1272343Sngie///////////////////////////////////////////////////////////////////////////////
2272343Sngie//
3272343Sngie/// \file       vli_decoder.c
4272343Sngie/// \brief      Decodes variable-length integers
5272343Sngie//
6272343Sngie//  Author:     Lasse Collin
7272343Sngie//
8272343Sngie//  This file has been put into the public domain.
9272343Sngie//  You can do whatever you want with this file.
10272343Sngie//
11272343Sngie///////////////////////////////////////////////////////////////////////////////
12272343Sngie
13272343Sngie#include "common.h"
14272343Sngie
15272343Sngie
16272343Sngieextern LZMA_API(lzma_ret)
17272343Sngielzma_vli_decode(lzma_vli *restrict vli, size_t *vli_pos,
18272343Sngie		const uint8_t *restrict in, size_t *restrict in_pos,
19272343Sngie		size_t in_size)
20272343Sngie{
21272343Sngie	// If we haven't been given vli_pos, work in single-call mode.
22272343Sngie	size_t vli_pos_internal = 0;
23272343Sngie	if (vli_pos == NULL) {
24272343Sngie		vli_pos = &vli_pos_internal;
25272343Sngie		*vli = 0;
26272343Sngie
27272343Sngie		// If there's no input, use LZMA_DATA_ERROR. This way it is
28272343Sngie		// easy to decode VLIs from buffers that have known size,
29272343Sngie		// and get the correct error code in case the buffer is
30272343Sngie		// too short.
31272343Sngie		if (*in_pos >= in_size)
32272343Sngie			return LZMA_DATA_ERROR;
33272343Sngie
34272343Sngie	} else {
35272343Sngie		// Initialize *vli when starting to decode a new integer.
36272343Sngie		if (*vli_pos == 0)
37272343Sngie			*vli = 0;
38272343Sngie
39272343Sngie		// Validate the arguments.
40272343Sngie		if (*vli_pos >= LZMA_VLI_BYTES_MAX
41272343Sngie				|| (*vli >> (*vli_pos * 7)) != 0)
42			return LZMA_PROG_ERROR;;
43
44		if (*in_pos >= in_size)
45			return LZMA_BUF_ERROR;
46	}
47
48	do {
49		// Read the next byte. Use a temporary variable so that we
50		// can update *in_pos immediately.
51		const uint8_t byte = in[*in_pos];
52		++*in_pos;
53
54		// Add the newly read byte to *vli.
55		*vli += (lzma_vli)(byte & 0x7F) << (*vli_pos * 7);
56		++*vli_pos;
57
58		// Check if this is the last byte of a multibyte integer.
59		if ((byte & 0x80) == 0) {
60			// We don't allow using variable-length integers as
61			// padding i.e. the encoding must use the most the
62			// compact form.
63			if (byte == 0x00 && *vli_pos > 1)
64				return LZMA_DATA_ERROR;
65
66			return vli_pos == &vli_pos_internal
67					? LZMA_OK : LZMA_STREAM_END;
68		}
69
70		// There is at least one more byte coming. If we have already
71		// read maximum number of bytes, the integer is considered
72		// corrupt.
73		//
74		// If we need bigger integers in future, old versions liblzma
75		// will confusingly indicate the file being corrupt istead of
76		// unsupported. I suppose it's still better this way, because
77		// in the foreseeable future (writing this in 2008) the only
78		// reason why files would appear having over 63-bit integers
79		// is that the files are simply corrupt.
80		if (*vli_pos == LZMA_VLI_BYTES_MAX)
81			return LZMA_DATA_ERROR;
82
83	} while (*in_pos < in_size);
84
85	return vli_pos == &vli_pos_internal ? LZMA_DATA_ERROR : LZMA_OK;
86}
87