Hi,

libxc contains the following function which is used when uncompressing 
zipped kernel images:

/* 
------------------------------------------------------------------------ */
/* read files, copy memory blocks, with transparent 
gunzip                  */

size_t xc_dom_check_gzip(void *blob, size_t ziplen)
{
    unsigned char *gzlen;
    size_t unziplen;

    if ( strncmp(blob, "\037\213", 2) )
        /* not gzipped */
        return 0;

    gzlen = blob + ziplen - 4;
    unziplen = gzlen[3] << 24 | gzlen[2] << 16 | gzlen[1] << 8 | gzlen[0];
    if ( (unziplen < 0) || (unziplen > (1024*1024*1024)) ) /* 1GB limit */
    {
        xc_dom_printf
            ("%s: size (zip %zd, unzip %zd) looks insane, skip gunzip\n",
             __FUNCTION__, ziplen, unziplen);
        return 0;
    }

    return unziplen + 16;
}


The returned unziplen+16 is used for the size of the destination buffer 
given to inflate. But it is then also written to the kernel_size 
attribute of the xc_dom_image struct. Hence kernel_size does not contain 
the uncompressed kernel size but that /plus/ 16.
So why do you always add 16 bytes to the *real* uncompressed kernel 
size?? That doesn't make much sense to me but I need to know it because 
it is related to my current work.

Thanks in advance.

P.S.: Anybody heard of "code documentation"? ;-)