, i;
1891
1892  rar = (struct rar *)(a->format->data);
1893
1894  do {
1895    if (!rar->valid)
1896      return (ARCHIVE_FATAL);
1897    if (rar->ppmd_eod ||
1898       (rar->dictionary_size && rar->offset >= rar->unp_size))
1899    {
1900      if (rar->unp_offset > 0) {
1901        /*
1902         * We have unprocessed extracted data. write it out.
1903         */
1904        *buff = rar->unp_buffer;
1905        *size = rar->unp_offset;
1906        *offset = rar->offset_outgoing;
1907        rar->offset_outgoing += *size;
1908        /* Calculate File CRC. */
1909        rar->crc_calculated = crc32(rar->crc_calculated, *buff,
1910          (unsigned)*size);
1911        rar->unp_offset = 0;
1912        return (ARCHIVE_OK);
1913      }
1914      *buff = NULL;
1915      *size = 0;
1916      *offset = rar->offset;
1917      if (rar->file_crc != rar->crc_calculated) {
1918        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1919                          "File CRC error");
1920        return (ARCHIVE_FATAL);
1921      }
1922      rar->entry_eof = 1;
1923      return (ARCHIVE_EOF);
1924    }
1925
1926    if (!rar->is_ppmd_block && rar->dictionary_size && rar->bytes_uncopied > 0)
1927    {
1928      if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset))
1929        bs = rar->unp_buffer_size - rar->unp_offset;
1930      else
1931        bs = (size_t)rar->bytes_uncopied;
1932      ret = copy_from_lzss_window(a, buff, rar->offset, (int)bs);
1933      if (ret != ARCHIVE_OK)
1934        return (ret);
1935      rar->offset += bs;
1936      rar->bytes_uncopied -= bs;
1937      if (*buff != NULL) {
1938        rar->unp_offset = 0;
1939        *size = rar->unp_buffer_size;
1940        *offset = rar->offset_outgoing;
1941        rar->offset_outgoing += *size;
1942        /* Calculate File CRC. */
1943        rar->crc_calculated = crc32(rar->crc_calculated, *buff,
1944          (unsigned)*size);
1945        return (ret);
1946      }
1947      continue;
1948    }
1949
1950    if (!rar->br.next_in &&
1951      (ret = rar_br_preparation(a, &(rar->br))) < ARCHIVE_WARN)
1952      return (ret);
1953    if (rar->start_new_table && ((ret = parse_codes(a)) < (ARCHIVE_WARN)))
1954      return (ret);
1955
1956    if (rar->is_ppmd_block)
1957    {
1958      if ((sym = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
1959        &rar->ppmd7_context, &rar->range_dec.p)) < 0)
1960      {
1961        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1962                          "Invalid symbol");
1963        return (ARCHIVE_FATAL);
1964      }
1965      if(sym != rar->ppmd_escape)
1966      {
1967        lzss_emit_literal(rar, sym);
1968        rar->bytes_uncopied++;
1969      }
1970      else
1971      {
1972        if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
1973          &rar->ppmd7_context, &rar->range_dec.p)) < 0)
1974        {
1975          archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1976                            "Invalid symbol");
1977          return (ARCHIVE_FATAL);
1978        }
1979
1980        switch(code)
1981        {
1982          case 0:
1983            rar->start_new_table = 1;
1984            return read_data_compressed(a, buff, size, offset, looper);
1985
1986          case 2:
1987            rar->ppmd_eod = 1;/* End Of ppmd Data. */
1988            continue;
1989
1990          case 3:
1991            archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1992                              "Parsing filters is unsupported.");
1993            return (ARCHIVE_FAILED);
1994
1995          case 4:
1996            lzss_offset = 0;
1997            for (i = 2; i >= 0; i--)
1998            {
1999              if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2000                &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2001              {
2002                archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2003                                  "Invalid symbol");
2004                return (ARCHIVE_FATAL);
2005              }
2006              lzss_offset |= code << (i * 8);
2007            }
2008            if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2009              &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2010            {
2011              archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2012                                "Invalid symbol");
2013              return (ARCHIVE_FATAL);
2014            }
2015            lzss_emit_match(rar, lzss_offset + 2, length + 32);
2016            rar->bytes_uncopied += length + 32;
2017            break;
2018
2019          case 5:
2020            if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2021              &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2022            {
2023              archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2024                                "Invalid symbol");
2025              return (ARCHIVE_FATAL);
2026            }
2027            lzss_emit_match(rar, 1, length + 4);
2028            rar->bytes_uncopied += length + 4;
2029            break;
2030
2031         default:
2032           lzss_emit_literal(rar, sym);
2033           rar->bytes_uncopied++;
2034        }
2035      }
2036    }
2037    else
2038    {
2039      start = rar->offset;
2040      end = start + rar->dictionary_size;
2041      rar->filterstart = INT64_MAX;
2042
2043      if ((actualend = expand(a, end)) < 0)
2044        return ((int)actualend);
2045
2046      rar->bytes_uncopied = actualend - start;
2047      if (rar->bytes_uncopied == 0) {
2048          /* Broken RAR files cause this case.
2049          * NOTE: If this case were possible on a normal RAR file
2050          * we would find out where it was actually bad and
2051          * what we would do to solve it. */
2052          archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2053                            "Internal error extracting RAR file");
2054          return (ARCHIVE_FATAL);
2055      }
2056    }
2057    if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset))
2058      bs = rar->unp_buffer_size - rar->unp_offset;
2059    else
2060      bs = (size_t)rar->bytes_uncopied;
2061    ret = copy_from_lzss_window(a, buff, rar->offset, (int)bs);
2062    if (ret != ARCHIVE_OK)
2063      return (ret);
2064    rar->offset += bs;
2065    rar->bytes_uncopied -= bs;
2066    /*
2067     * If *buff is NULL, it means unp_buffer is not full.
2068     * So we have to continue extracting a RAR file.
2069     */
2070  } while (*buff == NULL);
2071
2072  rar->unp_offset = 0;
2073  *size = rar->unp_buffer_size;
2074  *offset = rar->offset_outgoing;
2075  rar->offset_outgoing += *size;
2076  /* Calculate File CRC. */
2077  rar->crc_calculated = crc32(rar->crc_calculated, *buff, (unsigned)*size);
2078  return ret;
2079}
2080
2081static int
2082parse_codes(struct archive_read *a)
2083{
2084  int i, j, val, n, r;
2085  unsigned char bitlengths[MAX_SYMBOLS], zerocount, ppmd_flags;
2086  unsigned int maxorder;
2087  struct huffman_code precode;
2088  struct rar *rar = (struct rar *)(a->format->data);
2089  struct rar_br *br = &(rar->br);
2090
2091  free_codes(a);
2092
2093  /* Skip to the next byte */
2094  rar_br_consume_unalined_bits(br);
2095
2096  /* PPMd block flag */
2097  if (!rar_br_read_ahead(a, br, 1))
2098    goto truncated_data;
2099  if ((rar->is_ppmd_block = rar_br_bits(br, 1)) != 0)
2100  {
2101    rar_br_consume(br, 1);
2102    if (!rar_br_read_ahead(a, br, 7))
2103      goto truncated_data;
2104    ppmd_flags = rar_br_bits(br, 7);
2105    rar_br_consume(br, 7);
2106
2107    /* Memory is allocated in MB */
2108    if (ppmd_flags & 0x20)
2109    {
2110      if (!rar_br_read_ahead(a, br, 8))
2111        goto truncated_data;
2112      rar->dictionary_size = (rar_br_bits(br, 8) + 1) << 20;
2113      rar_br_consume(br, 8);
2114    }
2115
2116    if (ppmd_flags & 0x40)
2117    {
2118      if (!rar_br_read_ahead(a, br, 8))
2119        goto truncated_data;
2120      rar->ppmd_escape = rar->ppmd7_context.InitEsc = rar_br_bits(br, 8);
2121      rar_br_consume(br, 8);
2122    }
2123    else
2124      rar->ppmd_escape = 2;
2125
2126    if (ppmd_flags & 0x20)
2127    {
2128      maxorder = (ppmd_flags & 0x1F) + 1;
2129      if(maxorder > 16)
2130        maxorder = 16 + (maxorder - 16) * 3;
2131
2132      if (maxorder == 1)
2133      {
2134        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2135                          "Truncated RAR file data");
2136        return (ARCHIVE_FATAL);
2137      }
2138
2139      /* Make sure ppmd7_contest is freed before Ppmd7_Construct
2140       * because reading a broken file cause this abnormal sequence. */
2141      __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
2142
2143      rar->bytein.a = a;
2144      rar->bytein.Read = &ppmd_read;
2145      __archive_ppmd7_functions.PpmdRAR_RangeDec_CreateVTable(&rar->range_dec);
2146      rar->range_dec.Stream = &rar->bytein;
2147      __archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context);
2148
2149      if (rar->dictionary_size == 0) {
2150	      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2151                          "Invalid zero dictionary size");
2152	      return (ARCHIVE_FATAL);
2153      }
2154
2155      if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context,
2156        rar->dictionary_size))
2157      {
2158        archive_set_error(&a->archive, ENOMEM,
2159                          "Out of memory");
2160        return (ARCHIVE_FATAL);
2161      }
2162      if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec))
2163      {
2164        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2165                          "Unable to initialize PPMd range decoder");
2166        return (ARCHIVE_FATAL);
2167      }
2168      __archive_ppmd7_functions.Ppmd7_Init(&rar->ppmd7_context, maxorder);
2169      rar->ppmd_valid = 1;
2170    }
2171    else
2172    {
2173      if (!rar->ppmd_valid) {
2174        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2175                          "Invalid PPMd sequence");
2176        return (ARCHIVE_FATAL);
2177      }
2178      if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec))
2179      {
2180        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2181                          "Unable to initialize PPMd range decoder");
2182        return (ARCHIVE_FATAL);
2183      }
2184    }
2185  }
2186  else
2187  {
2188    rar_br_consume(br, 1);
2189
2190    /* Keep existing table flag */
2191    if (!rar_br_read_ahead(a, br, 1))
2192      goto truncated_data;
2193    if (!rar_br_bits(br, 1))
2194      memset(rar->lengthtable, 0, sizeof(rar->lengthtable));
2195    rar_br_consume(br, 1);
2196
2197    memset(&bitlengths, 0, sizeof(bitlengths));
2198    for (i = 0; i < MAX_SYMBOLS;)
2199    {
2200      if (!rar_br_read_ahead(a, br, 4))
2201        goto truncated_data;
2202      bitlengths[i++] = rar_br_bits(br, 4);
2203      rar_br_consume(br, 4);
2204      if (bitlengths[i-1] == 0xF)
2205      {
2206        if (!rar_br_read_ahead(a, br, 4))
2207          goto truncated_data;
2208        zerocount = rar_br_bits(br, 4);
2209        rar_br_consume(br, 4);
2210        if (zerocount)
2211        {
2212          i--;
2213          for (j = 0; j < zerocount + 2 && i < MAX_SYMBOLS; j++)
2214            bitlengths[i++] = 0;
2215        }
2216      }
2217    }
2218
2219    memset(&precode, 0, sizeof(precode));
2220    r = create_code(a, &precode, bitlengths, MAX_SYMBOLS, MAX_SYMBOL_LENGTH);
2221    if (r != ARCHIVE_OK) {
2222      free(precode.tree);
2223      free(precode.table);
2224      return (r);
2225    }
2226
2227    for (i = 0; i < HUFFMAN_TABLE_SIZE;)
2228    {
2229      if ((val = read_next_symbol(a, &precode)) < 0) {
2230        free(precode.tree);
2231        free(precode.table);
2232        return (ARCHIVE_FATAL);
2233      }
2234      if (val < 16)
2235      {
2236        rar->lengthtable[i] = (rar->lengthtable[i] + val) & 0xF;
2237        i++;
2238      }
2239      else if (val < 18)
2240      {
2241        if (i == 0)
2242        {
2243          free(precode.tree);
2244          free(precode.table);
2245          archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2246                            "Internal error extracting RAR file.");
2247          return (ARCHIVE_FATAL);
2248        }
2249
2250        if(val == 16) {
2251          if (!rar_br_read_ahead(a, br, 3)) {
2252            free(precode.tree);
2253            free(precode.table);
2254            goto truncated_data;
2255          }
2256          n = rar_br_bits(br, 3) + 3;
2257          rar_br_consume(br, 3);
2258        } else {
2259          if (!rar_br_read_ahead(a, br, 7)) {
2260            free(precode.tree);
2261            free(precode.table);
2262            goto truncated_data;
2263          }
2264          n = rar_br_bits(br, 7) + 11;
2265          rar_br_consume(br, 7);
2266        }
2267
2268        for (j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++)
2269        {
2270          rar->lengthtable[i] = rar->lengthtable[i-1];
2271          i++;
2272        }
2273      }
2274      else
2275      {
2276        if(val == 18) {
2277          if (!rar_br_read_ahead(a, br, 3)) {
2278            free(precode.tree);
2279            free(precode.table);
2280            goto truncated_data;
2281          }
2282          n = rar_br_bits(br, 3) + 3;
2283          rar_br_consume(br, 3);
2284        } else {
2285          if (!rar_br_read_ahead(a, br, 7)) {
2286            free(precode.tree);
2287            free(precode.table);
2288            goto truncated_data;
2289          }
2290          n = rar_br_bits(br, 7) + 11;
2291          rar_br_consume(br, 7);
2292        }
2293
2294        for(j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++)
2295          rar->lengthtable[i++] = 0;
2296      }
2297    }
2298    free(precode.tree);
2299    free(precode.table);
2300
2301    r = create_code(a, &rar->maincode, &rar->lengthtable[0], MAINCODE_SIZE,
2302                MAX_SYMBOL_LENGTH);
2303    if (r != ARCHIVE_OK)
2304      return (r);
2305    r = create_code(a, &rar->offsetcode, &rar->lengthtable[MAINCODE_SIZE],
2306                OFFSETCODE_SIZE, MAX_SYMBOL_LENGTH);
2307    if (r != ARCHIVE_OK)
2308      return (r);
2309    r = create_code(a, &rar->lowoffsetcode,
2310                &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE],
2311                LOWOFFSETCODE_SIZE, MAX_SYMBOL_LENGTH);
2312    if (r != ARCHIVE_OK)
2313      return (r);
2314    r = create_code(a, &rar->lengthcode,
2315                &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE +
2316                LOWOFFSETCODE_SIZE], LENGTHCODE_SIZE, MAX_SYMBOL_LENGTH);
2317    if (r != ARCHIVE_OK)
2318      return (r);
2319  }
2320
2321  if (!rar->dictionary_size || !rar->lzss.window)
2322  {
2323    /* Seems as though dictionary sizes are not used. Even so, minimize
2324     * memory usage as much as possible.
2325     */
2326    void *new_window;
2327    unsigned int new_size;
2328
2329    if (rar->unp_size >= DICTIONARY_MAX_SIZE)
2330      new_size = DICTIONARY_MAX_SIZE;
2331    else
2332      new_size = rar_fls((unsigned int)rar->unp_size) << 1;
2333    new_window = realloc(rar->lzss.window, new_size);
2334    if (new_window == NULL) {
2335      archive_set_error(&a->archive, ENOMEM,
2336                        "Unable to allocate memory for uncompressed data.");
2337      return (ARCHIVE_FATAL);
2338    }
2339    rar->lzss.window = (unsigned char *)new_window;
2340    rar->dictionary_size = new_size;
2341    memset(rar->lzss.window, 0, rar->dictionary_size);
2342    rar->lzss.mask = rar->dictionary_size - 1;
2343  }
2344
2345  rar->start_new_table = 0;
2346  return (ARCHIVE_OK);
2347truncated_data:
2348  archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2349                    "Truncated RAR file data");
2350  rar->valid = 0;
2351  return (ARCHIVE_FATAL);
2352}
2353
2354static void
2355free_codes(struct archive_read *a)
2356{
2357  struct rar *rar = (struct rar *)(a->format->data);
2358  free(rar->maincode.tree);
2359  free(rar->offsetcode.tree);
2360  free(rar->lowoffsetcode.tree);
2361  free(rar->lengthcode.tree);
2362  free(rar->maincode.table);
2363  free(rar->offsetcode.table);
2364  free(rar->lowoffsetcode.table);
2365  free(rar->lengthcode.table);
2366  memset(&rar->maincode, 0, sizeof(rar->maincode));
2367  memset(&rar->offsetcode, 0, sizeof(rar->offsetcode));
2368  memset(&rar->lowoffsetcode, 0, sizeof(rar->lowoffsetcode));
2369  memset(&rar->lengthcode, 0, sizeof(rar->lengthcode));
2370}
2371
2372
2373static int
2374read_next_symbol(struct archive_read *a, struct huffman_code *code)
2375{
2376  unsigned char bit;
2377  unsigned int bits;
2378  int length, value, node;
2379  struct rar *rar;
2380  struct rar_br *br;
2381
2382  if (!code->table)
2383  {
2384    if (make_table(a, code) != (ARCHIVE_OK))
2385      return -1;
2386  }
2387
2388  rar = (struct rar *)(a->format->data);
2389  br = &(rar->br);
2390
2391  /* Look ahead (peek) at bits */
2392  if (!rar_br_read_ahead(a, br, code->tablesize)) {
2393    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2394                      "Truncated RAR file data");
2395    rar->valid = 0;
2396    return -1;
2397  }
2398  bits = rar_br_bits(br, code->tablesize);
2399
2400  length = code->table[bits].length;
2401  value = code->table[bits].value;
2402
2403  if (length < 0)
2404  {
2405    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2406                      "Invalid prefix code in bitstream");
2407    return -1;
2408  }
2409
2410  if (length <= code->tablesize)
2411  {
2412    /* Skip length bits */
2413    rar_br_consume(br, length);
2414    return value;
2415  }
2416
2417  /* Skip tablesize bits */
2418  rar_br_consume(br, code->tablesize);
2419
2420  node = value;
2421  while (!(code->tree[node].branches[0] ==
2422    code->tree[node].branches[1]))
2423  {
2424    if (!rar_br_read_ahead(a, br, 1)) {
2425      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2426                        "Truncated RAR file data");
2427      rar->valid = 0;
2428      return -1;
2429    }
2430    bit = rar_br_bits(br, 1);
2431    rar_br_consume(br, 1);
2432
2433    if (code->tree[node].branches[bit] < 0)
2434    {
2435      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2436                        "Invalid prefix code in bitstream");
2437      return -1;
2438    }
2439    node = code->tree[node].branches[bit];
2440  }
2441
2442  return code->tree[node].branches[0];
2443}
2444
2445static int
2446create_code(struct archive_read *a, struct huffman_code *code,
2447            unsigned char *lengths, int numsymbols, char maxlength)
2448{
2449  int i, j, codebits = 0, symbolsleft = numsymbols;
2450
2451  code->numentries = 0;
2452  code->numallocatedentries = 0;
2453  if (new_node(code) < 0) {
2454    archive_set_error(&a->archive, ENOMEM,
2455                      "Unable to allocate memory for node data.");
2456    return (ARCHIVE_FATAL);
2457  }
2458  code->numentries = 1;
2459  code->minlength = INT_MAX;
2460  code->maxlength = INT_MIN;
2461  codebits = 0;
2462  for(i = 1; i <= maxlength; i++)
2463  {
2464    for(j = 0; j < numsymbols; j++)
2465    {
2466      if (lengths[j] != i) continue;
2467      if (add_value(a, code, j, codebits, i) != ARCHIVE_OK)
2468        return (ARCHIVE_FATAL);
2469      codebits++;
2470      if (--symbolsleft <= 0)
2471        break;
2472    }
2473    if (symbolsleft <= 0)
2474      break;
2475    codebits <<= 1;
2476  }
2477  return (ARCHIVE_OK);
2478}
2479
2480static int
2481add_value(struct archive_read *a, struct huffman_code *code, int value,
2482          int codebits, int length)
2483{
2484  int lastnode, bitpos, bit;
2485  /* int repeatpos, repeatnode, nextnode; */
2486
2487  free(code->table);
2488  code->table = NULL;
2489
2490  if(length > code->maxlength)
2491    code->maxlength = length;
2492  if(length < code->minlength)
2493    code->minlength = length;
2494
2495  /*
2496   * Dead code, repeatpos was is -1
2497   *
2498  repeatpos = -1;
2499  if (repeatpos == 0 || (repeatpos >= 0
2500    && (((codebits >> (repeatpos - 1)) & 3) == 0
2501    || ((codebits >> (repeatpos - 1)) & 3) == 3)))
2502  {
2503    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2504                      "Invalid repeat position");
2505    return (ARCHIVE_FATAL);
2506  }
2507  */
2508
2509  lastnode = 0;
2510  for (bitpos = length - 1; bitpos >= 0; bitpos--)
2511  {
2512    bit = (codebits >> bitpos) & 1;
2513
2514    /* Leaf node check */
2515    if (code->tree[lastnode].branches[0] ==
2516      code->tree[lastnode].branches[1])
2517    {
2518      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2519                        "Prefix found");
2520      return (ARCHIVE_FATAL);
2521    }
2522
2523    /*
2524     * Dead code, repeatpos was -1, bitpos >=0
2525     *
2526    if (bitpos == repeatpos)
2527    {
2528      * Open branch check *
2529      if (!(code->tree[lastnode].branches[bit] < 0))
2530      {
2531        archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2532                          "Invalid repeating code");
2533        return (ARCHIVE_FATAL);
2534      }
2535
2536      if ((repeatnode = new_node(code)) < 0) {
2537        archive_set_error(&a->archive, ENOMEM,
2538                          "Unable to allocate memory for node data.");
2539        return (ARCHIVE_FATAL);
2540      }
2541      if ((nextnode = new_node(code)) < 0) {
2542        archive_set_error(&a->archive, ENOMEM,
2543                          "Unable to allocate memory for node data.");
2544        return (ARCHIVE_FATAL);
2545      }
2546
2547      * Set branches *
2548      code->tree[lastnode].branches[bit] = repeatnode;
2549      code->tree[repeatnode].branches[bit] = repeatnode;
2550      code->tree[repeatnode].branches[bit^1] = nextnode;
2551      lastnode = nextnode;
2552
2553      bitpos++; * terminating bit already handled, skip it *
2554    }
2555    else
2556    {
2557    */
2558      /* Open branch check */
2559      if (code->tree[lastnode].branches[bit] < 0)
2560      {
2561        if (new_node(code) < 0) {
2562          archive_set_error(&a->archive, ENOMEM,
2563                            "Unable to allocate memory for node data.");
2564          return (ARCHIVE_FATAL);
2565        }
2566        code->tree[lastnode].branches[bit] = code->numentries++;
2567      }
2568
2569      /* set to branch */
2570      lastnode = code->tree[lastnode].branches[bit];
2571 /* } */
2572  }
2573
2574  if (!(code->tree[lastnode].branches[0] == -1
2575    && code->tree[lastnode].branches[1] == -2))
2576  {
2577    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2578                      "Prefix found");
2579    return (ARCHIVE_FATAL);
2580  }
2581
2582  /* Set leaf value */
2583  code->tree[lastnode].branches[0] = value;
2584  code->tree[lastnode].branches[1] = value;
2585
2586  return (ARCHIVE_OK);
2587}
2588
2589static int
2590new_node(struct huffman_code *code)
2591{
2592  void *new_tree;
2593  if (code->numallocatedentries == code->numentries) {
2594    int new_num_entries = 256;
2595    if (code->numentries > 0) {
2596        new_num_entries = code->numentries * 2;
2597    }
2598    new_tree = realloc(code->tree, new_num_entries * sizeof(*code->tree));
2599    if (new_tree == NULL)
2600        return (-1);
2601    code->tree = (struct huffman_tree_node *)new_tree;
2602    code->numallocatedentries = new_num_entries;
2603  }
2604  code->tree[code->numentries].branches[0] = -1;
2605  code->tree[code->numentries].branches[1] = -2;
2606  return 1;
2607}
2608
2609static int
2610make_table(struct archive_read *a, struct huffman_code *code)
2611{
2612  if (code->maxlength < code->minlength || code->maxlength > 10)
2613    code->tablesize = 10;
2614  else
2615    code->tablesize = code->maxlength;
2616
2617  code->table =
2618    (struct huffman_table_entry *)calloc(1, sizeof(*code->table)
2619    * ((size_t)1 << code->tablesize));
2620
2621  return make_table_recurse(a, code, 0, code->table, 0, code->tablesize);
2622}
2623
2624static int
2625make_table_recurse(struct archive_read *a, struct huffman_code *code, int node,
2626                   struct huffman_table_entry *table, int depth,
2627                   int maxdepth)
2628{
2629  int currtablesize, i, ret = (ARCHIVE_OK);
2630
2631  if (!code->tree)
2632  {
2633    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2634                      "Huffman tree was not created.");
2635    return (ARCHIVE_FATAL);
2636  }
2637  if (node < 0 || node >= code->numentries)
2638  {
2639    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2640                      "Invalid location to Huffman tree specified.");
2641    return (ARCHIVE_FATAL);
2642  }
2643
2644  currtablesize = 1 << (maxdepth - depth);
2645
2646  if (code->tree[node].branches[0] ==
2647    code->tree[node].branches[1])
2648  {
2649    for(i = 0; i < currtablesize; i++)
2650    {
2651      table[i].length = depth;
2652      table[i].value = code->tree[node].branches[0];
2653    }
2654  }
2655  /*
2656   * Dead code, node >= 0
2657   *
2658  else if (node < 0)
2659  {
2660    for(i = 0; i < currtablesize; i++)
2661      table[i].length = -1;
2662  }
2663   */
2664  else
2665  {
2666    if(depth == maxdepth)
2667    {
2668      table[0].length = maxdepth + 1;
2669      table[0].value = node;
2670    }
2671    else
2672    {
2673      ret |= make_table_recurse(a, code, code->tree[node].branches[0], table,
2674                                depth + 1, maxdepth);
2675      ret |= make_table_recurse(a, code, code->tree[node].branches[1],
2676                         table + currtablesize / 2, depth + 1, maxdepth);
2677    }
2678  }
2679  return ret;
2680}
2681
2682static int64_t
2683expand(struct archive_read *a, int64_t end)
2684{
2685  static const unsigned char lengthbases[] =
2686    {   0,   1,   2,   3,   4,   5,   6,
2687        7,   8,  10,  12,  14,  16,  20,
2688       24,  28,  32,  40,  48,  56,  64,
2689       80,  96, 112, 128, 160, 192, 224 };
2690  static const unsigned char lengthbits[] =
2691    { 0, 0, 0, 0, 0, 0, 0,
2692      0, 1, 1, 1, 1, 2, 2,
2693      2, 2, 3, 3, 3, 3, 4,
2694      4, 4, 4, 5, 5, 5, 5 };
2695  static const int lengthb_min = minimum(
2696    (int)(sizeof(lengthbases)/sizeof(lengthbases[0])),
2697    (int)(sizeof(lengthbits)/sizeof(lengthbits[0]))
2698  );
2699  static const unsigned int offsetbases[] =
2700    {       0,       1,       2,       3,       4,       6,
2701            8,      12,      16,      24,      32,      48,
2702           64,      96,     128,     192,     256,     384,
2703          512,     768,    1024,    1536,    2048,    3072,
2704         4096,    6144,    8192,   12288,   16384,   24576,
2705        32768,   49152,   65536,   98304,  131072,  196608,
2706       262144,  327680,  393216,  458752,  524288,  589824,
2707       655360,  720896,  786432,  851968,  917504,  983040,
2708      1048576, 1310720, 1572864, 1835008, 2097152, 2359296,
2709      2621440, 2883584, 3145728, 3407872, 3670016, 3932160 };
2710  static const unsigned char offsetbits[] =
2711    {  0,  0,  0,  0,  1,  1,  2,  2,  3,  3,  4,  4,
2712       5,  5,  6,  6,  7,  7,  8,  8,  9,  9, 10, 10,
2713      11, 11, 12, 12, 13, 13, 14, 14, 15, 15, 16, 16,
2714      16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
2715      18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18 };
2716  static const int offsetb_min = minimum(
2717    (int)(sizeof(offsetbases)/sizeof(offsetbases[0])),
2718    (int)(sizeof(offsetbits)/sizeof(offsetbits[0]))
2719  );
2720  static const unsigned char shortbases[] =
2721    { 0, 4, 8, 16, 32, 64, 128, 192 };
2722  static const unsigned char shortbits[] =
2723    { 2, 2, 3, 4, 5, 6, 6, 6 };
2724
2725  int symbol, offs, len, offsindex, lensymbol, i, offssymbol, lowoffsetsymbol;
2726  unsigned char newfile;
2727  struct rar *rar = (struct rar *)(a->format->data);
2728  struct rar_br *br = &(rar->br);
2729
2730  if (rar->filterstart < end)
2731    end = rar->filterstart;
2732
2733  while (1)
2734  {
2735    if (rar->output_last_match &&
2736      lzss_position(&rar->lzss) + rar->lastlength <= end)
2737    {
2738      lzss_emit_match(rar, rar->lastoffset, rar->lastlength);
2739      rar->output_last_match = 0;
2740    }
2741
2742    if(rar->is_ppmd_block || rar->output_last_match ||
2743      lzss_position(&rar->lzss) >= end)
2744      return lzss_position(&rar->lzss);
2745
2746    if ((symbol = read_next_symbol(a, &rar->maincode)) < 0)
2747      return (ARCHIVE_FATAL);
2748    rar->output_last_match = 0;
2749
2750    if (symbol < 256)
2751    {
2752      lzss_emit_literal(rar, symbol);
2753      continue;
2754    }
2755    else if (symbol == 256)
2756    {
2757      if (!rar_br_read_ahead(a, br, 1))
2758        goto truncated_data;
2759      newfile = !rar_br_bits(br, 1);
2760      rar_br_consume(br, 1);
2761
2762      if(newfile)
2763      {
2764        rar->start_new_block = 1;
2765        if (!rar_br_read_ahead(a, br, 1))
2766          goto truncated_data;
2767        rar->start_new_table = rar_br_bits(br, 1);
2768        rar_br_consume(br, 1);
2769        return lzss_position(&rar->lzss);
2770      }
2771      else
2772      {
2773        if (parse_codes(a) != ARCHIVE_OK)
2774          return (ARCHIVE_FATAL);
2775        continue;
2776      }
2777    }
2778    else if(symbol==257)
2779    {
2780      archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2781                        "Parsing filters is unsupported.");
2782      return (ARCHIVE_FAILED);
2783    }
2784    else if(symbol==258)
2785    {
2786      if(rar->lastlength == 0)
2787        continue;
2788
2789      offs = rar->lastoffset;
2790      len = rar->lastlength;
2791    }
2792    else if (symbol <= 262)
2793    {
2794      offsindex = symbol - 259;
2795      offs = rar->oldoffset[offsindex];
2796
2797      if ((lensymbol = read_next_symbol(a, &rar->lengthcode)) < 0)
2798        goto bad_data;
2799      if (lensymbol > lengthb_min)
2800        goto bad_data;
2801      len = lengthbases[lensymbol] + 2;
2802      if (lengthbits[lensymbol] > 0) {
2803        if (!rar_br_read_ahead(a, br, lengthbits[lensymbol]))
2804          goto truncated_data;
2805        len += rar_br_bits(br, lengthbits[lensymbol]);
2806        rar_br_consume(br, lengthbits[lensymbol]);
2807      }
2808
2809      for (i = offsindex; i > 0; i--)
2810        rar->oldoffset[i] = rar->oldoffset[i-1];
2811      rar->oldoffset[0] = offs;
2812    }
2813    else if(symbol<=270)
2814    {
2815      offs = shortbases[symbol-263] + 1;
2816      if(shortbits[symbol-263] > 0) {
2817        if (!rar_br_read_ahead(a, br, shortbits[symbol-263]))
2818          goto truncated_data;
2819        offs += rar_br_bits(br, shortbits[symbol-263]);
2820        rar_br_consume(br, shortbits[symbol-263]);
2821      }
2822
2823      len = 2;
2824
2825      for(i = 3; i > 0; i--)
2826        rar->oldoffset[i] = rar->oldoffset[i-1];
2827      rar->oldoffset[0] = offs;
2828    }
2829    else
2830    {
2831      if (symbol-271 > lengthb_min)
2832        goto bad_data;
2833      len = lengthbases[symbol-271]+3;
2834      if(lengthbits[symbol-271] > 0) {
2835        if (!rar_br_read_ahead(a, br, lengthbits[symbol-271]))
2836          goto truncated_data;
2837        len += rar_br_bits(br, lengthbits[symbol-271]);
2838        rar_br_consume(br, lengthbits[symbol-271]);
2839      }
2840
2841      if ((offssymbol = read_next_symbol(a, &rar->offsetcode)) < 0)
2842        goto bad_data;
2843      if (offssymbol > offsetb_min)
2844        goto bad_data;
2845      offs = offsetbases[offssymbol]+1;
2846      if(offsetbits[offssymbol] > 0)
2847      {
2848        if(offssymbol > 9)
2849        {
2850          if(offsetbits[offssymbol] > 4) {
2851            if (!rar_br_read_ahead(a, br, offsetbits[offssymbol] - 4))
2852              goto truncated_data;
2853            offs += rar_br_bits(br, offsetbits[offssymbol] - 4) << 4;
2854            rar_br_consume(br, offsetbits[offssymbol] - 4);
2855	  }
2856
2857          if(rar->numlowoffsetrepeats > 0)
2858          {
2859            rar->numlowoffsetrepeats--;
2860            offs += rar->lastlowoffset;
2861          }
2862          else
2863          {
2864            if ((lowoffsetsymbol =
2865              read_next_symbol(a, &rar->lowoffsetcode)) < 0)
2866              return (ARCHIVE_FATAL);
2867            if(lowoffsetsymbol == 16)
2868            {
2869              rar->numlowoffsetrepeats = 15;
2870              offs += rar->lastlowoffset;
2871            }
2872            else
2873            {
2874              offs += lowoffsetsymbol;
2875              rar->lastlowoffset = lowoffsetsymbol;
2876            }
2877          }
2878        }
2879        else {
2880          if (!rar_br_read_ahead(a, br, offsetbits[offssymbol]))
2881            goto truncated_data;
2882          offs += rar_br_bits(br, offsetbits[offssymbol]);
2883          rar_br_consume(br, offsetbits[offssymbol]);
2884        }
2885      }
2886
2887      if (offs >= 0x40000)
2888        len++;
2889      if (offs >= 0x2000)
2890        len++;
2891
2892      for(i = 3; i > 0; i--)
2893        rar->oldoffset[i] = rar->oldoffset[i-1];
2894      rar->oldoffset[0] = offs;
2895    }
2896
2897    rar->lastoffset = offs;
2898    rar->lastlength = len;
2899    rar->output_last_match = 1;
2900  }
2901truncated_data:
2902  archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2903                    "Truncated RAR file data");
2904  rar->valid = 0;
2905  return (ARCHIVE_FATAL);
2906bad_data:
2907  archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2908                    "Bad RAR file data");
2909  return (ARCHIVE_FATAL);
2910}
2911
2912static int
2913copy_from_lzss_window(struct archive_read *a, const void **buffer,
2914                        int64_t startpos, int length)
2915{
2916  int windowoffs, firstpart;
2917  struct rar *rar = (struct rar *)(a->format->data);
2918
2919  if (!rar->unp_buffer)
2920  {
2921    if ((rar->unp_buffer = malloc(rar->unp_buffer_size)) == NULL)
2922    {
2923      archive_set_error(&a->archive, ENOMEM,
2924                        "Unable to allocate memory for uncompressed data.");
2925      return (ARCHIVE_FATAL);
2926    }
2927  }
2928
2929  windowoffs = lzss_offset_for_position(&rar->lzss, startpos);
2930  if(windowoffs + length <= lzss_size(&rar->lzss)) {
2931    memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs],
2932           length);
2933  } else if (length <= lzss_size(&rar->lzss)) {
2934    firstpart = lzss_size(&rar->lzss) - windowoffs;
2935    if (firstpart < 0) {
2936      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2937                        "Bad RAR file data");
2938      return (ARCHIVE_FATAL);
2939    }
2940    if (firstpart < length) {
2941      memcpy(&rar->unp_buffer[rar->unp_offset],
2942             &rar->lzss.window[windowoffs], firstpart);
2943      memcpy(&rar->unp_buffer[rar->unp_offset + firstpart],
2944             &rar->lzss.window[0], length - firstpart);
2945    } else {
2946      memcpy(&rar->unp_buffer[rar->unp_offset],
2947             &rar->lzss.window[windowoffs], length);
2948    }
2949  } else {
2950      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2951                        "Bad RAR file data");
2952      return (ARCHIVE_FATAL);
2953  }
2954  rar->unp_offset += length;
2955  if (rar->unp_offset >= rar->unp_buffer_size)
2956    *buffer = rar->unp_buffer;
2957  else
2958    *buffer = NULL;
2959  return (ARCHIVE_OK);
2960}
2961
2962static const void *
2963rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
2964{
2965  struct rar *rar = (struct rar *)(a->format->data);
2966  const void *h = __archive_read_ahead(a, min, avail);
2967  int ret;
2968  if (avail)
2969  {
2970    if (a->archive.read_data_is_posix_read && *avail > (ssize_t)a->archive.read_data_requested)
2971      *avail = a->archive.read_data_requested;
2972    if (*avail > rar->bytes_remaining)
2973      *avail = (ssize_t)rar->bytes_remaining;
2974    if (*avail < 0)
2975      return NULL;
2976    else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
2977      rar->file_flags & FHD_SPLIT_AFTER)
2978    {
2979      ret = archive_read_format_rar_read_header(a, a->entry);
2980      if (ret == (ARCHIVE_EOF))
2981      {
2982        rar->has_endarc_header = 1;
2983        ret = archive_read_format_rar_read_header(a, a->entry);
2984      }
2985      if (ret != (ARCHIVE_OK))
2986        return NULL;
2987      return rar_read_ahead(a, min, avail);
2988    }
2989  }
2990  return h;
2991}
2992