| // Copyright 2016 Google Inc. All rights reserved. |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| package com.google.archivepatcher.applier.bsdiff; |
| |
| import com.google.archivepatcher.applier.PatchFormatException; |
| |
| import java.io.BufferedInputStream; |
| import java.io.BufferedOutputStream; |
| import java.io.IOException; |
| import java.io.InputStream; |
| import java.io.OutputStream; |
| import java.io.RandomAccessFile; |
| |
| /** |
| * A Java implementation of the "bspatch" algorithm based on the BSD-2 licensed source code |
| * available here: https://github.com/mendsley/bsdiff. This implementation supports a maximum file |
| * size of 2GB for all binaries involved (old, new and patch binaries). |
| */ |
| public class BsPatch { |
| /** |
| * Standard header found at the start of every patch. |
| */ |
| private static final String SIGNATURE = "ENDSLEY/BSDIFF43"; |
| |
| /** |
| * Default buffer size is 50 kibibytes, a reasonable tradeoff between size and speed. |
| */ |
| private static final int PATCH_BUFFER_SIZE = 1024 * 50; |
| |
| /** |
| * Masks the upper bit of a long, used to determine if a long is positive or negative. |
| */ |
| private static final long NEGATIVE_LONG_SIGN_MASK = 1L << 63; |
| |
| /** |
| * The patch is typically compressed and the input stream is decompressing on-the-fly. A small |
| * buffer greatly improves efficiency on complicated patches with lots of short directives. |
| */ |
| private static final int PATCH_STREAM_BUFFER_SIZE = 4 * 1024; |
| |
| /** |
| * Complicated patches with lots of short directives result in many calls to write small amounts |
| * of data. A buffer greatly improves efficiency for these patches. |
| */ |
| private static final int OUTPUT_STREAM_BUFFER_SIZE = 16 * 1024; |
| |
| /** |
| * Applies a patch from |patchData| to the data in |oldData|, writing the result to |newData|. |
| * |
| * @param oldData data to which the patch should be applied |
| * @param newData stream to write the new artifact to |
| * @param patchData stream to read patch instructions from |
| * @throws PatchFormatException if the patch stream is invalid |
| * @throws IOException if unable to read or write any of the data |
| */ |
| public static void applyPatch( |
| RandomAccessFile oldData, OutputStream newData, InputStream patchData) |
| throws PatchFormatException, IOException { |
| patchData = new BufferedInputStream(patchData, PATCH_STREAM_BUFFER_SIZE); |
| newData = new BufferedOutputStream(newData, OUTPUT_STREAM_BUFFER_SIZE); |
| try { |
| applyPatchInternal(oldData, newData, patchData); |
| } finally { |
| newData.flush(); |
| } |
| } |
| |
| /** |
| * Does the work of the public applyPatch method. |
| */ |
| private static void applyPatchInternal( |
| final RandomAccessFile oldData, |
| final OutputStream newData, |
| final InputStream patchData) |
| throws PatchFormatException, IOException { |
| final byte[] signatureBuffer = new byte[SIGNATURE.length()]; |
| try { |
| readFully(patchData, signatureBuffer, 0, signatureBuffer.length); |
| } catch (IOException e) { |
| throw new PatchFormatException("truncated signature"); |
| } |
| |
| String signature = new String(signatureBuffer, 0, signatureBuffer.length, "US-ASCII"); |
| if (!SIGNATURE.equals(signature)) { |
| throw new PatchFormatException("bad signature"); |
| } |
| |
| // Sanity-check: ensure a-priori knowledge matches patch expectations |
| final long oldSize = oldData.length(); |
| if (oldSize > Integer.MAX_VALUE) { |
| throw new PatchFormatException("bad oldSize"); |
| } |
| final long newSize = readBsdiffLong(patchData); |
| if (newSize < 0 || newSize > Integer.MAX_VALUE) { |
| throw new PatchFormatException("bad newSize"); |
| } |
| |
| // These buffers are used for performing transformations and copies. They are not stateful. |
| final byte[] buffer1 = new byte[PATCH_BUFFER_SIZE]; |
| final byte[] buffer2 = new byte[PATCH_BUFFER_SIZE]; |
| |
| // Offsets into |oldData| and |newData|. |
| long oldDataOffset = 0; // strobes |oldData| in order specified by the patch file |
| long newDataBytesWritten = 0; // monotonically increases from 0 .. |expectedNewSize| |
| |
| while (newDataBytesWritten < newSize) { |
| // Read "control data" for the operation. There are three values here: |
| // 1. |diffSegmentLength| defines a number of "similar" bytes that can be transformed |
| // from |oldData| to |newData| by applying byte-by-byte addends. The addend bytes are |
| // read from |patchData|. If zero, no "similar" bytes are transformed in this |
| // operation. |
| final long diffSegmentLength = readBsdiffLong(patchData); |
| |
| // 2. |copySegmentLength| defines a number of identical bytes that can be copied from |
| // |oldData| to |newData|. If zero, no identical bytes are copied in this operation. |
| final long copySegmentLength = readBsdiffLong(patchData); |
| |
| // 3. |offsetToNextInput| defines a relative offset to the next position in |oldData| to |
| // jump do after the current operation completes. Strangely, this compensates for |
| // |diffSegmentLength| but not for |copySegmentLength|, so |diffSegmentLength| must |
| // be accumulated into |oldDataOffset| while |copySegmentLength| must NOT be. |
| final long offsetToNextInput = readBsdiffLong(patchData); |
| |
| // Sanity-checks |
| if (diffSegmentLength < 0 || diffSegmentLength > Integer.MAX_VALUE) { |
| throw new PatchFormatException("bad diffSegmentLength"); |
| } |
| if (copySegmentLength < 0 || copySegmentLength > Integer.MAX_VALUE) { |
| throw new PatchFormatException("bad copySegmentLength"); |
| } |
| if (offsetToNextInput < Integer.MIN_VALUE || offsetToNextInput > Integer.MAX_VALUE) { |
| throw new PatchFormatException("bad offsetToNextInput"); |
| } |
| |
| final long expectedFinalNewDataBytesWritten = |
| newDataBytesWritten + diffSegmentLength + copySegmentLength; |
| if (expectedFinalNewDataBytesWritten > newSize) { |
| throw new PatchFormatException("expectedFinalNewDataBytesWritten too large"); |
| } |
| |
| final long expectedFinalOldDataOffset = oldDataOffset + diffSegmentLength + offsetToNextInput; |
| if (expectedFinalOldDataOffset > oldSize) { |
| throw new PatchFormatException("expectedFinalOldDataOffset too large"); |
| } |
| if (expectedFinalOldDataOffset < 0) { |
| throw new PatchFormatException("expectedFinalOldDataOffset is negative"); |
| } |
| |
| // At this point everything is known to be sane, and the operations should all succeed. |
| oldData.seek(oldDataOffset); |
| if (diffSegmentLength > 0) { |
| transformBytes((int) diffSegmentLength, patchData, oldData, newData, buffer1, buffer2); |
| } |
| if (copySegmentLength > 0) { |
| pipe(patchData, newData, buffer1, (int) copySegmentLength); |
| } |
| newDataBytesWritten = expectedFinalNewDataBytesWritten; |
| oldDataOffset = expectedFinalOldDataOffset; |
| } |
| } |
| |
| /** |
| * Transforms bytes from |oldData| into |newData| by applying byte-for-byte addends from |
| * |patchData|. The number of bytes consumed from |oldData| and |patchData|, as well as the |
| * number of bytes written to |newData|, is |diffLength|. The contents of the buffers are |
| * ignored and overwritten, and no guarantee is made as to their contents when this method |
| * returns. This is the core of the bsdiff patching algorithm. |buffer1.length| must equal |
| * |buffer2.length|, and |buffer1| and |buffer2| must be distinct objects. |
| * |
| * @param diffLength the length of the BsDiff entry (how many bytes to read and apply). |
| * @param patchData the input stream from the BsDiff patch containing diff bytes. This stream |
| * must be positioned so that the first byte read is the first addend to be |
| * applied to the first byte of data to be read from |oldData|. |
| * @param oldData the old file, for the diff bytes to be applied to. This input source must be |
| * positioned so that the first byte read is the first byte of data to which the |
| * first byte of addends from |patchData| should be applied. |
| * @param newData the stream to write the resulting data to. |
| * @param buffer1 temporary buffer to use for data transformation; contents are ignored, may be |
| * overwritten, and are undefined when this method returns. |
| * @param buffer2 temporary buffer to use for data transformation; contents are ignored, may be |
| * overwritten, and are undefined when this method returns. |
| */ |
| // Visible for testing only |
| static void transformBytes( |
| final int diffLength, |
| final InputStream patchData, |
| final RandomAccessFile oldData, |
| final OutputStream newData, |
| final byte[] buffer1, |
| final byte[] buffer2) |
| throws IOException { |
| int numBytesLeft = diffLength; |
| while (numBytesLeft > 0) { |
| final int numBytesThisRound = Math.min(numBytesLeft, buffer1.length); |
| oldData.readFully(buffer1, 0, numBytesThisRound); |
| readFully(patchData, buffer2, 0, numBytesThisRound); |
| for (int i = 0; i < numBytesThisRound; i++) { |
| buffer1[i] += buffer2[i]; |
| } |
| newData.write(buffer1, 0, numBytesThisRound); |
| numBytesLeft -= numBytesThisRound; |
| } |
| } |
| |
| /** |
| * Reads a long value in little-endian, signed-magnitude format (the format used by the C++ |
| * bsdiff implementation). |
| * |
| * @param in the stream to read from |
| * @return the long value |
| * @throws PatchFormatException if the value is negative zero (unsupported) |
| * @throws IOException if unable to read all 8 bytes from the stream |
| */ |
| // Visible for testing only |
| static final long readBsdiffLong(InputStream in) throws PatchFormatException, IOException { |
| long result = 0; |
| for (int bitshift = 0; bitshift < 64; bitshift += 8) { |
| result |= ((long) in.read()) << bitshift; |
| } |
| |
| if (result == NEGATIVE_LONG_SIGN_MASK) { |
| // "Negative zero", which is valid in signed-magnitude format. |
| // NB: No sane patch generator should ever produce such a value. |
| throw new PatchFormatException("read negative zero"); |
| } |
| |
| if ((result & NEGATIVE_LONG_SIGN_MASK) != 0) { |
| result = -(result & ~NEGATIVE_LONG_SIGN_MASK); |
| } |
| |
| return result; |
| } |
| |
| /** |
| * Read exactly the specified number of bytes into the specified buffer. |
| * |
| * @param in the input stream to read from |
| * @param destination where to write the bytes to |
| * @param startAt the offset at which to start writing bytes in the destination buffer |
| * @param numBytes the number of bytes to read |
| * @throws IOException if reading from the stream fails |
| */ |
| // Visible for testing only |
| static void readFully( |
| final InputStream in, final byte[] destination, final int startAt, final int numBytes) |
| throws IOException { |
| int numRead = 0; |
| while (numRead < numBytes) { |
| int readNow = in.read(destination, startAt + numRead, numBytes - numRead); |
| if (readNow == -1) { |
| throw new IOException("truncated input stream"); |
| } |
| numRead += readNow; |
| } |
| } |
| |
| /** |
| * Use an intermediate buffer to pipe bytes from an InputStream directly to an OutputStream. The |
| * buffer's contents may be destroyed by this operation. |
| * |
| * @param in the stream to read bytes from. |
| * @param out the stream to write bytes to. |
| * @param buffer the buffer to use for copying bytes; must have length > 0 |
| * @param copyLength the number of bytes to copy from the input stream to the output stream |
| */ |
| // Visible for testing only |
| static void pipe( |
| final InputStream in, final OutputStream out, final byte[] buffer, int copyLength) |
| throws IOException { |
| while (copyLength > 0) { |
| int maxCopy = Math.min(buffer.length, copyLength); |
| readFully(in, buffer, 0, maxCopy); |
| out.write(buffer, 0, maxCopy); |
| copyLength -= maxCopy; |
| } |
| } |
| } |
