1 2LZO stream format as understood by Linux's LZO decompressor 3=========================================================== 4 5Introduction 6 7 This is not a specification. No specification seems to be publicly available 8 for the LZO stream format. This document describes what input format the LZO 9 decompressor as implemented in the Linux kernel understands. The file subject 10 of this analysis is lib/lzo/lzo1x_decompress_safe.c. No analysis was made on 11 the compressor nor on any other implementations though it seems likely that 12 the format matches the standard one. The purpose of this document is to 13 better understand what the code does in order to propose more efficient fixes 14 for future bug reports. 15 16Description 17 18 The stream is composed of a series of instructions, operands, and data. The 19 instructions consist in a few bits representing an opcode, and bits forming 20 the operands for the instruction, whose size and position depend on the 21 opcode and on the number of literals copied by previous instruction. The 22 operands are used to indicate : 23 24 - a distance when copying data from the dictionary (past output buffer) 25 - a length (number of bytes to copy from dictionary) 26 - the number of literals to copy, which is retained in variable "state" 27 as a piece of information for next instructions. 28 29 Optionally depending on the opcode and operands, extra data may follow. These 30 extra data can be a complement for the operand (eg: a length or a distance 31 encoded on larger values), or a literal to be copied to the output buffer. 32 33 The first byte of the block follows a different encoding from other bytes, it 34 seems to be optimized for literal use only, since there is no dictionary yet 35 prior to that byte. 36 37 Lengths are always encoded on a variable size starting with a small number 38 of bits in the operand. If the number of bits isn't enough to represent the 39 length, up to 255 may be added in increments by consuming more bytes with a 40 rate of at most 255 per extra byte (thus the compression ratio cannot exceed 41 around 255:1). The variable length encoding using #bits is always the same : 42 43 length = byte & ((1 << #bits) - 1) 44 if (!length) { 45 length = ((1 << #bits) - 1) 46 length += 255*(number of zero bytes) 47 length += first-non-zero-byte 48 } 49 length += constant (generally 2 or 3) 50 51 For references to the dictionary, distances are relative to the output 52 pointer. Distances are encoded using very few bits belonging to certain 53 ranges, resulting in multiple copy instructions using different encodings. 54 Certain encodings involve one extra byte, others involve two extra bytes 55 forming a little-endian 16-bit quantity (marked LE16 below). 56 57 After any instruction except the large literal copy, 0, 1, 2 or 3 literals 58 are copied before starting the next instruction. The number of literals that 59 were copied may change the meaning and behaviour of the next instruction. In 60 practice, only one instruction needs to know whether 0, less than 4, or more 61 literals were copied. This is the information stored in the <state> variable 62 in this implementation. This number of immediate literals to be copied is 63 generally encoded in the last two bits of the instruction but may also be 64 taken from the last two bits of an extra operand (eg: distance). 65 66 End of stream is declared when a block copy of distance 0 is seen. Only one 67 instruction may encode this distance (0001HLLL), it takes one LE16 operand 68 for the distance, thus requiring 3 bytes. 69 70 IMPORTANT NOTE : in the code some length checks are missing because certain 71 instructions are called under the assumption that a certain number of bytes 72 follow because it has already been garanteed before parsing the instructions. 73 They just have to "refill" this credit if they consume extra bytes. This is 74 an implementation design choice independant on the algorithm or encoding. 75 76Byte sequences 77 78 First byte encoding : 79 80 0..17 : follow regular instruction encoding, see below. It is worth 81 noting that codes 16 and 17 will represent a block copy from 82 the dictionary which is empty, and that they will always be 83 invalid at this place. 84 85 18..21 : copy 0..3 literals 86 state = (byte - 17) = 0..3 [ copy <state> literals ] 87 skip byte 88 89 22..255 : copy literal string 90 length = (byte - 17) = 4..238 91 state = 4 [ don't copy extra literals ] 92 skip byte 93 94 Instruction encoding : 95 96 0 0 0 0 X X X X (0..15) 97 Depends on the number of literals copied by the last instruction. 98 If last instruction did not copy any literal (state == 0), this 99 encoding will be a copy of 4 or more literal, and must be interpreted 100 like this : 101 102 0 0 0 0 L L L L (0..15) : copy long literal string 103 length = 3 + (L ?: 15 + (zero_bytes * 255) + non_zero_byte) 104 state = 4 (no extra literals are copied) 105 106 If last instruction used to copy between 1 to 3 literals (encoded in 107 the instruction's opcode or distance), the instruction is a copy of a 108 2-byte block from the dictionary within a 1kB distance. It is worth 109 noting that this instruction provides little savings since it uses 2 110 bytes to encode a copy of 2 other bytes but it encodes the number of 111 following literals for free. It must be interpreted like this : 112 113 0 0 0 0 D D S S (0..15) : copy 2 bytes from <= 1kB distance 114 length = 2 115 state = S (copy S literals after this block) 116 Always followed by exactly one byte : H H H H H H H H 117 distance = (H << 2) + D + 1 118 119 If last instruction used to copy 4 or more literals (as detected by 120 state == 4), the instruction becomes a copy of a 3-byte block from the 121 dictionary from a 2..3kB distance, and must be interpreted like this : 122 123 0 0 0 0 D D S S (0..15) : copy 3 bytes from 2..3 kB distance 124 length = 3 125 state = S (copy S literals after this block) 126 Always followed by exactly one byte : H H H H H H H H 127 distance = (H << 2) + D + 2049 128 129 0 0 0 1 H L L L (16..31) 130 Copy of a block within 16..48kB distance (preferably less than 10B) 131 length = 2 + (L ?: 7 + (zero_bytes * 255) + non_zero_byte) 132 Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S 133 distance = 16384 + (H << 14) + D 134 state = S (copy S literals after this block) 135 End of stream is reached if distance == 16384 136 137 0 0 1 L L L L L (32..63) 138 Copy of small block within 16kB distance (preferably less than 34B) 139 length = 2 + (L ?: 31 + (zero_bytes * 255) + non_zero_byte) 140 Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S 141 distance = D + 1 142 state = S (copy S literals after this block) 143 144 0 1 L D D D S S (64..127) 145 Copy 3-4 bytes from block within 2kB distance 146 state = S (copy S literals after this block) 147 length = 3 + L 148 Always followed by exactly one byte : H H H H H H H H 149 distance = (H << 3) + D + 1 150 151 1 L L D D D S S (128..255) 152 Copy 5-8 bytes from block within 2kB distance 153 state = S (copy S literals after this block) 154 length = 5 + L 155 Always followed by exactly one byte : H H H H H H H H 156 distance = (H << 3) + D + 1 157 158Authors 159 160 This document was written by Willy Tarreau <w@1wt.eu> on 2014/07/19 during an 161 analysis of the decompression code available in Linux 3.16-rc5. The code is 162 tricky, it is possible that this document contains mistakes or that a few 163 corner cases were overlooked. In any case, please report any doubt, fix, or 164 proposed updates to the author(s) so that the document can be updated. 165