Age | Commit message (Collapse) | Author |
|
When (during fragment deduplication) a fragment block is read back
from disk and unpacked, it can happen that it is _exactly_ the
given block size. The bounds check did '>=' instead of '>' and
failed in that case with a "data corruption" error.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
A directory listing starts with a header that specifies a reference
inode number. Each entry then specifies a difference from that
reference value.
While the difference is _signed_, the reference value is _unsigned_.
This is handled correctly in the code, but was pointent out wrongly
in the documentation.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
If fstree_mknode fails, because the parent link count would overflow,
the function fails and cleans up behind it. The problem arises because
the function does this check *after* inserting the node in the parent
node, so it is later free'd again, when destroying the rest of the
tree.
This patch moves the insertion after the check to mitigate the problem.
Reported-by: Marvin Renich <mrvn@renich.org>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The squashfs on-disk format uses 32 bit link counters, but the fstree
used 16 bit ones. Because the link count also includes child nodes,
this artificially limited the number of entries in a directory to ~64k
files.
This patch removes the limit by switching libfstree to 32 bit counters.
Reported-by: Marvin Renich <mrvn@renich.org>
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Abort and retry in situations that should logically _never_
_ever_ happen.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The block_count is a size_t, so on 32 bit platforms the multiplication
might be truncated before the comparison with filesz.
On 64 bit platforms, it could potentially also overflow the 64 bit
bounds of the data type.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Preprocessor magic is used to redirect putc/fputc/fputs/printf/fprintf
to custom implementations.
The custom implementations try to figure out if we are printing to the
console and, if so, convert the resulting strings to UTF-16 and print
them through ConsoleWriteW. If the output is redirected to a file or
a pipe, the original (presummed) UTF-8 is kept.
Simply setting the console output codepage to UTF-8 does not work,
because the standard I/O facilities of MSVCRT either does not support
unicode (in non-wchar mode), or has half-broken support through fputs,
which can still break up multi-byte sequences through its internal
buffering.
Likewise, changing the codepage and using ConsoleWriteA, or trying to
use fputws did not work in a test VM either.
This approach is the one that worked most consistently among the
ones tried, but also has problems. E.g. it breaks when setting the
codepage to UTF-8 manually (using `chcp 65001`).
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
When piping the output of another program into tar2sqfs.exe, and
the source program terminates, tar2sqfs.exe gets an ERROR_BROKEN_PIPE
when the end is reached and it trys to pre-cache more data. This
commit adds a work around, to propperly handle this as and end-of-file
condition.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Apparently, mingw implicitly included stdlib.h indirectly from either
windows.h or shellapi.h. After an upgrade, the windows build now
fails with EXIT_FAILURE being undefined.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Now that there is a wrapper for main() on Windows, all executable
programs must use a common, cannonical signature for main().
Furthermore, the Windows version of the epoch test needs wrappers
for setenv/unsetenv.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
When opening files on windows, use the widechar versions and convert
from (assumed) UTF-8 to UTF-16 as needed.
Since the broken, code-page-random API may acutall be intended in some
use cases, leave that option in through an additional flag.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
A macro and forward declaration are added to compat.h that rename
the main() function programs using compat.h into sqfs_tools_main.
An actual main() function is added to libcompat.a, that uses the
shell API to get the UTF-16 command line arguments, convert them
to UTF-8 and call sqfs_tools_main.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The Windows port uses FlushFileBuffers in libfstream for the
implmentation of the file flush method. Unlike other winapi functions,
this function returns a boolean and not an error code.
Previously, the error code path was executed on success, printing a
rather confusing error message, that this file already exists.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The intention of the (severely incomplete) ABI test case is to detect
changes to the ABI of libsquashfs. Currently it tries to blurt out if
the layout of some structure is changed unintentionally.
Unfortunately, the test uses some unportable assumptions. Among other
things, it was assumed that a 64 bit field will always require 64 bit
alignment. This is apparently no the case on 32 bit x86.
This patch makes the check work on 32 bit and 64 bit x86, by adding
an additional runtime check that relies on the __alignof__ extension
offered by gcc and clang (the only 2 compilers that are really
supported at the moment).
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Use the same size check as sqfs_dir_reader_open_dir and report EOF,
even if it is possible to read the header itself, but nothing beyond
that.
Also check if it should be possible to read an entry header before
attempting and report EOF if not.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The sqfs_dir_reader_open_dir function tried to take a short-cut by
returning early if the target directory is empty. However, this left
some field unchanged from the previous directory.
If iterating over a directory and then deciding to enter a sub-directory
that happens to be empty, the directory reader will keep the settings
for the current directory. After calling sqfs_dir_reader_rewind, the
sub-directory will suddenly report the contents of the parent.
A similar check is added to the rewind function to not track back on
the meta data reader in that case.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
On the 1.1.x branch, the upstream "allow delete if NULL" patch is not
applied, so this needs an explcit fix.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Due to the change in directory size accounting, the checksums no
longer matched.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
If rdsquashfs unpacks a directory tree that contains a symlink,
followed by something else with the exact same name, it will
follow the symlink and can be tricked into writing to an
arbitrary filesystem location controlled by the SquashFS image.
Because there might actually be a reasonable use case, where an
image is unpacked into an directory existing directory tree, with
symlinks that should be followed, this is solved as follows:
- Before unpacking, recursively sort the directory by filename.
- FAIL if (after sorting) two consequtive entries at the same
hierarchy level have the same name.
This solution is more generic and prevents the unpacker from accessing
the same thing twice in generall, thus also excluding the symlink issue.
Hardlinks are already unfolded into duplicate tree nodes by the tree
reader (with loop detection) so that should not prompt further issues.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Licensed under 0BSD: https://opensource.org/licenses/0BSD
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
|
|
|
|
This is to allow git to recognize that format.txt "moves" to format.adoc
in the next commit (with -M20, at least), which should allow easier
comparison for what has changed (and more importantly, what hasn't) in
converting to asciidoc. For instance, doing the diff with the following
options:
```
-M20 --ignore-all-space --word-diff
```
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The squashfs readdir() implementation in the Linux kernel returns
non-existing "." and ".." entries for offsets 0 and 1, and after
that reads from disk. For convenience, it was decided to store an
off-by-3 value on disk instead of doing complex primary school math
to adjust for this. This didn't show up until now, because the kernel
implementation trusts the value from the directory header more than
the actual size in the inode and happily reads 3 more than the inode
would allow it to. This only showed up with 7-zip which subtracts 3
from the size and expects the result to be exact and bails if the
directory headers suggest otherwise.
And yes, I did consider making a "Holy Hand Granade of Antioch"
reference, but consciously decided not to.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The data is processed 2G at a time to avoid this exact issue, but the
check was skipped on 64 bit systems, since the function *used to* use
size_t instead of sqfs_u32.
This commit removes the second check.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
When processing files > 4G, using "%o" truncates the result and the
tarball is not readable. This should have been discovered when
auto-patching the printf format specifiers, but a cast was added
instead and the issue was overlooked.
This commit replaces the down-cast and printf format specifiers.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|