1 // Copyright 2009 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package tar 6 7 // TODO(dsymonds): 8 // - pax extensions 9 10 import ( 11 "bytes" 12 "errors" 13 "io" 14 "io/ioutil" 15 "math" 16 "strconv" 17 "strings" 18 "time" 19 ) 20 21 var ( 22 ErrHeader = errors.New("archive/tar: invalid tar header") 23 ) 24 25 // A Reader provides sequential access to the contents of a tar archive. 26 // A tar archive consists of a sequence of files. 27 // The Next method advances to the next file in the archive (including the first), 28 // and then it can be treated as an io.Reader to access the file's data. 29 type Reader struct { 30 r io.Reader 31 pad int64 // amount of padding (ignored) after current file entry 32 curr numBytesReader // reader for current file entry 33 blk block // buffer to use as temporary local storage 34 35 // err is a persistent error. 36 // It is only the responsibility of every exported method of Reader to 37 // ensure that this error is sticky. 38 err error 39 } 40 41 // A numBytesReader is an io.Reader with a numBytes method, returning the number 42 // of bytes remaining in the underlying encoded data. 43 type numBytesReader interface { 44 io.Reader 45 numBytes() int64 46 } 47 48 // A regFileReader is a numBytesReader for reading file data from a tar archive. 49 type regFileReader struct { 50 r io.Reader // underlying reader 51 nb int64 // number of unread bytes for current file entry 52 } 53 54 // A sparseFileReader is a numBytesReader for reading sparse file data from a 55 // tar archive. 56 type sparseFileReader struct { 57 rfr numBytesReader // Reads the sparse-encoded file data 58 sp []sparseEntry // The sparse map for the file 59 pos int64 // Keeps track of file position 60 total int64 // Total size of the file 61 } 62 63 // A sparseEntry holds a single entry in a sparse file's sparse map. 64 // 65 // Sparse files are represented using a series of sparseEntrys. 66 // Despite the name, a sparseEntry represents an actual data fragment that 67 // references data found in the underlying archive stream. All regions not 68 // covered by a sparseEntry are logically filled with zeros. 69 // 70 // For example, if the underlying raw file contains the 10-byte data: 71 // var compactData = "abcdefgh" 72 // 73 // And the sparse map has the following entries: 74 // var sp = []sparseEntry{ 75 // {offset: 2, numBytes: 5} // Data fragment for [2..7] 76 // {offset: 18, numBytes: 3} // Data fragment for [18..21] 77 // } 78 // 79 // Then the content of the resulting sparse file with a "real" size of 25 is: 80 // var sparseData = "\x00"*2 + "abcde" + "\x00"*11 + "fgh" + "\x00"*4 81 type sparseEntry struct { 82 offset int64 // Starting position of the fragment 83 numBytes int64 // Length of the fragment 84 } 85 86 // Keywords for GNU sparse files in a PAX extended header 87 const ( 88 paxGNUSparseNumBlocks = "GNU.sparse.numblocks" 89 paxGNUSparseOffset = "GNU.sparse.offset" 90 paxGNUSparseNumBytes = "GNU.sparse.numbytes" 91 paxGNUSparseMap = "GNU.sparse.map" 92 paxGNUSparseName = "GNU.sparse.name" 93 paxGNUSparseMajor = "GNU.sparse.major" 94 paxGNUSparseMinor = "GNU.sparse.minor" 95 paxGNUSparseSize = "GNU.sparse.size" 96 paxGNUSparseRealSize = "GNU.sparse.realsize" 97 ) 98 99 // NewReader creates a new Reader reading from r. 100 func NewReader(r io.Reader) *Reader { return &Reader{r: r} } 101 102 // Next advances to the next entry in the tar archive. 103 // 104 // io.EOF is returned at the end of the input. 105 func (tr *Reader) Next() (*Header, error) { 106 if tr.err != nil { 107 return nil, tr.err 108 } 109 hdr, err := tr.next() 110 tr.err = err 111 return hdr, err 112 } 113 114 func (tr *Reader) next() (*Header, error) { 115 var extHdrs map[string]string 116 117 // Externally, Next iterates through the tar archive as if it is a series of 118 // files. Internally, the tar format often uses fake "files" to add meta 119 // data that describes the next file. These meta data "files" should not 120 // normally be visible to the outside. As such, this loop iterates through 121 // one or more "header files" until it finds a "normal file". 122 loop: 123 for { 124 if err := tr.skipUnread(); err != nil { 125 return nil, err 126 } 127 hdr, rawHdr, err := tr.readHeader() 128 if err != nil { 129 return nil, err 130 } 131 if err := tr.handleRegularFile(hdr); err != nil { 132 return nil, err 133 } 134 135 // Check for PAX/GNU special headers and files. 136 switch hdr.Typeflag { 137 case TypeXHeader: 138 extHdrs, err = parsePAX(tr) 139 if err != nil { 140 return nil, err 141 } 142 continue loop // This is a meta header affecting the next header 143 case TypeGNULongName, TypeGNULongLink: 144 realname, err := ioutil.ReadAll(tr) 145 if err != nil { 146 return nil, err 147 } 148 149 // Convert GNU extensions to use PAX headers. 150 if extHdrs == nil { 151 extHdrs = make(map[string]string) 152 } 153 var p parser 154 switch hdr.Typeflag { 155 case TypeGNULongName: 156 extHdrs[paxPath] = p.parseString(realname) 157 case TypeGNULongLink: 158 extHdrs[paxLinkpath] = p.parseString(realname) 159 } 160 if p.err != nil { 161 return nil, p.err 162 } 163 continue loop // This is a meta header affecting the next header 164 default: 165 // The old GNU sparse format is handled here since it is technically 166 // just a regular file with additional attributes. 167 168 if err := mergePAX(hdr, extHdrs); err != nil { 169 return nil, err 170 } 171 172 // The extended headers may have updated the size. 173 // Thus, setup the regFileReader again after merging PAX headers. 174 if err := tr.handleRegularFile(hdr); err != nil { 175 return nil, err 176 } 177 178 // Sparse formats rely on being able to read from the logical data 179 // section; there must be a preceding call to handleRegularFile. 180 if err := tr.handleSparseFile(hdr, rawHdr, extHdrs); err != nil { 181 return nil, err 182 } 183 return hdr, nil // This is a file, so stop 184 } 185 } 186 } 187 188 // handleRegularFile sets up the current file reader and padding such that it 189 // can only read the following logical data section. It will properly handle 190 // special headers that contain no data section. 191 func (tr *Reader) handleRegularFile(hdr *Header) error { 192 nb := hdr.Size 193 if isHeaderOnlyType(hdr.Typeflag) { 194 nb = 0 195 } 196 if nb < 0 { 197 return ErrHeader 198 } 199 200 tr.pad = -nb & (blockSize - 1) // blockSize is a power of two 201 tr.curr = ®FileReader{r: tr.r, nb: nb} 202 return nil 203 } 204 205 // handleSparseFile checks if the current file is a sparse format of any type 206 // and sets the curr reader appropriately. 207 func (tr *Reader) handleSparseFile(hdr *Header, rawHdr *block, extHdrs map[string]string) error { 208 var sp []sparseEntry 209 var err error 210 if hdr.Typeflag == TypeGNUSparse { 211 sp, err = tr.readOldGNUSparseMap(hdr, rawHdr) 212 if err != nil { 213 return err 214 } 215 } else { 216 sp, err = tr.checkForGNUSparsePAXHeaders(hdr, extHdrs) 217 if err != nil { 218 return err 219 } 220 } 221 222 // If sp is non-nil, then this is a sparse file. 223 // Note that it is possible for len(sp) to be zero. 224 if sp != nil { 225 tr.curr, err = newSparseFileReader(tr.curr, sp, hdr.Size) 226 } 227 return err 228 } 229 230 // checkForGNUSparsePAXHeaders checks the PAX headers for GNU sparse headers. If they are found, then 231 // this function reads the sparse map and returns it. Unknown sparse formats are ignored, causing the file to 232 // be treated as a regular file. 233 func (tr *Reader) checkForGNUSparsePAXHeaders(hdr *Header, headers map[string]string) ([]sparseEntry, error) { 234 var sparseFormat string 235 236 // Check for sparse format indicators 237 major, majorOk := headers[paxGNUSparseMajor] 238 minor, minorOk := headers[paxGNUSparseMinor] 239 sparseName, sparseNameOk := headers[paxGNUSparseName] 240 _, sparseMapOk := headers[paxGNUSparseMap] 241 sparseSize, sparseSizeOk := headers[paxGNUSparseSize] 242 sparseRealSize, sparseRealSizeOk := headers[paxGNUSparseRealSize] 243 244 // Identify which, if any, sparse format applies from which PAX headers are set 245 if majorOk && minorOk { 246 sparseFormat = major + "." + minor 247 } else if sparseNameOk && sparseMapOk { 248 sparseFormat = "0.1" 249 } else if sparseSizeOk { 250 sparseFormat = "0.0" 251 } else { 252 // Not a PAX format GNU sparse file. 253 return nil, nil 254 } 255 256 // Check for unknown sparse format 257 if sparseFormat != "0.0" && sparseFormat != "0.1" && sparseFormat != "1.0" { 258 return nil, nil 259 } 260 261 // Update hdr from GNU sparse PAX headers 262 if sparseNameOk { 263 hdr.Name = sparseName 264 } 265 if sparseSizeOk { 266 realSize, err := strconv.ParseInt(sparseSize, 10, 64) 267 if err != nil { 268 return nil, ErrHeader 269 } 270 hdr.Size = realSize 271 } else if sparseRealSizeOk { 272 realSize, err := strconv.ParseInt(sparseRealSize, 10, 64) 273 if err != nil { 274 return nil, ErrHeader 275 } 276 hdr.Size = realSize 277 } 278 279 // Set up the sparse map, according to the particular sparse format in use 280 var sp []sparseEntry 281 var err error 282 switch sparseFormat { 283 case "0.0", "0.1": 284 sp, err = readGNUSparseMap0x1(headers) 285 case "1.0": 286 sp, err = readGNUSparseMap1x0(tr.curr) 287 } 288 return sp, err 289 } 290 291 // mergePAX merges well known headers according to PAX standard. 292 // In general headers with the same name as those found 293 // in the header struct overwrite those found in the header 294 // struct with higher precision or longer values. Esp. useful 295 // for name and linkname fields. 296 func mergePAX(hdr *Header, headers map[string]string) (err error) { 297 var id64 int64 298 for k, v := range headers { 299 switch k { 300 case paxPath: 301 hdr.Name = v 302 case paxLinkpath: 303 hdr.Linkname = v 304 case paxUname: 305 hdr.Uname = v 306 case paxGname: 307 hdr.Gname = v 308 case paxUid: 309 id64, err = strconv.ParseInt(v, 10, 64) 310 hdr.Uid = int(id64) // Integer overflow possible 311 case paxGid: 312 id64, err = strconv.ParseInt(v, 10, 64) 313 hdr.Gid = int(id64) // Integer overflow possible 314 case paxAtime: 315 hdr.AccessTime, err = parsePAXTime(v) 316 case paxMtime: 317 hdr.ModTime, err = parsePAXTime(v) 318 case paxCtime: 319 hdr.ChangeTime, err = parsePAXTime(v) 320 case paxSize: 321 hdr.Size, err = strconv.ParseInt(v, 10, 64) 322 default: 323 if strings.HasPrefix(k, paxXattr) { 324 if hdr.Xattrs == nil { 325 hdr.Xattrs = make(map[string]string) 326 } 327 hdr.Xattrs[k[len(paxXattr):]] = v 328 } 329 } 330 if err != nil { 331 return ErrHeader 332 } 333 } 334 return nil 335 } 336 337 // parsePAX parses PAX headers. 338 // If an extended header (type 'x') is invalid, ErrHeader is returned 339 func parsePAX(r io.Reader) (map[string]string, error) { 340 buf, err := ioutil.ReadAll(r) 341 if err != nil { 342 return nil, err 343 } 344 sbuf := string(buf) 345 346 // For GNU PAX sparse format 0.0 support. 347 // This function transforms the sparse format 0.0 headers into format 0.1 348 // headers since 0.0 headers were not PAX compliant. 349 var sparseMap []string 350 351 extHdrs := make(map[string]string) 352 for len(sbuf) > 0 { 353 key, value, residual, err := parsePAXRecord(sbuf) 354 if err != nil { 355 return nil, ErrHeader 356 } 357 sbuf = residual 358 359 switch key { 360 case paxGNUSparseOffset, paxGNUSparseNumBytes: 361 // Validate sparse header order and value. 362 if (len(sparseMap)%2 == 0 && key != paxGNUSparseOffset) || 363 (len(sparseMap)%2 == 1 && key != paxGNUSparseNumBytes) || 364 strings.Contains(value, ",") { 365 return nil, ErrHeader 366 } 367 sparseMap = append(sparseMap, value) 368 default: 369 // According to PAX specification, a value is stored only if it is 370 // non-empty. Otherwise, the key is deleted. 371 if len(value) > 0 { 372 extHdrs[key] = value 373 } else { 374 delete(extHdrs, key) 375 } 376 } 377 } 378 if len(sparseMap) > 0 { 379 extHdrs[paxGNUSparseMap] = strings.Join(sparseMap, ",") 380 } 381 return extHdrs, nil 382 } 383 384 // skipUnread skips any unread bytes in the existing file entry, as well as any 385 // alignment padding. It returns io.ErrUnexpectedEOF if any io.EOF is 386 // encountered in the data portion; it is okay to hit io.EOF in the padding. 387 // 388 // Note that this function still works properly even when sparse files are being 389 // used since numBytes returns the bytes remaining in the underlying io.Reader. 390 func (tr *Reader) skipUnread() error { 391 dataSkip := tr.numBytes() // Number of data bytes to skip 392 totalSkip := dataSkip + tr.pad // Total number of bytes to skip 393 tr.curr, tr.pad = nil, 0 394 395 // If possible, Seek to the last byte before the end of the data section. 396 // Do this because Seek is often lazy about reporting errors; this will mask 397 // the fact that the tar stream may be truncated. We can rely on the 398 // io.CopyN done shortly afterwards to trigger any IO errors. 399 var seekSkipped int64 // Number of bytes skipped via Seek 400 if sr, ok := tr.r.(io.Seeker); ok && dataSkip > 1 { 401 // Not all io.Seeker can actually Seek. For example, os.Stdin implements 402 // io.Seeker, but calling Seek always returns an error and performs 403 // no action. Thus, we try an innocent seek to the current position 404 // to see if Seek is really supported. 405 pos1, err := sr.Seek(0, io.SeekCurrent) 406 if err == nil { 407 // Seek seems supported, so perform the real Seek. 408 pos2, err := sr.Seek(dataSkip-1, io.SeekCurrent) 409 if err != nil { 410 return err 411 } 412 seekSkipped = pos2 - pos1 413 } 414 } 415 416 copySkipped, err := io.CopyN(ioutil.Discard, tr.r, totalSkip-seekSkipped) 417 if err == io.EOF && seekSkipped+copySkipped < dataSkip { 418 err = io.ErrUnexpectedEOF 419 } 420 return err 421 } 422 423 // readHeader reads the next block header and assumes that the underlying reader 424 // is already aligned to a block boundary. It returns the raw block of the 425 // header in case further processing is required. 426 // 427 // The err will be set to io.EOF only when one of the following occurs: 428 // * Exactly 0 bytes are read and EOF is hit. 429 // * Exactly 1 block of zeros is read and EOF is hit. 430 // * At least 2 blocks of zeros are read. 431 func (tr *Reader) readHeader() (*Header, *block, error) { 432 // Two blocks of zero bytes marks the end of the archive. 433 if _, err := io.ReadFull(tr.r, tr.blk[:]); err != nil { 434 return nil, nil, err // EOF is okay here; exactly 0 bytes read 435 } 436 if bytes.Equal(tr.blk[:], zeroBlock[:]) { 437 if _, err := io.ReadFull(tr.r, tr.blk[:]); err != nil { 438 return nil, nil, err // EOF is okay here; exactly 1 block of zeros read 439 } 440 if bytes.Equal(tr.blk[:], zeroBlock[:]) { 441 return nil, nil, io.EOF // normal EOF; exactly 2 block of zeros read 442 } 443 return nil, nil, ErrHeader // Zero block and then non-zero block 444 } 445 446 // Verify the header matches a known format. 447 format := tr.blk.GetFormat() 448 if format == formatUnknown { 449 return nil, nil, ErrHeader 450 } 451 452 var p parser 453 hdr := new(Header) 454 455 // Unpack the V7 header. 456 v7 := tr.blk.V7() 457 hdr.Name = p.parseString(v7.Name()) 458 hdr.Mode = p.parseNumeric(v7.Mode()) 459 hdr.Uid = int(p.parseNumeric(v7.UID())) 460 hdr.Gid = int(p.parseNumeric(v7.GID())) 461 hdr.Size = p.parseNumeric(v7.Size()) 462 hdr.ModTime = time.Unix(p.parseNumeric(v7.ModTime()), 0) 463 hdr.Typeflag = v7.TypeFlag()[0] 464 hdr.Linkname = p.parseString(v7.LinkName()) 465 466 // The atime and ctime fields are often left unused. Some versions of Go 467 // had a bug in the tar.Writer where it would output an invalid tar file 468 // in certain rare situations because the logic incorrectly believed that 469 // the old GNU format had a prefix field. This is wrong and leads to 470 // an outputted file that actually mangles the atime and ctime fields. 471 // 472 // In order to continue reading tar files created by a buggy writer, we 473 // try to parse the atime and ctime fields, but just return the zero value 474 // of time.Time when we cannot parse them. 475 // 476 // See https://golang.org/issues/12594 477 tryParseTime := func(b []byte) time.Time { 478 var p parser 479 n := p.parseNumeric(b) 480 if b[0] != 0x00 && p.err == nil { 481 return time.Unix(n, 0) 482 } 483 return time.Time{} 484 } 485 486 // Unpack format specific fields. 487 if format > formatV7 { 488 ustar := tr.blk.USTAR() 489 hdr.Uname = p.parseString(ustar.UserName()) 490 hdr.Gname = p.parseString(ustar.GroupName()) 491 if hdr.Typeflag == TypeChar || hdr.Typeflag == TypeBlock { 492 hdr.Devmajor = p.parseNumeric(ustar.DevMajor()) 493 hdr.Devminor = p.parseNumeric(ustar.DevMinor()) 494 } 495 496 var prefix string 497 switch format { 498 case formatUSTAR: 499 ustar := tr.blk.USTAR() 500 prefix = p.parseString(ustar.Prefix()) 501 case formatSTAR: 502 star := tr.blk.STAR() 503 prefix = p.parseString(star.Prefix()) 504 hdr.AccessTime = time.Unix(p.parseNumeric(star.AccessTime()), 0) 505 hdr.ChangeTime = time.Unix(p.parseNumeric(star.ChangeTime()), 0) 506 case formatGNU: 507 gnu := tr.blk.GNU() 508 hdr.AccessTime = tryParseTime(gnu.AccessTime()) 509 hdr.ChangeTime = tryParseTime(gnu.ChangeTime()) 510 } 511 if len(prefix) > 0 { 512 hdr.Name = prefix + "/" + hdr.Name 513 } 514 } 515 return hdr, &tr.blk, p.err 516 } 517 518 // readOldGNUSparseMap reads the sparse map from the old GNU sparse format. 519 // The sparse map is stored in the tar header if it's small enough. 520 // If it's larger than four entries, then one or more extension headers are used 521 // to store the rest of the sparse map. 522 // 523 // The Header.Size does not reflect the size of any extended headers used. 524 // Thus, this function will read from the raw io.Reader to fetch extra headers. 525 // This method mutates blk in the process. 526 func (tr *Reader) readOldGNUSparseMap(hdr *Header, blk *block) ([]sparseEntry, error) { 527 // Make sure that the input format is GNU. 528 // Unfortunately, the STAR format also has a sparse header format that uses 529 // the same type flag but has a completely different layout. 530 if blk.GetFormat() != formatGNU { 531 return nil, ErrHeader 532 } 533 534 var p parser 535 hdr.Size = p.parseNumeric(blk.GNU().RealSize()) 536 if p.err != nil { 537 return nil, p.err 538 } 539 var s sparseArray = blk.GNU().Sparse() 540 var sp = make([]sparseEntry, 0, s.MaxEntries()) 541 for { 542 for i := 0; i < s.MaxEntries(); i++ { 543 // This termination condition is identical to GNU and BSD tar. 544 if s.Entry(i).Offset()[0] == 0x00 { 545 break // Don't return, need to process extended headers (even if empty) 546 } 547 offset := p.parseNumeric(s.Entry(i).Offset()) 548 numBytes := p.parseNumeric(s.Entry(i).NumBytes()) 549 if p.err != nil { 550 return nil, p.err 551 } 552 sp = append(sp, sparseEntry{offset: offset, numBytes: numBytes}) 553 } 554 555 if s.IsExtended()[0] > 0 { 556 // There are more entries. Read an extension header and parse its entries. 557 if _, err := io.ReadFull(tr.r, blk[:]); err != nil { 558 if err == io.EOF { 559 err = io.ErrUnexpectedEOF 560 } 561 return nil, err 562 } 563 s = blk.Sparse() 564 continue 565 } 566 return sp, nil // Done 567 } 568 } 569 570 // readGNUSparseMap1x0 reads the sparse map as stored in GNU's PAX sparse format 571 // version 1.0. The format of the sparse map consists of a series of 572 // newline-terminated numeric fields. The first field is the number of entries 573 // and is always present. Following this are the entries, consisting of two 574 // fields (offset, numBytes). This function must stop reading at the end 575 // boundary of the block containing the last newline. 576 // 577 // Note that the GNU manual says that numeric values should be encoded in octal 578 // format. However, the GNU tar utility itself outputs these values in decimal. 579 // As such, this library treats values as being encoded in decimal. 580 func readGNUSparseMap1x0(r io.Reader) ([]sparseEntry, error) { 581 var cntNewline int64 582 var buf bytes.Buffer 583 var blk = make([]byte, blockSize) 584 585 // feedTokens copies data in numBlock chunks from r into buf until there are 586 // at least cnt newlines in buf. It will not read more blocks than needed. 587 var feedTokens = func(cnt int64) error { 588 for cntNewline < cnt { 589 if _, err := io.ReadFull(r, blk); err != nil { 590 if err == io.EOF { 591 err = io.ErrUnexpectedEOF 592 } 593 return err 594 } 595 buf.Write(blk) 596 for _, c := range blk { 597 if c == '\n' { 598 cntNewline++ 599 } 600 } 601 } 602 return nil 603 } 604 605 // nextToken gets the next token delimited by a newline. This assumes that 606 // at least one newline exists in the buffer. 607 var nextToken = func() string { 608 cntNewline-- 609 tok, _ := buf.ReadString('\n') 610 return tok[:len(tok)-1] // Cut off newline 611 } 612 613 // Parse for the number of entries. 614 // Use integer overflow resistant math to check this. 615 if err := feedTokens(1); err != nil { 616 return nil, err 617 } 618 numEntries, err := strconv.ParseInt(nextToken(), 10, 0) // Intentionally parse as native int 619 if err != nil || numEntries < 0 || int(2*numEntries) < int(numEntries) { 620 return nil, ErrHeader 621 } 622 623 // Parse for all member entries. 624 // numEntries is trusted after this since a potential attacker must have 625 // committed resources proportional to what this library used. 626 if err := feedTokens(2 * numEntries); err != nil { 627 return nil, err 628 } 629 sp := make([]sparseEntry, 0, numEntries) 630 for i := int64(0); i < numEntries; i++ { 631 offset, err := strconv.ParseInt(nextToken(), 10, 64) 632 if err != nil { 633 return nil, ErrHeader 634 } 635 numBytes, err := strconv.ParseInt(nextToken(), 10, 64) 636 if err != nil { 637 return nil, ErrHeader 638 } 639 sp = append(sp, sparseEntry{offset: offset, numBytes: numBytes}) 640 } 641 return sp, nil 642 } 643 644 // readGNUSparseMap0x1 reads the sparse map as stored in GNU's PAX sparse format 645 // version 0.1. The sparse map is stored in the PAX headers. 646 func readGNUSparseMap0x1(extHdrs map[string]string) ([]sparseEntry, error) { 647 // Get number of entries. 648 // Use integer overflow resistant math to check this. 649 numEntriesStr := extHdrs[paxGNUSparseNumBlocks] 650 numEntries, err := strconv.ParseInt(numEntriesStr, 10, 0) // Intentionally parse as native int 651 if err != nil || numEntries < 0 || int(2*numEntries) < int(numEntries) { 652 return nil, ErrHeader 653 } 654 655 // There should be two numbers in sparseMap for each entry. 656 sparseMap := strings.Split(extHdrs[paxGNUSparseMap], ",") 657 if int64(len(sparseMap)) != 2*numEntries { 658 return nil, ErrHeader 659 } 660 661 // Loop through the entries in the sparse map. 662 // numEntries is trusted now. 663 sp := make([]sparseEntry, 0, numEntries) 664 for i := int64(0); i < numEntries; i++ { 665 offset, err := strconv.ParseInt(sparseMap[2*i], 10, 64) 666 if err != nil { 667 return nil, ErrHeader 668 } 669 numBytes, err := strconv.ParseInt(sparseMap[2*i+1], 10, 64) 670 if err != nil { 671 return nil, ErrHeader 672 } 673 sp = append(sp, sparseEntry{offset: offset, numBytes: numBytes}) 674 } 675 return sp, nil 676 } 677 678 // numBytes returns the number of bytes left to read in the current file's entry 679 // in the tar archive, or 0 if there is no current file. 680 func (tr *Reader) numBytes() int64 { 681 if tr.curr == nil { 682 // No current file, so no bytes 683 return 0 684 } 685 return tr.curr.numBytes() 686 } 687 688 // Read reads from the current entry in the tar archive. 689 // It returns 0, io.EOF when it reaches the end of that entry, 690 // until Next is called to advance to the next entry. 691 // 692 // Calling Read on special types like TypeLink, TypeSymLink, TypeChar, 693 // TypeBlock, TypeDir, and TypeFifo returns 0, io.EOF regardless of what 694 // the Header.Size claims. 695 func (tr *Reader) Read(b []byte) (int, error) { 696 if tr.err != nil { 697 return 0, tr.err 698 } 699 if tr.curr == nil { 700 return 0, io.EOF 701 } 702 703 n, err := tr.curr.Read(b) 704 if err != nil && err != io.EOF { 705 tr.err = err 706 } 707 return n, err 708 } 709 710 func (rfr *regFileReader) Read(b []byte) (n int, err error) { 711 if rfr.nb == 0 { 712 // file consumed 713 return 0, io.EOF 714 } 715 if int64(len(b)) > rfr.nb { 716 b = b[0:rfr.nb] 717 } 718 n, err = rfr.r.Read(b) 719 rfr.nb -= int64(n) 720 721 if err == io.EOF && rfr.nb > 0 { 722 err = io.ErrUnexpectedEOF 723 } 724 return 725 } 726 727 // numBytes returns the number of bytes left to read in the file's data in the tar archive. 728 func (rfr *regFileReader) numBytes() int64 { 729 return rfr.nb 730 } 731 732 // newSparseFileReader creates a new sparseFileReader, but validates all of the 733 // sparse entries before doing so. 734 func newSparseFileReader(rfr numBytesReader, sp []sparseEntry, total int64) (*sparseFileReader, error) { 735 if total < 0 { 736 return nil, ErrHeader // Total size cannot be negative 737 } 738 739 // Validate all sparse entries. These are the same checks as performed by 740 // the BSD tar utility. 741 for i, s := range sp { 742 switch { 743 case s.offset < 0 || s.numBytes < 0: 744 return nil, ErrHeader // Negative values are never okay 745 case s.offset > math.MaxInt64-s.numBytes: 746 return nil, ErrHeader // Integer overflow with large length 747 case s.offset+s.numBytes > total: 748 return nil, ErrHeader // Region extends beyond the "real" size 749 case i > 0 && sp[i-1].offset+sp[i-1].numBytes > s.offset: 750 return nil, ErrHeader // Regions can't overlap and must be in order 751 } 752 } 753 return &sparseFileReader{rfr: rfr, sp: sp, total: total}, nil 754 } 755 756 // readHole reads a sparse hole ending at endOffset. 757 func (sfr *sparseFileReader) readHole(b []byte, endOffset int64) int { 758 n64 := endOffset - sfr.pos 759 if n64 > int64(len(b)) { 760 n64 = int64(len(b)) 761 } 762 n := int(n64) 763 for i := 0; i < n; i++ { 764 b[i] = 0 765 } 766 sfr.pos += n64 767 return n 768 } 769 770 // Read reads the sparse file data in expanded form. 771 func (sfr *sparseFileReader) Read(b []byte) (n int, err error) { 772 // Skip past all empty fragments. 773 for len(sfr.sp) > 0 && sfr.sp[0].numBytes == 0 { 774 sfr.sp = sfr.sp[1:] 775 } 776 777 // If there are no more fragments, then it is possible that there 778 // is one last sparse hole. 779 if len(sfr.sp) == 0 { 780 // This behavior matches the BSD tar utility. 781 // However, GNU tar stops returning data even if sfr.total is unmet. 782 if sfr.pos < sfr.total { 783 return sfr.readHole(b, sfr.total), nil 784 } 785 return 0, io.EOF 786 } 787 788 // In front of a data fragment, so read a hole. 789 if sfr.pos < sfr.sp[0].offset { 790 return sfr.readHole(b, sfr.sp[0].offset), nil 791 } 792 793 // In a data fragment, so read from it. 794 // This math is overflow free since we verify that offset and numBytes can 795 // be safely added when creating the sparseFileReader. 796 endPos := sfr.sp[0].offset + sfr.sp[0].numBytes // End offset of fragment 797 bytesLeft := endPos - sfr.pos // Bytes left in fragment 798 if int64(len(b)) > bytesLeft { 799 b = b[:bytesLeft] 800 } 801 802 n, err = sfr.rfr.Read(b) 803 sfr.pos += int64(n) 804 if err == io.EOF { 805 if sfr.pos < endPos { 806 err = io.ErrUnexpectedEOF // There was supposed to be more data 807 } else if sfr.pos < sfr.total { 808 err = nil // There is still an implicit sparse hole at the end 809 } 810 } 811 812 if sfr.pos == endPos { 813 sfr.sp = sfr.sp[1:] // We are done with this fragment, so pop it 814 } 815 return n, err 816 } 817 818 // numBytes returns the number of bytes left to read in the sparse file's 819 // sparse-encoded data in the tar archive. 820 func (sfr *sparseFileReader) numBytes() int64 { 821 return sfr.rfr.numBytes() 822 } 823
