samples/tasks: repair database demo, add decompress test

Two related changes under samples/tasks/.

samples/tasks/database: restore a buildable state

  The database demo had bit-rotted to the point where neither the
  C source nor the Makefile matched the current tree:

    * main_msg_queue_push: retro_task_queue_msg_t gained a
      retro_task_t* first parameter
    * main_db_cb: retro_task_callback_t gained the same
    * core_info_init_list: added a sixth bool *cache_supported
      parameter
    * Makefile: hash/rhash.c was renamed to hash/lrc_hash.c
    * Makefile: 7zip source list was stale -- 7zIn.c was renamed to
      7zArcIn.c, and BraIA64.c / CpuArch.c / Delta.c were added
    * Makefile: missing sources for trans_stream*, rzip_stream,
      features_cpu, rtime, rxml, m3u_file, logiqx_dat,
      manual_content_scan, yxml
    * link: missing -lm for roundf

  Several symbols reached via task_push_dbscan are defined only
  when RARCH_INTERNAL is set, which would transitively require
  linking most of retroarch.c, frontend_driver.c, runloop.c,
  configuration.c and the UI/video subsystems.  Since this sample
  exercises only the task queue, it provides lightweight stubs for:

    * msg_hash_get_help_us_enum  (real def in intl/msg_hash_us.c)
    * msg_hash_to_str_us         (real def in intl/msg_hash_us.c)
    * config_get_ptr             (real def in configuration.c)
    * runloop_msg_queue_push     (real def in runloop.c)
    * retroarch_override_setting_is_set
    * ui_companion_driver_notify_refresh
    * video_display_server_set_window_progress
    * frontend_driver_get_free_memory
    * dir_list_new_special       (real def in retroarch.c)

  All stubs are either no-ops or return a conservative value that
  lets the surrounding code bail gracefully; none of them are
  exercised on the happy dbscan path.

  After these changes the demo builds cleanly on a stock Ubuntu
  host (build-essential, zlib1g-dev, libpthread), and both
  `database_task` with no args and `database_task <5 dirs>` exit
  with the expected status.

samples/tasks/decompress: new standalone regression test

  Adds archive_name_safety_test, a 23-case predicate unit test for
  the archive_name_is_safe() function in tasks/task_decompress.c.

  This test was originally developed alongside the Zip Slip patch
  in the first security round and held out of
  libretro-common/samples/ because it exercises code in tasks/
  rather than libretro-common/.  samples/tasks/ is its natural
  home.

  The test keeps a verbatim copy of the predicate and validates it
  against a table of safe / unsafe paths:

    * safe:   file.txt, dir/file.txt, a.b/c, ..foo, foo..
    * unsafe: .., ../etc/passwd, foo/..//bar, /etc/passwd,
              \windows\system32, C:\evil, c:/evil, ..\..\windows,
              foo\..\bar, empty string, NULL

  If the predicate in task_decompress.c is ever edited, the copy
  here must be updated to match -- this is noted in the test file's
  header.

Author: LibretroAdmin

samples/tasks/database/Makefile

@@ -95,9 +95,11 @@ SOURCES_C := \
 	$(CORE_DIR)/database_info.c \
 	$(CORE_DIR)/core_info.c \
 	$(CORE_DIR)/msg_hash.c \
-	$(CORE_DIR)/intl/msg_hash_us.c \
 	$(CORE_DIR)/playlist.c \
+	$(CORE_DIR)/manual_content_scan.c \
 	$(CORE_DIR)/verbosity.c \
+	$(LIBRETRO_COMM_DIR)/formats/m3u/m3u_file.c \
+	$(LIBRETRO_COMM_DIR)/formats/logiqx_dat/logiqx_dat.c \
 	$(CORE_DIR)/libretro-db/bintree.c \
 	$(CORE_DIR)/libretro-db/libretrodb.c \
 	$(CORE_DIR)/libretro-db/query.c \
@@ -108,22 +110,29 @@ SOURCES_C := \
 	$(LIBRETRO_COMM_DIR)/file/file_path.c \
 	$(LIBRETRO_COMM_DIR)/file/file_path_io.c \
 	$(LIBRETRO_COMM_DIR)/file/retro_dirent.c \
-	$(LIBRETRO_COMM_DIR)/hash/rhash.c \
+	$(LIBRETRO_COMM_DIR)/hash/lrc_hash.c \
 	$(LIBRETRO_COMM_DIR)/compat/compat_fnmatch.c \
 	$(LIBRETRO_COMM_DIR)/compat/compat_posix_string.c \
 	$(LIBRETRO_COMM_DIR)/compat/compat_strcasestr.c \
 	$(LIBRETRO_COMM_DIR)/compat/compat_strl.c \
 	$(LIBRETRO_COMM_DIR)/compat/fopen_utf8.c \
+	$(DEPS_DIR)/yxml/yxml.c \
 	$(LIBRETRO_COMM_DIR)/formats/json/rjson.c \
+	$(LIBRETRO_COMM_DIR)/formats/xml/rxml.c \
 	$(LIBRETRO_COMM_DIR)/encodings/encoding_crc32.c \
 	$(LIBRETRO_COMM_DIR)/encodings/encoding_utf.c \
+	$(LIBRETRO_COMM_DIR)/features/features_cpu.c \
 	$(LIBRETRO_COMM_DIR)/queues/task_queue.c \
 	$(LIBRETRO_COMM_DIR)/lists/dir_list.c \
 	$(LIBRETRO_COMM_DIR)/lists/string_list.c \
 	$(LIBRETRO_COMM_DIR)/streams/interface_stream.c \
 	$(LIBRETRO_COMM_DIR)/streams/memory_stream.c \
 	$(LIBRETRO_COMM_DIR)/streams/file_stream.c \
+	$(LIBRETRO_COMM_DIR)/streams/rzip_stream.c \
+	$(LIBRETRO_COMM_DIR)/streams/trans_stream.c \
+	$(LIBRETRO_COMM_DIR)/streams/trans_stream_pipe.c \
 	$(LIBRETRO_COMM_DIR)/string/stdstring.c \
+	$(LIBRETRO_COMM_DIR)/time/rtime.c \
 	$(LIBRETRO_COMM_DIR)/vfs/vfs_implementation.c
 
 DEFINES    = -DHAVE_LIBRETRODB -DHAVE_COMPRESSION
@@ -134,6 +143,7 @@ SOURCES_C += \
 				 $(LIBRETRO_COMM_DIR)/streams/trans_stream_zlib.c
 DEFINES += -DHAVE_ZLIB
 LIBS += -lz
+LIBS += -lm
 endif
 
 ifeq ($(HAVE_7ZIP), 1)
@@ -142,20 +152,23 @@ SOURCES_C +=  \
 DEFINES += -DHAVE_7ZIP -D_7ZIP_ST
 INCDIRS += -I$(DEPS_DIR)
 
-SOURCES_C += $(DEPS_DIR)/7zip/7zIn.c \
-				 $(DEPS_DIR)/7zip/Bra86.c \
-				 $(DEPS_DIR)/7zip/7zFile.c \
-				 $(DEPS_DIR)/7zip/7zStream.c \
-				 $(DEPS_DIR)/7zip/LzFind.c \
-				 $(DEPS_DIR)/7zip/LzmaDec.c \
-				 $(DEPS_DIR)/7zip/LzmaEnc.c \
+SOURCES_C += $(DEPS_DIR)/7zip/7zArcIn.c \
+				 $(DEPS_DIR)/7zip/7zBuf.c \
+				 $(DEPS_DIR)/7zip/7zCrc.c \
 				 $(DEPS_DIR)/7zip/7zCrcOpt.c \
-				 $(DEPS_DIR)/7zip/Bra.c \
 				 $(DEPS_DIR)/7zip/7zDec.c \
+				 $(DEPS_DIR)/7zip/7zFile.c \
+				 $(DEPS_DIR)/7zip/7zStream.c \
 				 $(DEPS_DIR)/7zip/Bcj2.c \
-				 $(DEPS_DIR)/7zip/7zCrc.c \
+				 $(DEPS_DIR)/7zip/Bra.c \
+				 $(DEPS_DIR)/7zip/Bra86.c \
+				 $(DEPS_DIR)/7zip/BraIA64.c \
+				 $(DEPS_DIR)/7zip/CpuArch.c \
+				 $(DEPS_DIR)/7zip/Delta.c \
+				 $(DEPS_DIR)/7zip/LzFind.c \
 				 $(DEPS_DIR)/7zip/Lzma2Dec.c \
-				 $(DEPS_DIR)/7zip/7zBuf.c
+				 $(DEPS_DIR)/7zip/LzmaDec.c \
+				 $(DEPS_DIR)/7zip/LzmaEnc.c
 endif
 
 ifeq ($(HAVE_THREADS), 1)

samples/tasks/database/main.c

@@ -9,10 +9,91 @@
 
 static bool loop_active = true;
 
-static void main_msg_queue_push(const char *msg,
+/* Stubs for symbols referenced by the retroarch-tree sources we pull
+ * in.  The real definitions live in intl/msg_hash_us.c and
+ * configuration.c, but those files transitively require RARCH_INTERNAL
+ * which drags in the entire frontend subsystem.  This sample only
+ * exercises task_push_dbscan; none of these symbols are actually
+ * invoked on the path through task_push_dbscan / task_queue_check.
+ *
+ * The `msg` parameter is declared as int rather than
+ * `enum msg_hash_enums` because that enum lives in msg_hash.h, which
+ * is not on the include path for this sample.  At the link level the
+ * signatures match since enum values promote to int. */
+int msg_hash_get_help_us_enum(int msg, char *s, size_t len)
+{
+   (void)msg;
+   if (s && len)
+      s[0] = '\0';
+   return 0;
+}
+
+const char *msg_hash_to_str_us(int msg)
+{
+   (void)msg;
+   return "";
+}
+
+void *config_get_ptr(void)
+{
+   /* core_info_current_supports_savestate_level dereferences the
+    * return as a settings_t*.  That code path is never exercised
+    * during a dbscan, but returning NULL would SEGV if it ever were.
+    * A single static zeroed buffer is enough to keep dereferences
+    * from crashing for any read -- the sample doesn't write to it. */
+   static long long zeros[1024];  /* ~8 KiB, covers settings_t */
+   return zeros;
+}
+
+/* Additional stubs for retroarch-core symbols referenced transitively.
+ * None of these are exercised on the dbscan path; they're link-time
+ * stubs to avoid pulling in retroarch.c, runloop.c, frontend drivers,
+ * and the UI/video subsystems. */
+void runloop_msg_queue_push(const char *msg, size_t len,
+      unsigned prio, unsigned duration,
+      bool flush, char *title, unsigned icon, unsigned category)
+{
+   (void)msg; (void)len; (void)prio; (void)duration;
+   (void)flush; (void)title; (void)icon; (void)category;
+}
+
+bool retroarch_override_setting_is_set(unsigned enum_idx, void *data)
+{
+   (void)enum_idx; (void)data;
+   return false;
+}
+
+void ui_companion_driver_notify_refresh(void)
+{
+}
+
+void video_display_server_set_window_progress(int progress, bool finished)
+{
+   (void)progress; (void)finished;
+}
+
+uint64_t frontend_driver_get_free_memory(void)
+{
+   return 0;
+}
+
+/* dir_list_new_special lives in retroarch.c, which we cannot link
+ * without dragging in the world.  manual_content_scan calls this to
+ * walk the scan directory; returning NULL causes the scan to bail
+ * without producing results, which is fine for a standalone demo. */
+void *dir_list_new_special(const char *input_dir, unsigned type,
+      const char *filter, bool show_hidden_files)
+{
+   (void)input_dir; (void)type; (void)filter; (void)show_hidden_files;
+   return NULL;
+}
+
+static void main_msg_queue_push(retro_task_t *task,
+      const char *msg,
       unsigned prio, unsigned duration,
       bool flush)
 {
+   (void)task;
    fprintf(stderr, "MSGQ: %s\n", msg);
 }
 
@@ -23,8 +104,10 @@ static void main_msg_queue_push(const char *msg,
  * error    exit: -1
  */
 
-static void main_db_cb(void *task_data, void *user_data, const char *err)
+static void main_db_cb(retro_task_t *task,
+      void *task_data, void *user_data, const char *err)
 {
+   (void)task;
    fprintf(stderr, "DB CB: %s\n", err);
    loop_active = false;
 }
@@ -66,7 +149,7 @@ int main(int argc, char *argv[])
 #else
    task_queue_init(false /* threaded enable */, main_msg_queue_push);
 #endif
-   core_info_init_list(core_info_dir, core_dir, exts, true, false);
+   core_info_init_list(core_info_dir, core_dir, exts, true, false, NULL);
 
    task_push_dbscan(playlist_dir, db_dir, input_dir, true,
          true, main_db_cb);

samples/tasks/decompress/Makefile

@@ -0,0 +1,20 @@
+TARGET := archive_name_safety_test
+
+SOURCES := archive_name_safety_test.c
+
+OBJS := $(SOURCES:.c=.o)
+
+CFLAGS += -Wall -pedantic -std=gnu99 -g -O0
+
+all: $(TARGET)
+
+%.o: %.c
+	$(CC) -c -o $@ $< $(CFLAGS)
+
+$(TARGET): $(OBJS)
+	$(CC) -o $@ $^ $(LDFLAGS)
+
+clean:
+	rm -f $(TARGET) $(OBJS)
+
+.PHONY: clean

samples/tasks/decompress/archive_name_safety_test.c

@@ -0,0 +1,147 @@
+/* Copyright  (C) 2010-2026 The RetroArch team
+ *
+ * ---------------------------------------------------------------------------------------
+ * The following license statement only applies to this file (archive_name_safety_test.c).
+ * ---------------------------------------------------------------------------------------
+ *
+ * Permission is hereby granted, free of charge,
+ * to any person obtaining a copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation the rights to
+ * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
+ * and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
+ * INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+/* Regression for commit 87f2d0b (Zip Slip in tasks/task_decompress).
+ *
+ * The predicate archive_name_is_safe() is static inside
+ * tasks/task_decompress.c and isn't in a public header, so this test
+ * keeps its own verbatim copy of the predicate as the oracle.  The
+ * test's value is in locking in the predicate's contract -- any
+ * future edit to the real predicate that changes semantics will
+ * drift from this oracle and the test's maintainer must decide
+ * whether the drift is intended.
+ *
+ * If you update archive_name_is_safe() in task_decompress.c, update
+ * the copy in this file to match.
+ *
+ * Build standalone:
+ *   cc -Wall -std=gnu99 -g -O0 -o archive_name_safety_test \
+ *      archive_name_safety_test.c
+ *   ./archive_name_safety_test
+ */
+
+#include <stdio.h>
+#include <stddef.h>
+#include <stdbool.h>
+
+/* =============== verbatim from tasks/task_decompress.c =============== */
+static bool archive_name_is_safe(const char *name)
+{
+   const char *p;
+   const char *seg_start;
+
+   if (!name || !*name)
+      return false;
+
+   /* Reject absolute paths in either Unix or Windows form. */
+   if (name[0] == '/' || name[0] == '\\')
+      return false;
+   /* Reject drive-letter prefix e.g. "C:..." */
+   if (name[1] == ':')
+      return false;
+
+   /* Reject any ".." path segment.  Treat both '/' and '\\' as
+    * separators so Windows-authored archives can't traverse when
+    * extracted on a POSIX host. */
+   p = seg_start = name;
+   for (;;)
+   {
+      char c = *p;
+      if (c == '/' || c == '\\' || c == '\0')
+      {
+         if ((size_t)(p - seg_start) == 2
+               && seg_start[0] == '.' && seg_start[1] == '.')
+            return false;
+         if (c == '\0')
+            break;
+         seg_start = p + 1;
+      }
+      p++;
+   }
+   return true;
+}
+/* =============== end verbatim copy =============== */
+
+static int failures = 0;
+
+static void expect(const char *name, bool want)
+{
+   bool got = archive_name_is_safe(name);
+   if (got != want)
+   {
+      printf("[FAILED] %-32s  expected %s, got %s\n",
+            name ? name : "(null)",
+            want ? "safe" : "UNSAFE",
+            got  ? "safe" : "UNSAFE");
+      failures++;
+      return;
+   }
+   printf("[SUCCESS] %-32s  %s\n",
+         name ? name : "(null)",
+         want ? "safe" : "correctly rejected");
+}
+
+int main(void)
+{
+   /* --- legitimate archive contents -- must be accepted --- */
+   expect("file.txt",            true);
+   expect("dir/file.txt",        true);
+   expect("dir/subdir/file.txt", true);
+   expect("a.b/c",               true);
+   expect("...",                 true);   /* three dots, not a segment of '..' */
+   expect("..foo",               true);   /* prefix only */
+   expect("foo..",               true);   /* suffix only */
+   expect("x/y.ext",             true);
+
+   /* --- zip-slip payloads -- must be rejected --- */
+   expect("..",                   false);
+   expect("../etc/passwd",        false);
+   expect("../../etc/passwd",     false);
+   expect("foo/../../etc/passwd", false);
+   expect("foo/..",               false);
+   expect("foo/..//bar",          false);  /* double slash after traversal */
+   expect("foo/../bar",           false);
+
+   /* --- absolute paths -- must be rejected --- */
+   expect("/etc/passwd",          false);
+   expect("\\windows\\system32",  false);
+
+   /* --- drive-letter prefixes -- must be rejected --- */
+   expect("C:\\evil",             false);
+   expect("c:/evil",              false);
+
+   /* --- Windows-style traversal -- must be rejected --- */
+   expect("..\\..\\windows",      false);
+   expect("foo\\..\\bar",         false);
+
+   /* --- empty / NULL -- must be rejected --- */
+   expect("",                     false);
+   expect(NULL,                   false);
+
+   if (failures)
+   {
+      printf("\n%d test(s) failed\n", failures);
+      return 1;
+   }
+   printf("\nAll archive_name_is_safe regression tests passed.\n");
+   return 0;
+}