2 * Copyright (c) Ian F. Darwin 1986-1995.
3 * Software written by Ian F. Darwin and others;
4 * maintained 1995-present by Christos Zoulas and others.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice immediately at the beginning of the file, without modification,
11 * this list of conditions, and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
20 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * softmagic - interpret variable magic from MAGIC
41 FILE_RCSID("@(#)$File: softmagic.c,v 1.103 2007/12/27 16:35:59 christos Exp $")
44 private int match(struct magic_set *, struct magic *, uint32_t,
45 const unsigned char *, size_t);
46 private int mget(struct magic_set *, const unsigned char *,
47 struct magic *, size_t, unsigned int);
48 private int magiccheck(struct magic_set *, struct magic *);
49 private int32_t mprint(struct magic_set *, struct magic *);
50 private void mdebug(uint32_t, const char *, size_t);
51 private int mcopy(struct magic_set *, union VALUETYPE *, int, int,
52 const unsigned char *, uint32_t, size_t, size_t);
53 private int mconvert(struct magic_set *, struct magic *);
54 private int print_sep(struct magic_set *, int);
55 private void cvt_8(union VALUETYPE *, const struct magic *);
56 private void cvt_16(union VALUETYPE *, const struct magic *);
57 private void cvt_32(union VALUETYPE *, const struct magic *);
58 private void cvt_64(union VALUETYPE *, const struct magic *);
61 * softmagic - lookup one file in parsed, in-memory copy of database
62 * Passed the name and FILE * of one file to be typed.
64 /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */
66 file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes)
70 for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next)
71 if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes)) != 0)
78 * Go through the whole list, stopping if you find a match. Process all
79 * the continuations of that match before returning.
81 * We support multi-level continuations:
83 * At any time when processing a successful top-level match, there is a
84 * current continuation level; it represents the level of the last
85 * successfully matched continuation.
87 * Continuations above that level are skipped as, if we see one, it
88 * means that the continuation that controls them - i.e, the
89 * lower-level continuation preceding them - failed to match.
91 * Continuations below that level are processed as, if we see one,
92 * it means we've finished processing or skipping higher-level
93 * continuations under the control of a successful or unsuccessful
94 * lower-level continuation, and are now seeing the next lower-level
95 * continuation and should process it. The current continuation
96 * level reverts to the level of the one we're seeing.
98 * Continuations at the current level are processed as, if we see
99 * one, there's no lower-level continuation that may have failed.
101 * If a continuation matches, we bump the current continuation level
102 * so that higher-level continuations are processed.
105 match(struct magic_set *ms, struct magic *magic, uint32_t nmagic,
106 const unsigned char *s, size_t nbytes)
108 uint32_t magindex = 0;
109 unsigned int cont_level = 0;
110 int need_separator = 0;
111 int returnval = 0; /* if a match is found it is set to 1*/
112 int firstline = 1; /* a flag to print X\n X\n- X */
113 int printed_something = 0;
115 if (file_check_mem(ms, cont_level) == -1)
118 for (magindex = 0; magindex < nmagic; magindex++) {
121 ms->offset = magic[magindex].offset;
122 ms->line = magic[magindex].lineno;
124 /* if main entry matches, print it... */
125 flush = !mget(ms, s, &magic[magindex], nbytes, cont_level);
127 if (magic[magindex].reln == '!')
130 switch (magiccheck(ms, &magic[magindex])) {
142 * main entry didn't match,
143 * flush its continuations
145 while (magindex < nmagic - 1 &&
146 magic[magindex + 1].cont_level != 0)
152 * If we are going to print something, we'll need to print
153 * a blank before we print something else.
155 if (magic[magindex].desc[0]) {
157 printed_something = 1;
158 if (print_sep(ms, firstline) == -1)
162 if ((ms->c.li[cont_level].off = mprint(ms, &magic[magindex]))
166 /* and any continuations that match */
167 if (file_check_mem(ms, ++cont_level) == -1)
170 while (magic[magindex+1].cont_level != 0 &&
171 ++magindex < nmagic) {
172 ms->line = magic[magindex].lineno; /* for messages */
174 if (cont_level < magic[magindex].cont_level)
176 if (cont_level > magic[magindex].cont_level) {
178 * We're at the end of the level
179 * "cont_level" continuations.
181 cont_level = magic[magindex].cont_level;
183 ms->offset = magic[magindex].offset;
184 if (magic[magindex].flag & OFFADD) {
186 ms->c.li[cont_level - 1].off;
189 #ifdef ENABLE_CONDITIONALS
190 if (magic[magindex].cond == COND_ELSE ||
191 magic[magindex].cond == COND_ELIF) {
192 if (ms->c.li[cont_level].last_match == 1)
196 flush = !mget(ms, s, &magic[magindex], nbytes,
198 if (flush && magic[magindex].reln != '!')
201 switch (flush ? 1 : magiccheck(ms, &magic[magindex])) {
205 #ifdef ENABLE_CONDITIONALS
206 ms->c.li[cont_level].last_match = 0;
210 #ifdef ENABLE_CONDITIONALS
211 ms->c.li[cont_level].last_match = 1;
213 if (magic[magindex].type != FILE_DEFAULT)
214 ms->c.li[cont_level].got_match = 1;
215 else if (ms->c.li[cont_level].got_match) {
216 ms->c.li[cont_level].got_match = 0;
220 * If we are going to print something,
221 * make sure that we have a separator first.
223 if (magic[magindex].desc[0]) {
224 printed_something = 1;
225 if (print_sep(ms, firstline) == -1)
229 * This continuation matched. Print
230 * its message, with a blank before it
231 * if the previous item printed and
232 * this item isn't empty.
234 /* space if previous printed */
236 && (magic[magindex].nospflag == 0)
237 && (magic[magindex].desc[0] != '\0')) {
238 if (file_printf(ms, " ") == -1)
242 if ((ms->c.li[cont_level].off = mprint(ms, &magic[magindex])) == -1)
244 if (magic[magindex].desc[0])
248 * If we see any continuations
252 if (file_check_mem(ms, ++cont_level) == -1)
257 if (printed_something) {
261 if ((ms->flags & MAGIC_CONTINUE) == 0 && printed_something) {
262 return 1; /* don't keep searching */
265 return returnval; /* This is hit if -k is set or there is no match */
269 check_fmt(struct magic_set *ms, struct magic *m)
274 if (strchr(m->desc, '%') == NULL)
277 rc = regcomp(&rx, "%[-0-9\\.]*s", REG_EXTENDED|REG_NOSUB);
280 (void)regerror(rc, &rx, errmsg, sizeof(errmsg));
281 file_magerror(ms, "regex error %d, (%s)", rc, errmsg);
284 rc = regexec(&rx, m->desc, 0, 0, 0);
291 char * strndup(const char *, size_t);
294 strndup(const char *str, size_t n)
302 if (!(copy = malloc(len + 1)))
304 (void) memcpy(copy, str, len + 1);
308 #endif /* HAVE_STRNDUP */
311 mprint(struct magic_set *ms, struct magic *m)
318 union VALUETYPE *p = &ms->ms_value;
322 v = file_signextend(ms, m, (uint64_t)p->b);
323 switch (check_fmt(ms, m)) {
327 if (snprintf(buf, sizeof(buf), "%c",
328 (unsigned char)v) < 0)
330 if (file_printf(ms, m->desc, buf) == -1)
334 if (file_printf(ms, m->desc, (unsigned char) v) == -1)
338 t = ms->offset + sizeof(char);
344 v = file_signextend(ms, m, (uint64_t)p->h);
345 switch (check_fmt(ms, m)) {
349 if (snprintf(buf, sizeof(buf), "%hu",
350 (unsigned short)v) < 0)
352 if (file_printf(ms, m->desc, buf) == -1)
356 if (file_printf(ms, m->desc, (unsigned short) v) == -1)
360 t = ms->offset + sizeof(short);
367 v = file_signextend(ms, m, (uint64_t)p->l);
368 switch (check_fmt(ms, m)) {
372 if (snprintf(buf, sizeof(buf), "%u", (uint32_t)v) < 0)
374 if (file_printf(ms, m->desc, buf) == -1)
378 if (file_printf(ms, m->desc, (uint32_t) v) == -1)
382 t = ms->offset + sizeof(int32_t);
388 v = file_signextend(ms, m, p->q);
389 if (file_printf(ms, m->desc, (uint64_t) v) == -1)
391 t = ms->offset + sizeof(int64_t);
396 case FILE_BESTRING16:
397 case FILE_LESTRING16:
398 if (m->reln == '=' || m->reln == '!') {
399 if (file_printf(ms, m->desc, m->value.s) == -1)
401 t = ms->offset + m->vallen;
404 if (*m->value.s == '\0')
405 p->s[strcspn(p->s, "\n")] = '\0';
406 if (file_printf(ms, m->desc, p->s) == -1)
408 t = ms->offset + strlen(p->s);
416 if (file_printf(ms, m->desc, file_fmttime(p->l, 1)) == -1)
418 t = ms->offset + sizeof(time_t);
425 if (file_printf(ms, m->desc, file_fmttime(p->l, 0)) == -1)
427 t = ms->offset + sizeof(time_t);
433 if (file_printf(ms, m->desc, file_fmttime((uint32_t)p->q, 1))
436 t = ms->offset + sizeof(uint64_t);
442 if (file_printf(ms, m->desc, file_fmttime((uint32_t)p->q, 0))
445 t = ms->offset + sizeof(uint64_t);
452 switch (check_fmt(ms, m)) {
456 if (snprintf(buf, sizeof(buf), "%g", vf) < 0)
458 if (file_printf(ms, m->desc, buf) == -1)
462 if (file_printf(ms, m->desc, vf) == -1)
466 t = ms->offset + sizeof(float);
473 switch (check_fmt(ms, m)) {
477 if (snprintf(buf, sizeof(buf), "%g", vd) < 0)
479 if (file_printf(ms, m->desc, buf) == -1)
483 if (file_printf(ms, m->desc, vd) == -1)
487 t = ms->offset + sizeof(double);
494 cp = strndup((const char *)ms->search.s, ms->search.rm_len);
496 file_oomem(ms, ms->search.rm_len);
499 rval = file_printf(ms, m->desc, cp);
505 if ((m->str_flags & REGEX_OFFSET_START))
506 t = ms->search.offset;
508 t = ms->search.offset + ms->search.rm_len;
513 if (file_printf(ms, m->desc, m->value.s) == -1)
515 if ((m->str_flags & REGEX_OFFSET_START))
516 t = ms->search.offset;
518 t = ms->search.offset + m->vallen;
522 if (file_printf(ms, m->desc, m->value.s) == -1)
528 file_magerror(ms, "invalid m->type (%d) in mprint()", m->type);
535 #define DO_CVT(fld, cast) \
537 switch (m->mask_op & FILE_OPS_MASK) { \
539 p->fld &= cast m->num_mask; \
542 p->fld |= cast m->num_mask; \
545 p->fld ^= cast m->num_mask; \
548 p->fld += cast m->num_mask; \
551 p->fld -= cast m->num_mask; \
553 case FILE_OPMULTIPLY: \
554 p->fld *= cast m->num_mask; \
556 case FILE_OPDIVIDE: \
557 p->fld /= cast m->num_mask; \
559 case FILE_OPMODULO: \
560 p->fld %= cast m->num_mask; \
563 if (m->mask_op & FILE_OPINVERSE) \
567 cvt_8(union VALUETYPE *p, const struct magic *m)
569 DO_CVT(b, (uint8_t));
573 cvt_16(union VALUETYPE *p, const struct magic *m)
575 DO_CVT(h, (uint16_t));
579 cvt_32(union VALUETYPE *p, const struct magic *m)
581 DO_CVT(l, (uint32_t));
585 cvt_64(union VALUETYPE *p, const struct magic *m)
587 DO_CVT(q, (uint64_t));
590 #define DO_CVT2(fld, cast) \
592 switch (m->mask_op & FILE_OPS_MASK) { \
594 p->fld += cast m->num_mask; \
597 p->fld -= cast m->num_mask; \
599 case FILE_OPMULTIPLY: \
600 p->fld *= cast m->num_mask; \
602 case FILE_OPDIVIDE: \
603 p->fld /= cast m->num_mask; \
608 cvt_float(union VALUETYPE *p, const struct magic *m)
614 cvt_double(union VALUETYPE *p, const struct magic *m)
616 DO_CVT2(d, (double));
620 * Convert the byte order of the data we are looking at
621 * While we're here, let's apply the mask operation
622 * (unless you have a better idea)
625 mconvert(struct magic_set *ms, struct magic *m)
627 union VALUETYPE *p = &ms->ms_value;
647 case FILE_BESTRING16:
648 case FILE_LESTRING16: {
651 /* Null terminate and eat *trailing* return */
652 p->s[sizeof(p->s) - 1] = '\0';
654 if (len-- && p->s[len] == '\n')
659 char *ptr1 = p->s, *ptr2 = ptr1 + 1;
661 if (len >= sizeof(p->s))
662 len = sizeof(p->s) - 1;
667 if (len-- && p->s[len] == '\n')
672 p->h = (short)((p->hs[0]<<8)|(p->hs[1]));
679 ((p->hl[0]<<24)|(p->hl[1]<<16)|(p->hl[2]<<8)|(p->hl[3]));
686 (((int64_t)p->hq[0]<<56)|((int64_t)p->hq[1]<<48)|
687 ((int64_t)p->hq[2]<<40)|((int64_t)p->hq[3]<<32)|
688 (p->hq[4]<<24)|(p->hq[5]<<16)|(p->hq[6]<<8)|(p->hq[7]));
692 p->h = (short)((p->hs[1]<<8)|(p->hs[0]));
699 ((p->hl[3]<<24)|(p->hl[2]<<16)|(p->hl[1]<<8)|(p->hl[0]));
706 (((int64_t)p->hq[7]<<56)|((int64_t)p->hq[6]<<48)|
707 ((int64_t)p->hq[5]<<40)|((int64_t)p->hq[4]<<32)|
708 (p->hq[3]<<24)|(p->hq[2]<<16)|(p->hq[1]<<8)|(p->hq[0]));
715 ((p->hl[1]<<24)|(p->hl[0]<<16)|(p->hl[3]<<8)|(p->hl[2]));
722 p->l = ((uint32_t)p->hl[0]<<24)|((uint32_t)p->hl[1]<<16)|
723 ((uint32_t)p->hl[2]<<8) |((uint32_t)p->hl[3]);
727 p->l = ((uint32_t)p->hl[3]<<24)|((uint32_t)p->hl[2]<<16)|
728 ((uint32_t)p->hl[1]<<8) |((uint32_t)p->hl[0]);
735 p->q = ((uint64_t)p->hq[0]<<56)|((uint64_t)p->hq[1]<<48)|
736 ((uint64_t)p->hq[2]<<40)|((uint64_t)p->hq[3]<<32)|
737 ((uint64_t)p->hq[4]<<24)|((uint64_t)p->hq[5]<<16)|
738 ((uint64_t)p->hq[6]<<8) |((uint64_t)p->hq[7]);
742 p->q = ((uint64_t)p->hq[7]<<56)|((uint64_t)p->hq[6]<<48)|
743 ((uint64_t)p->hq[5]<<40)|((uint64_t)p->hq[4]<<32)|
744 ((uint64_t)p->hq[3]<<24)|((uint64_t)p->hq[2]<<16)|
745 ((uint64_t)p->hq[1]<<8) |((uint64_t)p->hq[0]);
753 file_magerror(ms, "invalid type %d in mconvert()", m->type);
760 mdebug(uint32_t offset, const char *str, size_t len)
762 (void) fprintf(stderr, "mget @%d: ", offset);
763 file_showstr(stderr, str, len);
764 (void) fputc('\n', stderr);
765 (void) fputc('\n', stderr);
769 mcopy(struct magic_set *ms, union VALUETYPE *p, int type, int indir,
770 const unsigned char *s, uint32_t offset, size_t nbytes, size_t linecnt)
773 * Note: FILE_SEARCH and FILE_REGEX do not actually copy
774 * anything, but setup pointers into the source
779 ms->search.s = (const char *)s + offset;
780 ms->search.s_len = nbytes - offset;
785 * offset is interpreted as last line to search,
786 * (starting at 1), not as bytes-from start-of-file
790 const char *last; /* end of search region */
791 const char *buf; /* start of search region */
795 ms->search.s_len = 0;
799 buf = (const char *)s + offset;
800 last = (const char *)s + nbytes;
801 /* mget() guarantees buf <= last */
802 for (lines = linecnt, b = buf;
803 lines && ((b = strchr(c = b, '\n')) || (b = strchr(c, '\r')));
806 if (b[0] == '\r' && b[1] == '\n')
810 last = (const char *)s + nbytes;
813 ms->search.s_len = last - buf;
814 ms->search.offset = offset;
815 ms->search.rm_len = 0;
818 case FILE_BESTRING16:
819 case FILE_LESTRING16: {
820 const unsigned char *src = s + offset;
821 const unsigned char *esrc = s + nbytes;
823 char *edst = &p->s[sizeof(p->s) - 1];
825 if (type == FILE_BESTRING16)
828 /* check for pointer overflow */
830 file_magerror(ms, "invalid offset %zu in mcopy()",
834 for (/*EMPTY*/; src < esrc; src += 2, dst++) {
840 if (type == FILE_BESTRING16 ?
849 case FILE_STRING: /* XXX - these two should not need */
850 case FILE_PSTRING: /* to copy anything, but do anyway. */
856 if (offset >= nbytes) {
857 (void)memset(p, '\0', sizeof(*p));
860 if (nbytes - offset < sizeof(*p))
861 nbytes = nbytes - offset;
865 (void)memcpy(p, s + offset, nbytes);
868 * the usefulness of padding with zeroes eludes me, it
869 * might even cause problems
871 if (nbytes < sizeof(*p))
872 (void)memset(((char *)(void *)p) + nbytes, '\0',
873 sizeof(*p) - nbytes);
878 mget(struct magic_set *ms, const unsigned char *s,
879 struct magic *m, size_t nbytes, unsigned int cont_level)
881 uint32_t offset = ms->offset;
882 uint32_t count = m->str_count;
883 union VALUETYPE *p = &ms->ms_value;
885 if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1)
888 if ((ms->flags & MAGIC_DEBUG) != 0) {
889 mdebug(offset, (char *)(void *)p, sizeof(union VALUETYPE));
893 if (m->flag & INDIR) {
894 int off = m->in_offset;
895 if (m->in_op & FILE_OPINDIRECT) {
896 const union VALUETYPE *q =
897 ((const void *)(s + offset + off));
898 switch (m->in_type) {
906 off = (short)((q->hs[0]<<8)|(q->hs[1]));
909 off = (short)((q->hs[1]<<8)|(q->hs[0]));
915 off = (int32_t)((q->hl[0]<<24)|(q->hl[1]<<16)|
916 (q->hl[2]<<8)|(q->hl[3]));
919 off = (int32_t)((q->hl[3]<<24)|(q->hl[2]<<16)|
920 (q->hl[1]<<8)|(q->hl[0]));
923 off = (int32_t)((q->hl[1]<<24)|(q->hl[0]<<16)|
924 (q->hl[3]<<8)|(q->hl[2]));
928 switch (m->in_type) {
930 if (nbytes < (offset + 1))
933 switch (m->in_op & FILE_OPS_MASK) {
949 case FILE_OPMULTIPLY:
961 if (m->in_op & FILE_OPINVERSE)
965 if (nbytes < (offset + 2))
968 switch (m->in_op & FILE_OPS_MASK) {
970 offset = (short)((p->hs[0]<<8)|
975 offset = (short)((p->hs[0]<<8)|
980 offset = (short)((p->hs[0]<<8)|
985 offset = (short)((p->hs[0]<<8)|
990 offset = (short)((p->hs[0]<<8)|
994 case FILE_OPMULTIPLY:
995 offset = (short)((p->hs[0]<<8)|
1000 offset = (short)((p->hs[0]<<8)|
1005 offset = (short)((p->hs[0]<<8)|
1011 offset = (short)((p->hs[0]<<8)|
1013 if (m->in_op & FILE_OPINVERSE)
1017 if (nbytes < (offset + 2))
1020 switch (m->in_op & FILE_OPS_MASK) {
1022 offset = (short)((p->hs[1]<<8)|
1027 offset = (short)((p->hs[1]<<8)|
1032 offset = (short)((p->hs[1]<<8)|
1037 offset = (short)((p->hs[1]<<8)|
1042 offset = (short)((p->hs[1]<<8)|
1046 case FILE_OPMULTIPLY:
1047 offset = (short)((p->hs[1]<<8)|
1052 offset = (short)((p->hs[1]<<8)|
1057 offset = (short)((p->hs[1]<<8)|
1063 offset = (short)((p->hs[1]<<8)|
1065 if (m->in_op & FILE_OPINVERSE)
1069 if (nbytes < (offset + 2))
1072 switch (m->in_op & FILE_OPS_MASK) {
1074 offset = p->h & off;
1077 offset = p->h | off;
1080 offset = p->h ^ off;
1083 offset = p->h + off;
1086 offset = p->h - off;
1088 case FILE_OPMULTIPLY:
1089 offset = p->h * off;
1092 offset = p->h / off;
1095 offset = p->h % off;
1101 if (m->in_op & FILE_OPINVERSE)
1105 if (nbytes < (offset + 4))
1108 switch (m->in_op & FILE_OPS_MASK) {
1110 offset = (int32_t)((p->hl[0]<<24)|
1117 offset = (int32_t)((p->hl[0]<<24)|
1124 offset = (int32_t)((p->hl[0]<<24)|
1131 offset = (int32_t)((p->hl[0]<<24)|
1138 offset = (int32_t)((p->hl[0]<<24)|
1144 case FILE_OPMULTIPLY:
1145 offset = (int32_t)((p->hl[0]<<24)|
1152 offset = (int32_t)((p->hl[0]<<24)|
1159 offset = (int32_t)((p->hl[0]<<24)|
1167 offset = (int32_t)((p->hl[0]<<24)|
1171 if (m->in_op & FILE_OPINVERSE)
1175 if (nbytes < (offset + 4))
1178 switch (m->in_op & FILE_OPS_MASK) {
1180 offset = (int32_t)((p->hl[3]<<24)|
1187 offset = (int32_t)((p->hl[3]<<24)|
1194 offset = (int32_t)((p->hl[3]<<24)|
1201 offset = (int32_t)((p->hl[3]<<24)|
1208 offset = (int32_t)((p->hl[3]<<24)|
1214 case FILE_OPMULTIPLY:
1215 offset = (int32_t)((p->hl[3]<<24)|
1222 offset = (int32_t)((p->hl[3]<<24)|
1229 offset = (int32_t)((p->hl[3]<<24)|
1237 offset = (int32_t)((p->hl[3]<<24)|
1241 if (m->in_op & FILE_OPINVERSE)
1245 if (nbytes < (offset + 4))
1248 switch (m->in_op & FILE_OPS_MASK) {
1250 offset = (int32_t)((p->hl[1]<<24)|
1257 offset = (int32_t)((p->hl[1]<<24)|
1264 offset = (int32_t)((p->hl[1]<<24)|
1271 offset = (int32_t)((p->hl[1]<<24)|
1278 offset = (int32_t)((p->hl[1]<<24)|
1284 case FILE_OPMULTIPLY:
1285 offset = (int32_t)((p->hl[1]<<24)|
1292 offset = (int32_t)((p->hl[1]<<24)|
1299 offset = (int32_t)((p->hl[1]<<24)|
1307 offset = (int32_t)((p->hl[1]<<24)|
1311 if (m->in_op & FILE_OPINVERSE)
1315 if (nbytes < (offset + 4))
1318 switch (m->in_op & FILE_OPS_MASK) {
1320 offset = p->l & off;
1323 offset = p->l | off;
1326 offset = p->l ^ off;
1329 offset = p->l + off;
1332 offset = p->l - off;
1334 case FILE_OPMULTIPLY:
1335 offset = p->l * off;
1338 offset = p->l / off;
1341 offset = p->l % off;
1343 /* case TOOMANYSWITCHBLOCKS:
1344 * ugh = p->eye % m->strain;
1347 * off = p->tab & m->in_gest;
1353 if (m->in_op & FILE_OPINVERSE)
1358 if (m->flag & INDIROFFADD)
1359 offset += ms->c.li[cont_level-1].off;
1360 if (mcopy(ms, p, m->type, 0, s, offset, nbytes, count) == -1)
1362 ms->offset = offset;
1364 if ((ms->flags & MAGIC_DEBUG) != 0) {
1365 mdebug(offset, (char *)(void *)p,
1366 sizeof(union VALUETYPE));
1371 /* Verify we have enough data to match magic type */
1374 if (nbytes < (offset + 1)) /* should alway be true */
1381 if (nbytes < (offset + 2))
1400 if (nbytes < (offset + 4))
1407 if (nbytes < (offset + 8))
1414 if (nbytes < (offset + m->vallen))
1419 if (nbytes < offset)
1423 case FILE_DEFAULT: /* nothing to check */
1427 if (!mconvert(ms, m))
1433 file_strncmp(const char *s1, const char *s2, size_t len, uint32_t flags)
1436 * Convert the source args to unsigned here so that (1) the
1437 * compare will be unsigned as it is in strncmp() and (2) so
1438 * the ctype functions will work correctly without extra
1441 const unsigned char *a = (const unsigned char *)s1;
1442 const unsigned char *b = (const unsigned char *)s2;
1446 * What we want here is:
1447 * v = strncmp(m->value.s, p->s, m->vallen);
1448 * but ignoring any nulls. bcmp doesn't give -/+/0
1449 * and isn't universally available anyway.
1452 if (0L == flags) { /* normal string: do it fast */
1454 if ((v = *b++ - *a++) != '\0')
1457 else { /* combine the others */
1459 if ((flags & STRING_IGNORE_LOWERCASE) &&
1461 if ((v = tolower(*b++) - *a++) != '\0')
1464 else if ((flags & STRING_IGNORE_UPPERCASE) &&
1466 if ((v = toupper(*b++) - *a++) != '\0')
1469 else if ((flags & STRING_COMPACT_BLANK) &&
1472 if (isspace(*b++)) {
1481 else if ((flags & STRING_COMPACT_OPTIONAL_BLANK) &&
1488 if ((v = *b++ - *a++) != '\0')
1497 file_strncmp16(const char *a, const char *b, size_t len, uint32_t flags)
1500 * XXX - The 16-bit string compare probably needs to be done
1501 * differently, especially if the flags are to be supported.
1502 * At the moment, I am unsure.
1505 return file_strncmp(a, b, len, flags);
1509 magiccheck(struct magic_set *ms, struct magic *m)
1511 uint64_t l = m->value.q;
1516 union VALUETYPE *p = &ms->ms_value;
1584 file_magerror(ms, "cannot happen with float: invalid relation `%c'", m->reln);
1617 file_magerror(ms, "cannot happen with double: invalid relation `%c'", m->reln);
1630 v = file_strncmp(m->value.s, p->s, (size_t)m->vallen, m->str_flags);
1633 case FILE_BESTRING16:
1634 case FILE_LESTRING16:
1636 v = file_strncmp16(m->value.s, p->s, (size_t)m->vallen, m->str_flags);
1639 case FILE_SEARCH: { /* search ms->search.s for the string m->value.s */
1643 if (ms->search.s == NULL)
1646 slen = MIN(m->vallen, sizeof(m->value.s));
1649 ms->search.offset = m->offset;
1651 for (idx = 0; m->str_count == 0 || idx < m->str_count; idx++) {
1652 if (slen + idx > ms->search.s_len)
1655 v = file_strncmp(m->value.s, ms->search.s + idx, slen, m->str_flags);
1656 if (v == 0) { /* found match */
1657 ms->search.offset = m->offset + idx;
1668 if (ms->search.s == NULL)
1672 rc = regcomp(&rx, m->value.s,
1673 REG_EXTENDED|REG_NEWLINE|
1674 ((m->str_flags & STRING_IGNORE_CASE) ? REG_ICASE : 0));
1676 (void)regerror(rc, &rx, errmsg, sizeof(errmsg));
1677 file_magerror(ms, "regex error %d, (%s)",
1682 regmatch_t pmatch[1];
1683 #ifndef REG_STARTEND
1684 #define REG_STARTEND 0
1685 size_t l = ms->search.s_len - 1;
1686 char c = ms->search.s[l];
1687 ((char *)(intptr_t)ms->search.s)[l] = '\0';
1689 pmatch[0].rm_so = 0;
1690 pmatch[0].rm_eo = ms->search.s_len;
1692 rc = regexec(&rx, (const char *)ms->search.s,
1693 1, pmatch, REG_STARTEND);
1694 #if REG_STARTEND == 0
1695 ((char *)(intptr_t)ms->search.s)[l] = c;
1699 ms->search.s += (int)pmatch[0].rm_so;
1700 ms->search.offset += (size_t)pmatch[0].rm_so;
1702 (size_t)(pmatch[0].rm_eo - pmatch[0].rm_so);
1711 (void)regerror(rc, &rx, errmsg, sizeof(errmsg));
1712 file_magerror(ms, "regexec error %d, (%s)",
1719 if (v == (uint64_t)-1)
1724 file_magerror(ms, "invalid type %d in magiccheck()", m->type);
1728 v = file_signextend(ms, m, v);
1732 if ((ms->flags & MAGIC_DEBUG) != 0)
1733 (void) fprintf(stderr, "%llu == *any* = 1\n",
1734 (unsigned long long)v);
1740 if ((ms->flags & MAGIC_DEBUG) != 0)
1741 (void) fprintf(stderr, "%llu != %llu = %d\n",
1742 (unsigned long long)v, (unsigned long long)l,
1748 if ((ms->flags & MAGIC_DEBUG) != 0)
1749 (void) fprintf(stderr, "%llu == %llu = %d\n",
1750 (unsigned long long)v, (unsigned long long)l,
1755 if (m->flag & UNSIGNED) {
1757 if ((ms->flags & MAGIC_DEBUG) != 0)
1758 (void) fprintf(stderr, "%llu > %llu = %d\n",
1759 (unsigned long long)v,
1760 (unsigned long long)l, matched);
1763 matched = (int64_t) v > (int64_t) l;
1764 if ((ms->flags & MAGIC_DEBUG) != 0)
1765 (void) fprintf(stderr, "%lld > %lld = %d\n",
1766 (long long)v, (long long)l, matched);
1771 if (m->flag & UNSIGNED) {
1773 if ((ms->flags & MAGIC_DEBUG) != 0)
1774 (void) fprintf(stderr, "%llu < %llu = %d\n",
1775 (unsigned long long)v,
1776 (unsigned long long)l, matched);
1779 matched = (int64_t) v < (int64_t) l;
1780 if ((ms->flags & MAGIC_DEBUG) != 0)
1781 (void) fprintf(stderr, "%lld < %lld = %d\n",
1782 (long long)v, (long long)l, matched);
1787 matched = (v & l) == l;
1788 if ((ms->flags & MAGIC_DEBUG) != 0)
1789 (void) fprintf(stderr, "((%llx & %llx) == %llx) = %d\n",
1790 (unsigned long long)v, (unsigned long long)l,
1791 (unsigned long long)l, matched);
1795 matched = (v & l) != l;
1796 if ((ms->flags & MAGIC_DEBUG) != 0)
1797 (void) fprintf(stderr, "((%llx & %llx) != %llx) = %d\n",
1798 (unsigned long long)v, (unsigned long long)l,
1799 (unsigned long long)l, matched);
1804 file_magerror(ms, "cannot happen: invalid relation `%c'",
1813 print_sep(struct magic_set *ms, int firstline)
1818 * we found another match
1819 * put a newline and '-' to do some simple formatting
1821 return file_printf(ms, "\n- ");