libxc: Question on kernel image unzipping

libxc: Question on kernel image unzipping

[Andreas Sommer]

[-- Attachment #1.1: Type: text/plain, Size: 1340 bytes --]

Hi,

libxc contains the following function which is used when uncompressing 
zipped kernel images:

/* 
------------------------------------------------------------------------ */
/* read files, copy memory blocks, with transparent 
gunzip                  */

size_t xc_dom_check_gzip(void *blob, size_t ziplen)
{
    unsigned char *gzlen;
    size_t unziplen;

    if ( strncmp(blob, "\037\213", 2) )
        /* not gzipped */
        return 0;

    gzlen = blob + ziplen - 4;
    unziplen = gzlen[3] << 24 | gzlen[2] << 16 | gzlen[1] << 8 | gzlen[0];
    if ( (unziplen < 0) || (unziplen > (1024*1024*1024)) ) /* 1GB limit */
    {
        xc_dom_printf
            ("%s: size (zip %zd, unzip %zd) looks insane, skip gunzip\n",
             __FUNCTION__, ziplen, unziplen);
        return 0;
    }

    return unziplen + 16;
}


The returned unziplen+16 is used for the size of the destination buffer 
given to inflate. But it is then also written to the kernel_size 
attribute of the xc_dom_image struct. Hence kernel_size does not contain 
the uncompressed kernel size but that /plus/ 16.
So why do you always add 16 bytes to the *real* uncompressed kernel 
size?? That doesn't make much sense to me but I need to know it because 
it is related to my current work.

Thanks in advance.

P.S.: Anybody heard of "code documentation"? ;-)

[-- Attachment #1.2: Type: text/html, Size: 2241 bytes --]

[-- Attachment #2: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Re: libxc: Question on kernel image unzipping

[Keir Fraser]

On 09/07/2009 13:34, "Andreas Sommer" <AndiDog@web.de> wrote:

> libxc contains the following function which is used when uncompressing zipped
> kernel images:
> size_t xc_dom_check_gzip(void *blob, size_t ziplen)
> {
>     ...
>     return unziplen + 16;
> }
> The returned unziplen+16 is used for the size of the destination buffer given
> to inflate. But it is then also written to the kernel_size attribute of the
> xc_dom_image struct. Hence kernel_size does not contain the uncompressed
> kernel size but that plus 16.
> So why do you always add 16 bytes to the real uncompressed kernel size?? That
> doesn't make much sense to me but I need to know it because it is related to
> my current work.

Gerd Hoffman would be the person to ask. The +16 doesn't appear to me to
have any purpose.

 -- Keir

Re: libxc: Question on kernel image unzipping

[Gerd Hoffmann]

On 07/09/09 15:53, Keir Fraser wrote:
> On 09/07/2009 13:34, "Andreas Sommer"<AndiDog@web.de>  wrote:
>
>> libxc contains the following function which is used when uncompressing zipped
>> kernel images:
>> size_t xc_dom_check_gzip(void *blob, size_t ziplen)
>> {
>>      ...
>>      return unziplen + 16;
>> }
>> The returned unziplen+16 is used for the size of the destination buffer given
>> to inflate. But it is then also written to the kernel_size attribute of the
>> xc_dom_image struct. Hence kernel_size does not contain the uncompressed
>> kernel size but that plus 16.
>> So why do you always add 16 bytes to the real uncompressed kernel size?? That
>> doesn't make much sense to me but I need to know it because it is related to
>> my current work.
>
> Gerd Hoffman would be the person to ask. The +16 doesn't appear to me to
> have any purpose.

Oh, has been quite a while.  IIRC that is related to zlib needing some 
extra space.  So I *think* you can drop it there to get a correct 
kernel_size, but then you'll have to care somewhere else (probably when 
allocating the unzip target buffer) about the 16 extra bytes to make 
sure zlib doesn't overrun the buffer.

But better double-check that ...

cheers,
   Gerd