The Landlock sandbox in xzdec could be stricter as now it's
active only for the last file being decompressed. In xz,
read-only sandbox is used for multi-file case. On the other hand,
xz doesn't go to the strictest mode when processing the last file
when more than one file was specified; xzdec does.
Lasse Collin [Tue, 30 Apr 2024 19:22:45 +0000 (22:22 +0300)]
liblzma: Fix incorrect function type error from sanitizer
Clang 17 with -fsanitize=address,undefined:
src/liblzma/common/filter_common.c:366:8: runtime error:
call to function encoder_find through pointer to incorrect
function type 'const lzma_filter_coder *(*)(unsigned long)'
src/liblzma/common/filter_encoder.c:187: note:
encoder_find defined here
Use a wrapper function to get the correct type neatly.
This reduces the number of casts needed too.
This issue could be a problem with control flow integrity (CFI)
methods that check the function type on indirect function calls.
Lasse Collin [Fri, 19 Apr 2024 12:14:02 +0000 (15:14 +0300)]
Doxygen: Don't strip JavaScript anymore
The stripping method worked well with Doxygen 1.8 and 1.9 but
it doesn't work with Doxygen 1.10 anymore. Since we won't ship
pre-generated liblzma API docs anymore, the extra bloat and
extra license info of the JavaScript files won't affect the
upstream source package anymore.
Lasse Collin [Sat, 20 Apr 2024 14:09:11 +0000 (17:09 +0300)]
CMake: Keep the build working if the "tests" directory is missing
This moves the tests section as is from CMakeLists.txt into
tests/tests.cmake. CMakeLists.txt now includes tests/tests.cmake
if the latter file exists.
Now it's possible to delete the whole "tests" directory and
building with CMake will still work normally, just without
the tests. This way the tests are readily available for those
who want them, and those who won't run the tests anyway have
a straightforward way to ensure that nothing from the "tests"
directory can affect the build process.
Lasse Collin [Sat, 20 Apr 2024 10:12:50 +0000 (13:12 +0300)]
Tests: Remove x86 and SPARC BCJ tests
These are very old but the exact test file isn't easy to reproduce
as it was compiled from a short C program (bcj_test.c) long ago.
These tests weren't very good anyway, just a little better than nothing.
Lasse Collin [Sat, 27 Apr 2024 11:56:16 +0000 (14:56 +0300)]
Tests: test_index: Make it clear that my_alloc() has no integer overflows
liblzma guarantees that the product of the allocation size arguments
will fit in size_t.
Putting the pre-increment in the if-statement was clearly wrong
although in practice it didn't matter here as the function is
called only a couple of times.
Lasse Collin [Sat, 27 Apr 2024 11:33:38 +0000 (14:33 +0300)]
liblzma: index_decoder: Fix missing initializations on LZMA_PROG_ERROR
If the arguments to lzma_index_decoder() or lzma_index_buffer_decode()
were such that LZMA_PROG_ERROR was returned, the lzma_index **i
argument wasn't touched even though the API docs say that *i = NULL
is done if an error occurs. This obviously won't be done even now
if i == NULL but otherwise it is best to do it due to the wording
in the API docs.
In practice this matters very little: The problem can occur only
if the functions are called with invalid arguments, that is,
the calling application must already have a bug.
Lasse Collin [Thu, 25 Apr 2024 11:00:57 +0000 (14:00 +0300)]
tuklib_integer: Rename bswapXX to byteswapXX
The __builtin_bswapXX from GCC and Clang are preferred when
they are available. This can allow compilers to emit the x86 MOVBE
instruction instead of doing a load + byteswap as two instructions
(which would happen if the byteswapping is done in inline asm).
bswap16, bswap32, and bswap64 exist in system headers on *BSDs
and Darwin. #defining bswap16 on NetBSD results in a warning about
macro redefinition. It's safest to avoid this namespace conflict
completely.
No OS supported by tuklib_integer.h uses byteswapXX names and
a web search doesn't immediately find any obvious danger of
namespace conflicts. So let's try these still-pretty-short names
for the macros.
Thanks to Sam James for pointing out the compiler warning on
NetBSD 10.0.
Lasse Collin [Mon, 22 Apr 2024 18:54:39 +0000 (21:54 +0300)]
liblzma: lzma_str_to_filters: Set *error_pos on all errors
The API docs clearly say that if error_pos isn't NULL then *error
is always set on any error. However, it wasn't touched if str == NULL
or filters == NULL or unsupported flags were specified.
Sam James [Thu, 11 Apr 2024 18:34:04 +0000 (19:34 +0100)]
xz: signals: suppress -Wsign-conversion on macOS
On macOS, we get:
```
signals.c: In function 'signals_init':
signals.c:76:17: error: conversion to 'sigset_t' {aka 'unsigned int'} from 'int' may change the sign of the result [-Werror=sign-conversion]
76 | sigaddset(&hooked_signals, sigs[i]);
| ^~~~~~~~~
signals.c:81:17: error: conversion to 'sigset_t' {aka 'unsigned int'} from 'int' may change the sign of the result [-Werror=sign-conversion]
81 | sigaddset(&hooked_signals, message_progress_sigs[i]);
| ^~~~~~~~~
signals.c:86:9: error: conversion to 'sigset_t' {aka 'unsigned int'} from 'int' may change the sign of the result [-Werror=sign-conversion]
86 | sigaddset(&hooked_signals, SIGTSTP);
| ^~~~~~~~~
```
We use `int` for `hooked_signals` but we can't just cast to whatever
`sigset_t` is because `sigset_t` is an opaque type. It's an unsigned int
on macOS. On macOS, `sigaddset` is implemented as a macro.
Just suppress -Wsign-conversion for `signals_init` for macOS given
there's no real nice way of fixing this.
Lasse Collin [Sat, 13 Apr 2024 15:05:31 +0000 (18:05 +0300)]
Tests: test_microlzma: Tweak comments, coding style, and minor details
A few lines were reordered, a few ARRAY_SIZE were changed to sizeof,
and a few uint32_t were changed to size_t. No real functional changes
were intended.
Sam James [Wed, 10 Apr 2024 14:41:08 +0000 (15:41 +0100)]
ci: default to -O2
We need this for when we're passing sanitizer flags or -gdwarf-4 for Clang
with Valgrind. Just always start with -O2 if CFLAGS isn't set in the
environment and append what was passed on the command line.
Sam James [Wed, 10 Apr 2024 10:43:10 +0000 (11:43 +0100)]
ci: test Valgrind
Using `--trace-children=yes` has a trade-off here, as it makes
`test_scripts.sh` pretty slow when calling various non-xz utilities.
But I also feel like it's not useless to have Valgrind used there and it's
not easy to exclude Valgrind just for that one test...
I did consider using AX_VALGRIND_CHECK [0][1] but I couldn't get it working
immediately with some conditionally-built tests and I wondered if it was
worth spending time on at least while we're debating xz's future build
system situation.
Lasse Collin [Tue, 9 Apr 2024 14:43:16 +0000 (17:43 +0300)]
liblzma: Remove ifunc support.
This is *NOT* done for security reasons even though the backdoor
relied on the ifunc code. Instead, the reason is that in this
project ifunc provides little benefits but it's quite a bit of
extra code to support it. The only case where ifunc *might* matter
for performance is if the CRC functions are used directly by an
application. In normal compression use it's completely irrelevant.
projects / thirdparty / xz.git / log
