/* vi: set sw=4 ts=4: */
/*
 * gunzip implementation for busybox
 *
 * Based on GNU gzip v1.2.4 Copyright (C) 1992-1993 Jean-loup Gailly.
 *
 * Originally adjusted for busybox by Sven Rudolph <sr1@inf.tu-dresden.de>
 * based on gzip sources
 *
 * Adjusted further by Erik Andersen <andersen@codepoet.org> to support
 * files as well as stdin/stdout, and to generally behave itself wrt
 * command line handling.
 *
 * General cleanup to better adhere to the style guide and make use of standard
 * busybox functions by Glenn McGrath
 *
 * read_gz interface + associated hacking by Laurence Anderson
 *
 * Fixed huft_build() so decoding end-of-block code does not grab more bits
 * than necessary (this is required by unzip applet), added inflate_cleanup()
 * to free leaked bytebuffer memory (used in unzip.c), and some minor style
 * guide cleanups by Ed Clark
 *
 * gzip (GNU zip) -- compress files with zip algorithm and 'compress' interface
 * Copyright (C) 1992-1993 Jean-loup Gailly
 * The unzip code was written and put in the public domain by Mark Adler.
 * Portions of the lzw code are derived from the public domain 'compress'
 * written by Spencer Thomas, Joe Orost, James Woods, Jim McKie, Steve Davies,
 * Ken Turkowski, Dave Mack and Peter Jannesen.
 *
 * See the file algorithm.doc for the compression algorithms and file formats.
 *
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 */
#include "libbb.h"
#include "bb_archive.h"

typedef struct huft_t {
        unsigned char e;        /* number of extra bits or operation */
        unsigned char b;        /* number of bits in this code or subcode */
        union {
                unsigned n;     /* literal, length base, or distance base */
                /* ^^^^^ was "unsigned short", but that results in larger code */
                struct huft_t *t;       /* pointer to next level of table */
        } v;
} huft_t;

enum {
        /* gunzip_window size--must be a power of two, and
         * at least 32K for zip's deflate method */
        GUNZIP_WSIZE = 0x8000,
        /* If BMAX needs to be larger than 16, then h and x[] should be ulg. */
        BMAX = 16,      /* maximum bit length of any code (16 for explode) */
        N_MAX = 288,    /* maximum number of codes in any set */
};


/* This is somewhat complex-looking arrangement, but it allows
 * to place decompressor state either in bss or in
 * malloc'ed space simply by changing #defines below.
 * Sizes on i386:
 * text    data     bss     dec     hex
 * 5256       0     108    5364    14f4 - bss
 * 4915       0       0    4915    1333 - malloc
 */
#define STATE_IN_BSS 0
#define STATE_IN_MALLOC 1


typedef struct state_t {
        off_t gunzip_bytes_out; /* number of output bytes */
        uint32_t gunzip_crc;

        int gunzip_src_fd;
        unsigned gunzip_outbuf_count; /* bytes in output buffer */

        unsigned char *gunzip_window;

        uint32_t *gunzip_crc_table;

        /* bitbuffer */
        unsigned gunzip_bb; /* bit buffer */
        unsigned char gunzip_bk; /* bits in bit buffer */

        /* input (compressed) data */
        unsigned char *bytebuffer;      /* buffer itself */
        off_t to_read;                  /* compressed bytes to read (unzip only, -1 for gunzip) */
//      unsigned bytebuffer_max;        /* buffer size */
        unsigned bytebuffer_offset;     /* buffer position */
        unsigned bytebuffer_size;       /* how much data is there (size <= max) */

        /* private data of inflate_codes() */
        unsigned inflate_codes_ml; /* masks for bl and bd bits */
        unsigned inflate_codes_md; /* masks for bl and bd bits */
        unsigned inflate_codes_bb; /* bit buffer */
        unsigned inflate_codes_k; /* number of bits in bit buffer */
        unsigned inflate_codes_w; /* current gunzip_window position */
        huft_t *inflate_codes_tl;
        huft_t *inflate_codes_td;
        unsigned inflate_codes_bl;
        unsigned inflate_codes_bd;
        unsigned inflate_codes_nn; /* length and index for copy */
        unsigned inflate_codes_dd;

        smallint resume_copy;

        /* private data of inflate_get_next_window() */
        smallint method; /* method == -1 for stored, -2 for codes */
        smallint need_another_block;
        smallint end_reached;

        /* private data of inflate_stored() */
        unsigned inflate_stored_n;
        unsigned inflate_stored_b;
        unsigned inflate_stored_k;
        unsigned inflate_stored_w;

        const char *error_msg;
        jmp_buf error_jmp;
} state_t;
#define gunzip_bytes_out    (S()gunzip_bytes_out   )
#define gunzip_crc          (S()gunzip_crc         )
#define gunzip_src_fd       (S()gunzip_src_fd      )
#define gunzip_outbuf_count (S()gunzip_outbuf_count)
#define gunzip_window       (S()gunzip_window      )
#define gunzip_crc_table    (S()gunzip_crc_table   )
#define gunzip_bb           (S()gunzip_bb          )
#define gunzip_bk           (S()gunzip_bk          )
#define to_read             (S()to_read            )
// #define bytebuffer_max   (S()bytebuffer_max     )
// Both gunzip and unzip can use constant buffer size now (16k):
#define bytebuffer_max      0x4000
#define bytebuffer          (S()bytebuffer         )
#define bytebuffer_offset   (S()bytebuffer_offset  )
#define bytebuffer_size     (S()bytebuffer_size    )
#define inflate_codes_ml    (S()inflate_codes_ml   )
#define inflate_codes_md    (S()inflate_codes_md   )
#define inflate_codes_bb    (S()inflate_codes_bb   )
#define inflate_codes_k     (S()inflate_codes_k    )
#define inflate_codes_w     (S()inflate_codes_w    )
#define inflate_codes_tl    (S()inflate_codes_tl   )
#define inflate_codes_td    (S()inflate_codes_td   )
#define inflate_codes_bl    (S()inflate_codes_bl   )
#define inflate_codes_bd    (S()inflate_codes_bd   )
#define inflate_codes_nn    (S()inflate_codes_nn   )
#define inflate_codes_dd    (S()inflate_codes_dd   )
#define resume_copy         (S()resume_copy        )
#define method              (S()method             )
#define need_another_block  (S()need_another_block )
#define end_reached         (S()end_reached        )
#define inflate_stored_n    (S()inflate_stored_n   )
#define inflate_stored_b    (S()inflate_stored_b   )
#define inflate_stored_k    (S()inflate_stored_k   )
#define inflate_stored_w    (S()inflate_stored_w   )
#define error_msg           (S()error_msg          )
#define error_jmp           (S()error_jmp          )

/* This is a generic part */
#if STATE_IN_BSS /* Use global data segment */
#define DECLARE_STATE /*nothing*/
#define ALLOC_STATE /*nothing*/
#define DEALLOC_STATE ((void)0)
#define S() state.
#define PASS_STATE /*nothing*/
#define PASS_STATE_ONLY /*nothing*/
#define STATE_PARAM /*nothing*/
#define STATE_PARAM_ONLY void
static state_t state;
#endif

#if STATE_IN_MALLOC /* Use malloc space */
#define DECLARE_STATE state_t *state
#define ALLOC_STATE (state = xzalloc(sizeof(*state)))
#define DEALLOC_STATE free(state)
#define S() state->
#define PASS_STATE state,
#define PASS_STATE_ONLY state
#define STATE_PARAM state_t *state,
#define STATE_PARAM_ONLY state_t *state
#endif


static const uint16_t mask_bits[] ALIGN2 = {
        0x0000, 0x0001, 0x0003, 0x0007, 0x000f, 0x001f, 0x003f, 0x007f, 0x00ff,
        0x01ff, 0x03ff, 0x07ff, 0x0fff, 0x1fff, 0x3fff, 0x7fff, 0xffff
};

/* Put lengths/offsets and extra bits in a struct of arrays
 * to make calls to huft_build() have one fewer parameter.
 */
struct cp_ext {
        uint16_t cp[31];
        uint8_t ext[31];
};
/* Copy lengths and extra bits for literal codes 257..285 */
/* note: see note #13 above about the 258 in this list. */
static const struct cp_ext lit ALIGN2 = {
        /*257 258 259 260 261 262 263 264 265 266 267 268 269 270 271  272  273  274  275  276   277   278   279   280   281   282   283    284    285 */
        /*0   1   2   3   4   5   6   7   8   9   10  11  12  13   14   15   16   17   18   19    20    21    22    23    24    25    26     27     28     29  30 */
        { 3,  4,  5,  6,  7,  8,  9,  10, 11, 13, 15, 17, 19, 23,  27,  31,  35,  43,  51,  59,   67,   83,   99,  115,  131,  163,  195,   227,   258,     0, 0  },
        { 0,  0,  0,  0,  0,  0,  0,   0,  1,  1,  1,  1,  2,  2,   2,   2,   3,   3,   3,   3,    4,    4,    4,    4,    5,    5,    5,     5,     0,    99, 99 } /* 99 == invalid */
};
/* Copy offsets and extra bits for distance codes 0..29 */
static const struct cp_ext dist ALIGN2 = {
        /*0   1   2   3   4   5   6   7   8   9   10  11  12  13   14   15   16   17   18   19    20    21    22    23    24    25    26     27     28     29 */
        { 1,  2,  3,  4,  5,  7,  9,  13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, 8193, 12289, 16385, 24577 },
        { 0,  0,  0,  0,  1,  1,  2,   2,  3,  3,  4,  4,  5,  5,   6,   6,   7,   7,   8,   8,    9,    9,   10,   10,   11,   11,   12,    12,    13,    13 }
};

/* Tables for deflate from PKZIP's appnote.txt. */
/* Order of the bit length code lengths */
static const uint8_t border[] ALIGN1 = {
        16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15
};


/*
 * Free the malloc'ed tables built by huft_build(), which makes a linked
 * list of the tables it made, with the links in a dummy first entry of
 * each table.
 * t: table to free
 */
#define BAD_HUFT(p) ((uintptr_t)(p) & 1)
#define ERR_RET     ((huft_t*)(uintptr_t)1)
static void huft_free(huft_t *p)
{
        huft_t *q;

        /*
         * If 'p' has the error bit set we have to clear it, otherwise we might run
         * into a segmentation fault or an invalid pointer to free(p)
         */
        //if (BAD_HUFT(p)) // commented out, since bit clearing has effect only if condition is true
                p = (huft_t*)((uintptr_t)p & ~(uintptr_t)ERR_RET);

        /* Go through linked list, freeing from the malloced (t[-1]) address. */
        while (p) {
                q = (--p)->v.t;
                free(p);
                p = q;
        }
}

static void huft_free_all(STATE_PARAM_ONLY)
{
        huft_free(inflate_codes_tl);
        huft_free(inflate_codes_td);
        inflate_codes_tl = NULL;
        inflate_codes_td = NULL;
}

static void abort_unzip(STATE_PARAM_ONLY) NORETURN;
static void abort_unzip(STATE_PARAM_ONLY)
{
        huft_free_all(PASS_STATE_ONLY);
        longjmp(error_jmp, 1);
}

static unsigned fill_bitbuffer(STATE_PARAM unsigned bitbuffer, unsigned *current, const unsigned required)
{
        while (*current < required) {
                if (bytebuffer_offset >= bytebuffer_size) {
                        unsigned sz = bytebuffer_max - 4;
                        if (to_read >= 0 && to_read < sz) /* unzip only */
                                sz = to_read;
                        /* Leave the first 4 bytes empty so we can always unwind the bitbuffer
                         * to the front of the bytebuffer */
                        bytebuffer_size = safe_read(gunzip_src_fd, &bytebuffer[4], sz);
                        if ((int)bytebuffer_size < 1) {
                                error_msg = "unexpected end of file";
                                abort_unzip(PASS_STATE_ONLY);
                        }
                        if (to_read >= 0) /* unzip only */
                                to_read -= bytebuffer_size;
                        bytebuffer_size += 4;
                        bytebuffer_offset = 4;
                }
                bitbuffer |= ((unsigned) bytebuffer[bytebuffer_offset]) << *current;
                bytebuffer_offset++;
                *current += 8;
        }
        return bitbuffer;
}


/* Given a list of code lengths and a maximum table size, make a set of
 * tables to decode that set of codes.
 *
 * b:   code lengths in bits (all assumed <= BMAX)
 * n:   number of codes (assumed <= N_MAX)
 * s:   number of simple-valued codes (0..s-1)
 * cp_ext->cp,ext: list of base values/extra bits for non-simple codes
 * m:   maximum lookup bits, returns actual
 * result: starting table
 *
 * On error, returns a value with lowest-bit set on error.
 * It can be just the value of 0x1,
 * or a valid pointer to a Huffman table, ORed with 0x1 if incompete table
 * is given: "fixed inflate" decoder feeds us such data.
 */
static huft_t* huft_build(const unsigned *b, const unsigned n,
                        const unsigned s, const struct cp_ext *cp_ext,
                        unsigned *m)
{
        unsigned a;             /* counter for codes of length k */
        unsigned c[BMAX + 1];   /* bit length count table */
        unsigned eob_len;       /* length of end-of-block code (value 256) */
        unsigned f;             /* i repeats in table every f entries */
        int g;                  /* maximum code length */
        int htl;                /* table level */
        unsigned i;             /* counter, current code */
        unsigned j;             /* counter */
        int k;                  /* number of bits in current code */
        const unsigned *p;      /* pointer into c[], b[], or v[] */
        huft_t *q;              /* points to current table */
        huft_t r;               /* table entry for structure assignment */
        huft_t *u[BMAX];        /* table stack */
        unsigned v[N_MAX + 1];  /* values in order of bit length. last v[] is never used */
        int ws[BMAX + 1];       /* bits decoded stack */
        int w;                  /* bits decoded */
        unsigned x[BMAX + 1];   /* bit offsets, then code stack */
        unsigned *xp;           /* pointer into x */
        int y;                  /* number of dummy codes added */
        unsigned z;             /* number of entries in current table */
        huft_t *result;
        huft_t **t;

        /* Length of EOB code, if any */
        eob_len = n > 256 ? b[256] : BMAX;

        /* Generate counts for each bit length */
        memset(c, 0, sizeof(c));
        p = b;
        i = n;
        do {
                c[*p]++; /* assume all entries <= BMAX */
                p++;     /* can't combine with above line (Solaris bug) */
        } while (--i);
        if (c[0] == n) {  /* null input - all zero length codes */
                q = xzalloc(3 * sizeof(*q));
                //q[0].v.t = NULL;
                q[1].e = 99;    /* invalid code marker */
                q[1].b = 1;
                q[2].e = 99;    /* invalid code marker */
                q[2].b = 1;
                *m = 1;
                return q + 1;
        }

        /* Find minimum and maximum length, bound *m by those */
        for (j = 1; (j <= BMAX) && (c[j] == 0); j++)
                continue;
        k = j; /* minimum code length */
        for (i = BMAX; (c[i] == 0) && i; i--)
                continue;
        g = i; /* maximum code length */
        *m = (*m < j) ? j : ((*m > i) ? i : *m);

        /* Adjust last length count to fill out codes, if needed */
        for (y = 1 << j; j < i; j++, y <<= 1) {
                y -= c[j];
                if (y < 0)
                        return ERR_RET; /* bad input: more codes than bits */
        }
        y -= c[i];
        if (y < 0)
                return ERR_RET;
        c[i] += y;

        /* Generate starting offsets into the value table for each length */
        x[1] = j = 0;
        p = c + 1;
        xp = x + 2;
        while (--i) { /* note that i == g from above */
                j += *p++;
                *xp++ = j;
        }

        /* Make a table of values in order of bit lengths.
         * To detect bad input, unused v[i]'s are set to invalid value UINT_MAX.
         * In particular, last v[i] is never filled and must not be accessed.
         */
        memset(v, 0xff, sizeof(v));
        p = b;
        i = 0;
        do {
                j = *p++;
                if (j != 0) {
                        v[x[j]++] = i;
                }
        } while (++i < n);

        /* Generate the Huffman codes and for each, make the table entries */
        result = ERR_RET;
        t = &result;
        x[0] = i = 0;   /* first Huffman code is zero */
        p = v;          /* grab values in bit order */
        htl = -1;       /* no tables yet--level -1 */
        w = ws[0] = 0;  /* bits decoded */
        u[0] = NULL;    /* just to keep compilers happy */
        q = NULL;       /* ditto */
        z = 0;          /* ditto */

        /* go through the bit lengths (k already is bits in shortest code) */
        for (; k <= g; k++) {
                a = c[k];
                while (a--) {
                        /* here i is the Huffman code of length k bits for value *p */
                        /* make tables up to required level */
                        while (k > ws[htl + 1]) {
                                w = ws[++htl];

                                /* compute minimum size table less than or equal to *m bits */
                                z = g - w;
                                z = z > *m ? *m : z; /* upper limit on table size */
                                j = k - w;
                                f = 1 << j;
                                if (f > a + 1) { /* try a k-w bit table */
                                        /* too few codes for k-w bit table */
                                        f -= a + 1; /* deduct codes from patterns left */
                                        xp = c + k;
                                        while (++j < z) { /* try smaller tables up to z bits */
                                                f <<= 1;
                                                if (f <= *++xp) {
                                                        break; /* enough codes to use up j bits */
                                                }
                                                f -= *xp; /* else deduct codes from patterns */
                                        }
                                }
                                j = (w + j > eob_len && w < eob_len) ? eob_len - w : j; /* make EOB code end at table */
                                z = 1 << j;     /* table entries for j-bit table */
                                ws[htl+1] = w + j;      /* set bits decoded in stack */

                                /* allocate and link in new table */
                                q = xzalloc((z + 1) * sizeof(huft_t));
                                *t = q + 1;     /* link to list for huft_free() */
                                t = &(q->v.t);
                                u[htl] = ++q;   /* table starts after link */

                                /* connect to last table, if there is one */
                                if (htl) {
                                        x[htl] = i; /* save pattern for backing up */
                                        r.b = (unsigned char) (w - ws[htl - 1]); /* bits to dump before this table */
                                        r.e = (unsigned char) (16 + j); /* bits in this table */
                                        r.v.t = q; /* pointer to this table */
                                        j = (i & ((1 << w) - 1)) >> ws[htl - 1];
                                        u[htl - 1][j] = r; /* connect to last table */
                                }
                        }

                        /* set up table entry in r */
                        r.b = (unsigned char) (k - w);
                        if (/*p >= v + n || -- redundant, caught by the second check: */
                            *p == UINT_MAX /* do we access uninited v[i]? (see memset(v))*/
                        ) {
                                r.e = 99; /* out of values--invalid code */
                        } else if (*p < s) {
                                r.e = (unsigned char) (*p < 256 ? 16 : 15);     /* 256 is EOB code */
                                r.v.n = (unsigned short) (*p++); /* simple code is just the value */
                        } else {
                                r.e = (unsigned char) cp_ext->ext[*p - s]; /* non-simple--look up in lists */
                                r.v.n = cp_ext->cp[*p++ - s];
                        }

                        /* fill code-like entries with r */
                        f = 1 << (k - w);
                        for (j = i >> w; j < z; j += f) {
                                q[j] = r;
                        }

                        /* backwards increment the k-bit code i */
                        for (j = 1 << (k - 1); i & j; j >>= 1) {
                                i ^= j;
                        }
                        i ^= j;

                        /* backup over finished tables */
                        while ((i & ((1 << w) - 1)) != x[htl]) {
                                w = ws[--htl];
                        }
                }
        }

        /* return actual size of base table */
        *m = ws[1];

        if (y != 0 && g != 1) /* we were given an incomplete table */
                /* return "result" ORed with 1 */
                return (void*)((uintptr_t)result | 1);

        return result;
}


/*
 * inflate (decompress) the codes in a deflated (compressed) block.
 * Return an error code or zero if it all goes ok.
 *
 * tl, td: literal/length and distance decoder tables
 * bl, bd: number of bits decoded by tl[] and td[]
 */
/* called once from inflate_block */

/* map formerly local static variables to globals */
#define ml inflate_codes_ml
#define md inflate_codes_md
#define bb inflate_codes_bb
#define k  inflate_codes_k
#define w  inflate_codes_w
#define tl inflate_codes_tl
#define td inflate_codes_td
#define bl inflate_codes_bl
#define bd inflate_codes_bd
#define nn inflate_codes_nn
#define dd inflate_codes_dd
static void inflate_codes_setup(STATE_PARAM unsigned my_bl, unsigned my_bd)
{
        bl = my_bl;
        bd = my_bd;
        /* make local copies of globals */
        bb = gunzip_bb;                 /* initialize bit buffer */
        k = gunzip_bk;
        w = gunzip_outbuf_count;        /* initialize gunzip_window position */
        /* inflate the coded data */
        ml = mask_bits[bl];             /* precompute masks for speed */
        md = mask_bits[bd];
}
/* called once from inflate_get_next_window */
static NOINLINE int inflate_codes(STATE_PARAM_ONLY)
{
        unsigned e;     /* table entry flag/number of extra bits */
        huft_t *t;      /* pointer to table entry */

        if (resume_copy)
                goto do_copy;

        while (1) {                     /* do until end of block */
                bb = fill_bitbuffer(PASS_STATE bb, &k, bl);
                t = tl + ((unsigned) bb & ml);
                e = t->e;
                if (e > 16)
                        do {
                                if (e == 99) {
                                        abort_unzip(PASS_STATE_ONLY);
                                }
                                bb >>= t->b;
                                k -= t->b;
                                e -= 16;
                                bb = fill_bitbuffer(PASS_STATE bb, &k, e);
                                t = t->v.t + ((unsigned) bb & mask_bits[e]);
                                e = t->e;
                        } while (e > 16);
                bb >>= t->b;
                k -= t->b;
                if (e == 16) {  /* then it's a literal */
                        gunzip_window[w++] = (unsigned char) t->v.n;
                        if (w == GUNZIP_WSIZE) {
                                gunzip_outbuf_count = w;
                                //flush_gunzip_window();
                                w = 0;
                                return 1; // We have a block to read
                        }
                } else {                /* it's an EOB or a length */
                        /* exit if end of block */
                        if (e == 15) {
                                break;
                        }

                        /* get length of block to copy */
                        bb = fill_bitbuffer(PASS_STATE bb, &k, e);
                        nn = t->v.n + ((unsigned) bb & mask_bits[e]);
                        bb >>= e;
                        k -= e;

                        /* decode distance of block to copy */
                        bb = fill_bitbuffer(PASS_STATE bb, &k, bd);
                        t = td + ((unsigned) bb & md);
                        e = t->e;
                        if (e > 16)
                                do {
                                        if (e == 99) {
                                                abort_unzip(PASS_STATE_ONLY);
                                        }
                                        bb >>= t->b;
                                        k -= t->b;
                                        e -= 16;
                                        bb = fill_bitbuffer(PASS_STATE bb, &k, e);
                                        t = t->v.t + ((unsigned) bb & mask_bits[e]);
                                        e = t->e;
                                } while (e > 16);
                        bb >>= t->b;
                        k -= t->b;
                        bb = fill_bitbuffer(PASS_STATE bb, &k, e);
                        dd = w - t->v.n - ((unsigned) bb & mask_bits[e]);
                        bb >>= e;
                        k -= e;

                        /* do the copy */
 do_copy:
                        do {
                                /* Was: nn -= (e = (e = GUNZIP_WSIZE - ((dd &= GUNZIP_WSIZE - 1) > w ? dd : w)) > nn ? nn : e); */
                                /* Who wrote THAT?? rewritten as: */
                                unsigned delta;

                                dd &= GUNZIP_WSIZE - 1;
                                e = GUNZIP_WSIZE - (dd > w ? dd : w);
                                delta = w > dd ? w - dd : dd - w;
                                if (e > nn) e = nn;
                                nn -= e;

                                /* copy to new buffer to prevent possible overwrite */
                                if (delta >= e) {
                                        memcpy(gunzip_window + w, gunzip_window + dd, e);
                                        w += e;
                                        dd += e;
                                } else {
                                        /* do it slow to avoid memcpy() overlap */
                                        /* !NOMEMCPY */
                                        do {
                                                gunzip_window[w++] = gunzip_window[dd++];
                                        } while (--e);
                                }
                                if (w == GUNZIP_WSIZE) {
                                        gunzip_outbuf_count = w;
                                        resume_copy = (nn != 0);
                                        //flush_gunzip_window();
                                        w = 0;
                                        return 1;
                                }
                        } while (nn);
                        resume_copy = 0;
                }
        }

        /* restore the globals from the locals */
        gunzip_outbuf_count = w;        /* restore global gunzip_window pointer */
        gunzip_bb = bb;                 /* restore global bit buffer */
        gunzip_bk = k;

        /* normally just after call to inflate_codes, but save code by putting it here */
        /* free the decoding tables (tl and td), return */
        huft_free_all(PASS_STATE_ONLY);

        /* done */
        return 0;
}
#undef ml
#undef md
#undef bb
#undef k
#undef w
#undef tl
#undef td
#undef bl
#undef bd
#undef nn
#undef dd


/* called once from inflate_block */
static void inflate_stored_setup(STATE_PARAM int my_n, int my_b, int my_k)
{
        inflate_stored_n = my_n;
        inflate_stored_b = my_b;
        inflate_stored_k = my_k;
        /* initialize gunzip_window position */
        inflate_stored_w = gunzip_outbuf_count;
}
/* called once from inflate_get_next_window */
static int inflate_stored(STATE_PARAM_ONLY)
{
        /* read and output the compressed data */
        while (inflate_stored_n--) {
                inflate_stored_b = fill_bitbuffer(PASS_STATE inflate_stored_b, &inflate_stored_k, 8);
                gunzip_window[inflate_stored_w++] = (unsigned char) inflate_stored_b;
                if (inflate_stored_w == GUNZIP_WSIZE) {
                        gunzip_outbuf_count = inflate_stored_w;
                        //flush_gunzip_window();
                        inflate_stored_w = 0;
                        inflate_stored_b >>= 8;
                        inflate_stored_k -= 8;
                        return 1; /* We have a block */
                }
                inflate_stored_b >>= 8;
                inflate_stored_k -= 8;
        }

        /* restore the globals from the locals */
        gunzip_outbuf_count = inflate_stored_w;         /* restore global gunzip_window pointer */
        gunzip_bb = inflate_stored_b;   /* restore global bit buffer */
        gunzip_bk = inflate_stored_k;
        return 0; /* Finished */
}


/*
 * decompress an inflated block
 * e: last block flag
 *
 * GLOBAL VARIABLES: bb, kk,
 */
/* Return values: -1 = inflate_stored, -2 = inflate_codes */
/* One callsite in inflate_get_next_window */
static int inflate_block(STATE_PARAM smallint *e)
{
        unsigned ll[286 + 30];  /* literal/length and distance code lengths */
        unsigned t;     /* block type */
        unsigned b;     /* bit buffer */
        unsigned k;     /* number of bits in bit buffer */

        /* make local bit buffer */

        b = gunzip_bb;
        k = gunzip_bk;

        /* read in last block bit */
        b = fill_bitbuffer(PASS_STATE b, &k, 1);
        *e = b & 1;
        b >>= 1;
        k -= 1;

        /* read in block type */
        b = fill_bitbuffer(PASS_STATE b, &k, 2);
        t = (unsigned) b & 3;
        b >>= 2;
        k -= 2;

        /* restore the global bit buffer */
        gunzip_bb = b;
        gunzip_bk = k;

        /* Do we see block type 1 often? Yes!
         * TODO: fix performance problem (see below) */
        //bb_error_msg("blktype %d", t);

        /* inflate that block type */
        switch (t) {
        case 0: /* Inflate stored */
        {
                unsigned n;     /* number of bytes in block */
                unsigned b_stored;      /* bit buffer */
                unsigned k_stored;      /* number of bits in bit buffer */

                /* make local copies of globals */
                b_stored = gunzip_bb;   /* initialize bit buffer */
                k_stored = gunzip_bk;

                /* go to byte boundary */
                n = k_stored & 7;
                b_stored >>= n;
                k_stored -= n;

                /* get the length and its complement */
                b_stored = fill_bitbuffer(PASS_STATE b_stored, &k_stored, 16);
                n = ((unsigned) b_stored & 0xffff);
                b_stored >>= 16;
                k_stored -= 16;

                b_stored = fill_bitbuffer(PASS_STATE b_stored, &k_stored, 16);
                if (n != (unsigned) ((~b_stored) & 0xffff)) {
                        abort_unzip(PASS_STATE_ONLY);   /* error in compressed data */
                }
                b_stored >>= 16;
                k_stored -= 16;

                inflate_stored_setup(PASS_STATE n, b_stored, k_stored);

                return -1;
        }
        case 1:
        /* Inflate fixed
         * decompress an inflated type 1 (fixed Huffman codes) block. We should
         * either replace this with a custom decoder, or at least precompute the
         * Huffman tables. TODO */
        {
                int i;                  /* temporary variable */
                unsigned bl;            /* lookup bits for tl */
                unsigned bd;            /* lookup bits for td */
                /* gcc 4.2.1 is too dumb to reuse stackspace. Moved up... */
                //unsigned ll[288];     /* length list for huft_build */

                /* set up literal table */
                for (i = 0; i < 144; i++)
                        ll[i] = 8;
                for (; i < 256; i++)
                        ll[i] = 9;
                for (; i < 280; i++)
                        ll[i] = 7;
                for (; i < 288; i++) /* make a complete, but wrong code set */
                        ll[i] = 8;
                bl = 7;
                inflate_codes_tl = huft_build(ll, 288, 257, &lit, &bl);
                /* ^^^ never returns error here - we use known data */

                /* set up distance table */
                for (i = 0; i < 30; i++) /* make an incomplete code set */
                        ll[i] = 5;
                bd = 5;
                inflate_codes_td = huft_build(ll, 30, 0, &dist, &bd);
                /* ^^^ does return error here! (lsb bit is set) - we gave it incomplete code set */
                /* clearing error bit: */
                inflate_codes_td = (void*)((uintptr_t)inflate_codes_td & ~(uintptr_t)1);

                /* set up data for inflate_codes() */
                inflate_codes_setup(PASS_STATE bl, bd);

                /* huft_free code moved into inflate_codes */

                return -2;
        }
        case 2: /* Inflate dynamic */
        {
                enum { dbits = 6 };     /* bits in base distance lookup table */
                enum { lbits = 9 };     /* bits in base literal/length lookup table */

                huft_t *td;             /* distance code table */
                unsigned i;             /* temporary variables */
                unsigned j;
                unsigned l;             /* last length */
                unsigned m;             /* mask for bit lengths table */
                unsigned n;             /* number of lengths to get */
                unsigned bl;            /* lookup bits for tl */
                unsigned bd;            /* lookup bits for td */
                unsigned nb;            /* number of bit length codes */
                unsigned nl;            /* number of literal/length codes */
                unsigned nd;            /* number of distance codes */

                //unsigned ll[286 + 30];/* literal/length and distance code lengths */
                unsigned b_dynamic;     /* bit buffer */
                unsigned k_dynamic;     /* number of bits in bit buffer */

                /* make local bit buffer */
                b_dynamic = gunzip_bb;
                k_dynamic = gunzip_bk;

                /* read in table lengths */
                b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 5);
                nl = 257 + ((unsigned) b_dynamic & 0x1f);       /* number of literal/length codes */

                b_dynamic >>= 5;
                k_dynamic -= 5;
                b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 5);
                nd = 1 + ((unsigned) b_dynamic & 0x1f); /* number of distance codes */

                b_dynamic >>= 5;
                k_dynamic -= 5;
                b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 4);
                nb = 4 + ((unsigned) b_dynamic & 0xf);  /* number of bit length codes */

                b_dynamic >>= 4;
                k_dynamic -= 4;
                if (nl > 286 || nd > 30) {
                        abort_unzip(PASS_STATE_ONLY);   /* bad lengths */
                }

                /* read in bit-length-code lengths */
                for (j = 0; j < nb; j++) {
                        b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 3);
                        ll[border[j]] = (unsigned) b_dynamic & 7;
                        b_dynamic >>= 3;
                        k_dynamic -= 3;
                }
                for (; j < 19; j++)
                        ll[border[j]] = 0;

                /* build decoding table for trees - single level, 7 bit lookup */
                bl = 7;
                inflate_codes_tl = huft_build(ll, 19, 19, NULL, &bl);
                if (BAD_HUFT(inflate_codes_tl)) {
                        abort_unzip(PASS_STATE_ONLY);   /* incomplete code set */
                }

                /* read in literal and distance code lengths */
                n = nl + nd;
                m = mask_bits[bl];
                i = l = 0;
                while ((unsigned) i < n) {
                        b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, (unsigned)bl);
                        td = inflate_codes_tl + ((unsigned) b_dynamic & m);
                        j = td->b;
                        b_dynamic >>= j;
                        k_dynamic -= j;
                        j = td->v.n;
                        if (j < 16) {   /* length of code in bits (0..15) */
                                ll[i++] = l = j;        /* save last length in l */
                        } else if (j == 16) {   /* repeat last length 3 to 6 times */
                                b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 2);
                                j = 3 + ((unsigned) b_dynamic & 3);
                                b_dynamic >>= 2;
                                k_dynamic -= 2;
                                if ((unsigned) i + j > n) {
                                        abort_unzip(PASS_STATE_ONLY); //return 1;
                                }
                                while (j--) {
                                        ll[i++] = l;
                                }
                        } else if (j == 17) {   /* 3 to 10 zero length codes */
                                b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 3);
                                j = 3 + ((unsigned) b_dynamic & 7);
                                b_dynamic >>= 3;
                                k_dynamic -= 3;
                                if ((unsigned) i + j > n) {
                                        abort_unzip(PASS_STATE_ONLY); //return 1;
                                }
                                while (j--) {
                                        ll[i++] = 0;
                                }
                                l = 0;
                        } else {        /* j == 18: 11 to 138 zero length codes */
                                b_dynamic = fill_bitbuffer(PASS_STATE b_dynamic, &k_dynamic, 7);
                                j = 11 + ((unsigned) b_dynamic & 0x7f);
                                b_dynamic >>= 7;
                                k_dynamic -= 7;
                                if ((unsigned) i + j > n) {
                                        abort_unzip(PASS_STATE_ONLY); //return 1;
                                }
                                while (j--) {
                                        ll[i++] = 0;
                                }
                                l = 0;
                        }
                }

                /* free decoding table for trees */
                huft_free(inflate_codes_tl);

                /* restore the global bit buffer */
                gunzip_bb = b_dynamic;
                gunzip_bk = k_dynamic;

                /* build the decoding tables for literal/length and distance codes */
                bl = lbits;
                inflate_codes_tl = huft_build(ll, nl, 257, &lit, &bl);
                if (BAD_HUFT(inflate_codes_tl)) {
                        abort_unzip(PASS_STATE_ONLY);
                }
                bd = dbits;
                inflate_codes_td = huft_build(ll + nl, nd, 0, &dist, &bd);
                if (BAD_HUFT(inflate_codes_td)) {
                        abort_unzip(PASS_STATE_ONLY);
                }

                /* set up data for inflate_codes() */
                inflate_codes_setup(PASS_STATE bl, bd);

                /* huft_free code moved into inflate_codes */

                return -2;
        }
        default:
                abort_unzip(PASS_STATE_ONLY);
        }
}

/* Two callsites, both in inflate_get_next_window */
static void calculate_gunzip_crc(STATE_PARAM_ONLY)
{
        gunzip_crc = crc32_block_endian0(gunzip_crc, gunzip_window, gunzip_outbuf_count, gunzip_crc_table);
        gunzip_bytes_out += gunzip_outbuf_count;
}

/* One callsite in inflate_unzip_internal */
static int inflate_get_next_window(STATE_PARAM_ONLY)
{
        gunzip_outbuf_count = 0;

        while (1) {
                int ret;

                if (need_another_block) {
                        if (end_reached) {
                                calculate_gunzip_crc(PASS_STATE_ONLY);
                                end_reached = 0;
                                /* NB: need_another_block is still set */
                                return 0; /* Last block */
                        }
                        method = inflate_block(PASS_STATE &end_reached);
                        need_another_block = 0;
                }

                switch (method) {
                case -1:
                        ret = inflate_stored(PASS_STATE_ONLY);
                        break;
                case -2:
                        ret = inflate_codes(PASS_STATE_ONLY);
                        break;
                default: /* cannot happen */
                        abort_unzip(PASS_STATE_ONLY);
                }

                if (ret == 1) {
                        calculate_gunzip_crc(PASS_STATE_ONLY);
                        return 1; /* more data left */
                }
                need_another_block = 1; /* end of that block */
        }
        /* Doesnt get here */
}

/* Called from unpack_gz_stream() and inflate_unzip() */
static IF_DESKTOP(long long) int
inflate_unzip_internal(STATE_PARAM transformer_state_t *xstate)
{
        IF_DESKTOP(long long) int n = 0;
        ssize_t nwrote;

        /* Allocate all global buffers (for DYN_ALLOC option) */
        gunzip_window = xmalloc(GUNZIP_WSIZE);
        gunzip_outbuf_count = 0;
        gunzip_bytes_out = 0;
        gunzip_src_fd = xstate->src_fd;

        /* (re) initialize state */
        method = -1;
        need_another_block = 1;
        resume_copy = 0;
        gunzip_bk = 0;
        gunzip_bb = 0;

        /* Create the crc table */
        gunzip_crc_table = crc32_new_table_le();
        gunzip_crc = ~0;

        error_msg = "corrupted data";
        if (setjmp(error_jmp)) {
                /* Error from deep inside zip machinery */
                bb_simple_error_msg(error_msg);
                n = -1;
                goto ret;
        }

        while (1) {
                int r = inflate_get_next_window(PASS_STATE_ONLY);
                nwrote = transformer_write(xstate, gunzip_window, gunzip_outbuf_count);
                if (nwrote == (ssize_t)-1) {
                        n = -1;
                        goto ret;
                }
                IF_DESKTOP(n += nwrote;)
                if (r == 0) break;
        }

        /* Store unused bytes in a global buffer so calling applets can access it */
        if (gunzip_bk >= 8) {
                /* Undo too much lookahead. The next read will be byte aligned
                 * so we can discard unused bits in the last meaningful byte. */
                bytebuffer_offset--;
                bytebuffer[bytebuffer_offset] = gunzip_bb & 0xff;
                gunzip_bb >>= 8;
                gunzip_bk -= 8;
        }
 ret:
        /* Cleanup */
        free(gunzip_window);
        free(gunzip_crc_table);
        return n;
}


/* External entry points */

/* For unzip */

IF_DESKTOP(long long) int FAST_FUNC
inflate_unzip(transformer_state_t *xstate)
{
        IF_DESKTOP(long long) int n;
        DECLARE_STATE;

        ALLOC_STATE;

        to_read = xstate->bytes_in;
//      bytebuffer_max = 0x8000;
        bytebuffer_offset = 4;
        bytebuffer = xmalloc(bytebuffer_max);
        n = inflate_unzip_internal(PASS_STATE xstate);
        free(bytebuffer);

        xstate->crc32 = gunzip_crc;
        xstate->bytes_out = gunzip_bytes_out;
        DEALLOC_STATE;
        return n;
}


/* For gunzip */

/* helpers first */

/* Top up the input buffer with at least n bytes. */
static int top_up(STATE_PARAM unsigned n)
{
        int count = bytebuffer_size - bytebuffer_offset;

        if (count < (int)n) {
                memmove(bytebuffer, &bytebuffer[bytebuffer_offset], count);
                bytebuffer_offset = 0;
                bytebuffer_size = full_read(gunzip_src_fd, &bytebuffer[count], bytebuffer_max - count);
                if ((int)bytebuffer_size < 0) {
                        bb_simple_error_msg(bb_msg_read_error);
                        return 0;
                }
                bytebuffer_size += count;
                if (bytebuffer_size < n)
                        return 0;
        }
        return 1;
}

static uint16_t buffer_read_le_u16(STATE_PARAM_ONLY)
{
        uint16_t res;
#if BB_LITTLE_ENDIAN
        move_from_unaligned16(res, &bytebuffer[bytebuffer_offset]);
#else
        res = bytebuffer[bytebuffer_offset];
        res |= bytebuffer[bytebuffer_offset + 1] << 8;
#endif
        bytebuffer_offset += 2;
        return res;
}

static uint32_t buffer_read_le_u32(STATE_PARAM_ONLY)
{
        uint32_t res;
#if BB_LITTLE_ENDIAN
        move_from_unaligned32(res, &bytebuffer[bytebuffer_offset]);
#else
        res = bytebuffer[bytebuffer_offset];
        res |= bytebuffer[bytebuffer_offset + 1] << 8;
        res |= bytebuffer[bytebuffer_offset + 2] << 16;
        res |= bytebuffer[bytebuffer_offset + 3] << 24;
#endif
        bytebuffer_offset += 4;
        return res;
}

static int check_header_gzip(STATE_PARAM transformer_state_t *xstate)
{
        union {
                unsigned char raw[8];
                struct {
                        uint8_t gz_method;
                        uint8_t flags;
                        uint32_t mtime;
                        uint8_t xtra_flags_UNUSED;
                        uint8_t os_flags_UNUSED;
                } PACKED formatted;
        } header;

        BUILD_BUG_ON(sizeof(header) != 8);

        /*
         * Rewind bytebuffer. We use the beginning because the header has 8
         * bytes, leaving enough for unwinding afterwards.
         */
        bytebuffer_size -= bytebuffer_offset;
        memmove(bytebuffer, &bytebuffer[bytebuffer_offset], bytebuffer_size);
        bytebuffer_offset = 0;

        if (!top_up(PASS_STATE 8))
                return 0;
        memcpy(header.raw, &bytebuffer[bytebuffer_offset], 8);
        bytebuffer_offset += 8;

        /* Check the compression method */
        if (header.formatted.gz_method != 8) {
                return 0;
        }

        if (header.formatted.flags & 0x04) {
                /* bit 2 set: extra field present */
                unsigned extra_short;

                if (!top_up(PASS_STATE 2))
                        return 0;
                extra_short = buffer_read_le_u16(PASS_STATE_ONLY);
                if (!top_up(PASS_STATE extra_short))
                        return 0;
                /* Ignore extra field */
                bytebuffer_offset += extra_short;
        }

        /* Discard original name and file comment if any */
        /* bit 3 set: original file name present */
        /* bit 4 set: file comment present */
        if (header.formatted.flags & 0x18) {
                while (1) {
                        do {
                                if (!top_up(PASS_STATE 1))
                                        return 0;
                        } while (bytebuffer[bytebuffer_offset++] != 0);
                        if ((header.formatted.flags & 0x18) != 0x18)
                                break;
                        header.formatted.flags &= ~0x18;
                }
        }

        xstate->mtime = SWAP_LE32(header.formatted.mtime);

        /* Read the header checksum */
        if (header.formatted.flags & 0x02) {
                if (!top_up(PASS_STATE 2))
                        return 0;
                bytebuffer_offset += 2;
        }
        return 1;
}

IF_DESKTOP(long long) int FAST_FUNC
unpack_gz_stream(transformer_state_t *xstate)
{
        uint32_t v32;
        IF_DESKTOP(long long) int total, n;
        DECLARE_STATE;

#if !ENABLE_FEATURE_SEAMLESS_Z
        if (check_signature16(xstate, GZIP_MAGIC))
                return -1;
#else
        if (!xstate->signature_skipped) {
                uint16_t magic2;

                if (full_read(xstate->src_fd, &magic2, 2) != 2) {
 bad_magic:
                        bb_simple_error_msg("invalid magic");
                        return -1;
                }
                if (magic2 == COMPRESS_MAGIC) {
                        xstate->signature_skipped = 2;
                        return unpack_Z_stream(xstate);
                }
                if (magic2 != GZIP_MAGIC)
                        goto bad_magic;
        }
#endif

        total = 0;

        ALLOC_STATE;
        to_read = -1;
//      bytebuffer_max = 0x8000;
        bytebuffer = xmalloc(bytebuffer_max);
        gunzip_src_fd = xstate->src_fd;

 again:
        if (!check_header_gzip(PASS_STATE xstate)) {
                bb_simple_error_msg("corrupted data");
                total = -1;
                goto ret;
        }

        n = inflate_unzip_internal(PASS_STATE xstate);
        if (n < 0) {
                total = -1;
                goto ret;
        }
        total += n;

        if (!top_up(PASS_STATE 8)) {
                bb_simple_error_msg("corrupted data");
                total = -1;
                goto ret;
        }

        /* Validate decompression - crc */
        v32 = buffer_read_le_u32(PASS_STATE_ONLY);
        if ((~gunzip_crc) != v32) {
                bb_simple_error_msg("crc error");
                total = -1;
                goto ret;
        }

        /* Validate decompression - size */
        v32 = buffer_read_le_u32(PASS_STATE_ONLY);
        if ((uint32_t)gunzip_bytes_out != v32) {
                bb_simple_error_msg("incorrect length");
                total = -1;
        }

        if (!top_up(PASS_STATE 2))
                goto ret; /* EOF */

        if (bytebuffer[bytebuffer_offset] == 0x1f
         && bytebuffer[bytebuffer_offset + 1] == 0x8b
        ) {
                bytebuffer_offset += 2;
                goto again;
        }
        /* GNU gzip says: */
        /*bb_error_msg("decompression OK, trailing garbage ignored");*/

 ret:
        free(bytebuffer);
        DEALLOC_STATE;
        return total;
}