Commit Graph

1074 Commits

Author SHA1 Message Date
Lasse Collin 6961a5ac7d liblzma: #define lzma_attr_visibility_hidden in common.h.
In ELF shared libs:

-fvisibility=hidden affects definitions of symbols but not
declarations.[*] This doesn't affect direct calls to functions
inside liblzma as a linker can replace a call to lzma_foo@plt
with a call directly to lzma_foo when -fvisibility=hidden is used.

[*] It has to be like this because otherwise every installed
    header file would need to explictly set the symbol visibility
    to default.

When accessing extern variables that aren't defined in the
same translation unit, compiler assumes that the variable has
the default visibility and thus indirection is needed. Unlike
function calls, linker cannot optimize this.

Using __attribute__((__visibility__("hidden"))) with the extern
variable declarations tells the compiler that indirection isn't
needed because the definition is in the same shared library.

About 15+ years ago, someone told me that it would be good if
the CRC tables would be defined in the same translation unit
as the C code of the CRC functions. While I understood that it
could help a tiny amount, I didn't want to change the code because
a separate translation unit for the CRC tables was needed for the
x86 assembly code anyway. But when visibility attributes are
supported, simply marking the extern declaration with the
hidden attribute will get identical result. When there are only
a few affected variables, this is trivial to do. I wish I had
understood this back then already.
2023-10-31 18:44:59 +08:00
Lasse Collin 5b9e167649 liblzma: Refer to MinGW-w64 instead of MinGW in the API headers.
MinGW (formely a MinGW.org Project, later the MinGW.OSDN Project
at <https://osdn.net/projects/mingw/>) has GCC 9.2.0 as the
most recent GCC package (released 2021-02-02). The project might
still be alive but majority of people have switched to MinGW-w64.
Thus it seems clearer to refer to MinGW-w64 in our API headers too.
Building with MinGW is likely to still work but I haven't tested it
in the recent years.
2023-10-31 18:44:59 +08:00
Lasse Collin 4083c8e950 liblzma: Add Cflags.private to liblzma.pc.in for MSYS2.
It properly adds -DLZMA_API_STATIC when compiling code that
will be linked against static liblzma. Having it there on
systems other than Windows does no harm.

See: https://www.msys2.org/docs/pkgconfig/
2023-10-31 18:44:59 +08:00
Lasse Collin 5056bc5107 tuklib_integer: Revise unaligned reads and writes on strict-align archs.
In XZ Utils context this doesn't matter much because
unaligned reads and writes aren't used in hot code
when TUKLIB_FAST_UNALIGNED_ACCESS isn't #defined.
2023-10-31 18:44:59 +08:00
Lasse Collin 9e14743ee5 tuklib_integer: Add missing write64be and write64le fallback functions. 2023-10-31 18:44:59 +08:00
Jia Tan 1bce6fe483 liblzma: Avoid compiler warning without creating extra symbol.
When the generic fast crc64 method is used, then we omit
lzma_crc64_table[][].

The C standards don't allow an empty translation unit which can be
avoided by declaring something, without exporting any symbols.
2023-10-31 18:44:59 +08:00
Lasse Collin 4ae13cfe0d sysdefs.h: Update the comment about __USE_MINGW_ANSI_STDIO. 2023-10-31 18:44:59 +08:00
Lasse Collin 660c8c29e5 xz: Windows: Don't (de)compress to special files like "con" or "nul".
Before this commit, the following writes "foo" to the
console and deletes the input file:

    echo foo | xz > con_xz
    xz --suffix=_xz --decompress con_xz

It cannot happen without --suffix because names like con.xz
are also special and so attempting to decompress con.xz
(or compress con to con.xz) will already fail when opening
the input file.

Similar thing is possible when compressing. The following
writes to "nul" and the input file "n" is deleted.

    echo foo | xz > n
    xz --suffix=ul n

Now xz checks if the destination is a special file before
continuing. DOS/DJGPP version had a check for this but
Windows (and OS/2) didn't.
2023-10-31 18:44:59 +08:00
Lasse Collin e3478ae4f3 liblzma: Move a few __attribute__ uses in function declarations.
The API headers have many attributes but these were left
as is for now.
2023-10-31 01:03:25 +08:00
Lasse Collin b71b8922ef xz, xzdec, lzmainfo: Use tuklib_attr_noreturn.
For compatibility with C23's [[noreturn]], tuklib_attr_noreturn
must be at the beginning of declaration (before "extern" or
"static", and even before any GNU C's __attribute__).

This commit also moves all other function attributes to
the beginning of function declarations. "extern" is kept
at the beginning of a line so the attributes are listed on
separate lines before "extern" or "static".
2023-10-31 01:03:25 +08:00
Lasse Collin 359e5c6cb1 Remove incorrect uses of __attribute__((__malloc__)).
xrealloc() is obviously incorrect, modern GCC docs even
mention realloc() as an example where this attribute
cannot be used.

liblzma's lzma_alloc() and lzma_alloc_zero() would be
correct uses most of the time but custom allocators
may use a memory pool or otherwise hold the pointer
so aliasing issues could happen in theory.

The xstrdup() case likely was correct but I removed it anyway.
Now there are no __malloc__ attributes left in the code.
The allocations aren't in hot paths so this should make
no practical difference.
2023-10-31 01:03:25 +08:00
Lasse Collin caf00e0988 liblzma: Mark crc64_clmul() with __attribute__((__no_sanitize_address__)).
Thanks to Agostino Sarubbo.
Fixes: https://github.com/tukaani-project/xz/issues/62
2023-10-31 01:03:25 +08:00
Lasse Collin 1f6e7c68fb xz: Refactor thousand separator detection and disable it on MSVC.
Now the two variations of the format strings are created with
a macro, and the whole detection code can be easily disabled
on platforms where thousand separator formatting is known to
not work (MSVC has no support, and on DJGPP 2.05 it can have
problems in some cases).
2023-10-31 01:03:25 +08:00
Lasse Collin ef71f83973 xz: Fix a too relaxed assertion and remove uses of SSIZE_MAX.
SSIZE_MAX isn't readily available on MSVC. Removing it means
that there is one thing less to worry when porting to MSVC.
2023-10-31 01:03:25 +08:00
Jia Tan 773f1e8622 liblzma: Update assert in vli_ceil4().
The argument to vli_ceil4() should always guarantee the return value
is also a valid lzma_vli. Thus the highest three valid lzma_vli values
are invalid arguments. All uses of the function ensure this so the
assert is updated to match this.
2023-10-26 06:22:24 +08:00
Jia Tan 68bda971bb liblzma: Add overflow check for Unpadded size in lzma_index_append().
This was not a security bug since there was no path to overflow
UINT64_MAX in lzma_index_append() or when it calls index_file_size().
The bug was discovered by a failing assert() in vli_ceil4() when called
from index_file_size() when unpadded_sum (the sum of the compressed size
of current Stream and the unpadded_size parameter) exceeds LZMA_VLI_MAX.

Previously, the unpadded_size parameter was checked to be not greater
than UNPADDED_SIZE_MAX, but no check was done once compressed_base was
added.

This could not have caused an integer overflow in index_file_size() when
called by lzma_index_append(). The calculation for file_size breaks down
into the sum of:

- Compressed base from all previous Streams
- 2 * LZMA_STREAM_HEADER_SIZE (size of the current Streams header and
  footer)
- stream_padding (can be set by lzma_index_stream_padding())
- Compressed base from the current Stream
- Unpadded size (parameter to lzma_index_append())

The sum of everything except for Unpadded size must be less than
LZMA_VLI_MAX. This is guarenteed by overflow checks in the functions
that can set these values including lzma_index_stream_padding(),
lzma_index_append(), and lzma_index_cat(). The maximum value for
Unpadded size is enforced by lzma_index_append() to be less than or
equal UNPADDED_SIZE_MAX. Thus, the sum cannot exceed UINT64_MAX since
LZMA_VLI_MAX is half of UINT64_MAX.

Thanks to Joona Kannisto for reporting this.
2023-10-26 06:22:24 +08:00
Jamaika1 c0c0cd4a48 mythread.h: Fix typo error in Vista threads mythread_once().
The "once_" variable was accidentally referred to as just "once". This
prevented building with Vista threads when
HAVE_FUNC_ATTRIBUTE_CONSTRUCTOR was not defined.
2023-10-26 06:22:24 +08:00
Lasse Collin a108ed5891 xz: Omit an empty paragraph on the man page. 2023-08-02 17:39:50 +03:00
Jia Tan 03c51c5c08 Bump version and soname for 5.4.4. 2023-08-02 20:32:20 +08:00
ChanTsune 4170a80785 mythread.h: Disable signal functions in builds targeting Wasm + WASI.
signal.h in WASI SDK doesn't currently provide sigprocmask()
or sigset_t. liblzma doesn't need them so this change makes
liblzma and xzdec build against WASI SDK. xz doesn't build yet
and the tests don't either as tuktest needs setjmp() which
isn't (yet?) implemented in WASI SDK.

Closes: https://github.com/tukaani-project/xz/pull/57
See also: https://github.com/tukaani-project/xz/pull/56

(The original commit was edited a little by Lasse Collin.)
2023-08-01 18:44:02 +03:00
Dimitri Papadopoulos Orfanos 0db6fbe0be Docs: Fix typos found by codespell 2023-08-01 18:44:02 +03:00
Jia Tan 19899340cf liblzma: Prevent an empty translation unit in Windows builds.
To workaround Automake lacking Windows resource compiler support, an
empty source file is compiled to overwrite the resource files for static
library builds. Translation units without an external declaration are
not allowed by the C standard and result in a warning when used with
-Wempty-translation-unit (Clang) or -pedantic (GCC).
2023-08-01 18:41:42 +03:00
Jia Tan 8bc3146c6b xz: Update man page Authors and date. 2023-07-18 23:24:02 +08:00
Jia Tan c2905540ef xz: Slight reword in xz man page for consistency.
Changed will print => prints in xz --robot --version description to
match --robot --info-memory description.
2023-07-18 23:24:02 +08:00
Jia Tan 2600d33524 liblzma: Improve comment in string_conversion.c.
The comment used "flag" when referring to decoder options. Just
referring to them as options is more clear and consistent.
2023-07-18 23:24:02 +08:00
Jia Tan 98fc14541e liblzma: Reword lzma_str_list_filters() documentation.
Reword "options required" to "options read". The previous wording
may have suggested that the options listed were all required when
the filters are used for encoding or decoding. Now it should be
more clear that the options listed are the ones relevant for
encoding or decoding.
2023-07-18 23:21:23 +08:00
Lasse Collin 1ac79b4cba xz: Translate the second "%s: " in message.c since French needs "%s : ".
This string is used to print a filename when using "xz -v" and
stderr isn't a terminal.
2023-07-18 17:41:55 +03:00
Lasse Collin 97851be2c6 xz: Make "%s: %s" translatable because French needs "%s : %s". 2023-07-18 14:37:07 +03:00
Lasse Collin b406828a6d liblzma: Tweak #if condition in memcmplen.h.
Maybe ICC always #defines _MSC_VER on Windows but now
it's very clear which code will get used.
2023-07-18 14:03:08 +03:00
Lasse Collin ef4a07ad94 liblzma: Omit unnecessary parenthesis in a preprocessor directive. 2023-07-18 14:03:08 +03:00
Jia Tan 64ee0caaea liblzma: Prevent warning for MSYS2 Windows build.
In lzma_memcmplen(), the <intrin.h> header file is only included if
_MSC_VER and _M_X64 are both defined but _BitScanForward64() was
previously used if _M_X64 was defined. GCC for MSYS2 defines _M_X64 but
not _MSC_VER so _BitScanForward64() was used without including
<intrin.h>.

Now, lzma_memcmplen() will use __builtin_ctzll() for MSYS2 GCC builds as
expected.
2023-07-18 14:03:08 +03:00
Jia Tan c972d44103 xz: Fix typo in man page.
The Memory limit information section described three output
columns when it actually has six. This was reworded to
"multiple" to make it more future proof.
2023-07-18 13:27:46 +03:00
Jia Tan 1155471651 liblzma: Prevent uninitialzed warning in mt stream encoder.
This change only impacts the compiler warning since it was impossible
for the wait_abs struct in stream_encode_mt() to be used before it was
initialized since mythread_condtime_set() will always be called before
mythread_cond_timedwait().

Since the mythread.h code is different between the POSIX and
Windows versions, this warning was only present on Windows builds.

Thanks to Arthur S for reporting the warning and providing an initial
patch.
2023-07-18 13:20:16 +03:00
Jia Tan 4f57a9c991 liblzma: Adds lzma_nothrow to MicroLZMA API functions.
None of the liblzma functions may throw an exception, so this
attribute should be applied to all liblzma API functions.
2023-07-18 12:48:53 +03:00
Jia Tan 0cee63c3c6 Bump version and soname for 5.4.3. 2023-05-04 22:02:29 +08:00
Lasse Collin e9b9ea9531 tuklib_integer.h: Fix a recent copypaste error in Clang detection.
Wrong line was changed in 7062348bf3.
Also, this has >= instead of == since ints larger than 32 bits would
work too even if not relevant in practice.
2023-05-03 22:55:54 +03:00
Jia Tan 9e343a46cf Windows: Include <intrin.h> when needed.
Legacy Windows did not need to #include <intrin.h> to use the MSVC
intrinsics. Newer versions likely just issue a warning, but the MSVC
documentation says to include the header file for the intrinsics we use.

GCC and Clang can "pretend" to be MSVC on Windows, so extra checks are
needed in tuklib_integer.h to only include <intrin.h> when it will is
actually needed.
2023-04-25 20:19:32 +08:00
Jia Tan 12321a9390 tuklib_integer: Use __builtin_clz() with Clang.
Clang has support for __builtin_clz(), but previously Clang would
fallback to either the MSVC intrinsic or the regular C code. This was
discovered due to a bug where a new version of Clang required the
<intrin.h> header file in order to use the MSVC intrinsics.

Thanks to Anton Kochkov for notifying us about the bug.
2023-04-25 20:19:28 +08:00
Lasse Collin d1f0e01c39 liblzma: Update project maintainers in lzma.h.
AUTHORS was updated earlier, lzma.h was simply forgotten.
2023-04-25 20:19:21 +08:00
Jia Tan 8204c5d130 liblzma: Cleans up old commented out code. 2023-04-25 20:19:10 +08:00
Jia Tan c99d697df8 Build: Removes redundant check for LZMA1 filter support. 2023-04-25 20:18:18 +08:00
Lasse Collin 0673c9ec98 liblzma: Silence -Wsign-conversion in SSE2 code in memcmplen.h.
Thanks to Christian Hesse for reporting the issue.
Fixes: https://github.com/tukaani-project/xz/issues/44
2023-03-19 22:46:26 +02:00
Jia Tan 6ca8046ecb Bump version and soname for 5.4.2. 2023-03-18 23:22:06 +08:00
Lasse Collin 97679d25ce Change a few HTTP URLs to HTTPS.
The xz man page timestamp was intentionally left unchanged.
2023-03-18 22:02:40 +08:00
Jia Tan 94097157fa liblzma: Remove note from lzma_options_bcj about the ARM64 exception.
This was left in by mistake since an early version of the ARM64 filter
used a different struct for its options.
2023-03-17 20:19:10 +08:00
Jia Tan 7e2fa48bb7 liblzma: Add set lzma.h as the main page for Doxygen documentation.
The \mainpage command is used in the first block of comments in lzma.h.
This changes the previously nearly empty index.html to use the first
comment block in lzma.h for its contents.

lzma.h is no longer documented separately, but this is for the better
since lzma.h only defined a few macros that users do not need to use.
The individual API header files all have a disclaimer that they should
not be #included directly, so there should be no confusion on the fact
that lzma.h should be the only header used by applications.

Additionally, the note "See ../lzma.h for information about liblzma as
a whole." was removed since lzma.h is now the main page of the
generated HTML and does not have its own page anymore. So it would be
confusing in the HTML version and was only a "nice to have" when
browsing the source files.
2023-03-17 20:18:52 +08:00
Lasse Collin fd56d53533 xz: Make Capsicum sandbox more strict with stdin and stdout. 2023-03-11 19:34:39 +02:00
Lasse Collin d1bdaaebc6 xz: Don't fail if Capsicum is enabled but kernel doesn't support it.
(This commit combines related commits from the master branch.)

If Capsicum support is missing from the kernel or xz is being run
in an emulator that lacks Capsicum suport, the syscalls will fail
and set errno to ENOSYS. Previously xz would display and error and
exit, making xz unusable. Now it will check for ENOSYS and run
without sandbox support. Other tools like ssh behave similarly.

Displaying a warning for missing Capsicum support was considered
but such extra output would quickly become annoying. It would also
break test_scripts.sh in "make check".

Also move cap_enter() to be the first step instead of the last one.
This matches the example in the cap_rights_limit(2) man page. With
the current code it shouldn't make any practical difference though.

Thanks to Xin Li for the bug report, suggesting a fix, and testing:
https://github.com/tukaani-project/xz/pull/43

Thanks to Jia Tan for most of the original commits.
2023-03-11 19:31:40 +02:00
Jia Tan b82d4831e3 liblzma: Improve documentation for version.h.
Specified parameter and return values for API functions and documented
a few more of the macros.
2023-03-07 23:57:39 +08:00
Jia Tan 2caba3efe3 liblzma: Clarify lzma_lzma_preset() documentation in lzma12.h.
lzma_lzma_preset() does not guarentee that the lzma_options_lzma are
usable in an encoder even if it returns false (success). If liblzma
is built with default configurations, then the options will always be
usable. However if the match finders hc3, hc4, or bt4 are disabled, then
the options may not be usable depending on the preset level requested.

The documentation was updated to reflect this complexity, since this
behavior was unclear before.
2023-03-07 23:25:17 +08:00