xen: Fix parsing of XZ kernel.

In case of xz, the uncompressed size is appended to xz data which confuses
our xz decompressor. Trim it.

grub-core/loader/i386/xen_file.c

@@ -20,12 +20,16 @@
 #include <grub/i386/linux.h>
 #include <grub/misc.h>
 
+#define XZ_MAGIC "\3757zXZ\0"
+
 grub_elf_t
 grub_xen_file (grub_file_t file)
 {
   grub_elf_t elf;
   struct linux_kernel_header lh;
   grub_file_t off_file;
+  grub_uint32_t payload_offset, payload_length;
+  grub_uint8_t magic[6];
 
   elf = grub_elf_file (file, file->name);
   if (elf)
@@ -46,20 +50,36 @@ grub_xen_file (grub_file_t file)
       return NULL;
     }
 
-  if (lh.payload_length < 4)
+  payload_length = lh.payload_length;
+  payload_offset = (lh.setup_sects + 1) * 512
+    + lh.payload_offset;
+
+  if (payload_length < sizeof (magic))
     {
       grub_error (GRUB_ERR_BAD_OS, "payload too short");
       return NULL;
     }
 
   grub_dprintf ("xen", "found bzimage payload 0x%llx-0x%llx\n",
-		(unsigned long long) (lh.setup_sects + 1) * 512
+		(unsigned long long) payload_offset,
-		+ lh.payload_offset,
 		(unsigned long long) lh.payload_length);
 
-  off_file = grub_file_offset_open (file, (lh.setup_sects + 1) * 512
+  grub_file_seek (file, payload_offset);
-				    + lh.payload_offset,
+
-				    lh.payload_length);
+  if (grub_file_read (file, &magic, sizeof (magic)) != sizeof (magic))
+    {
+      if (!grub_errno)
+	grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
+		    file->name);
+      goto fail;
+    }
+
+  /* Kernel suffixes xz payload with their uncompressed size.
+     Trim it.  */
+  if (grub_memcmp (magic, XZ_MAGIC, sizeof (XZ_MAGIC) - 1) == 0)
+    payload_length -= 4;
+  off_file = grub_file_offset_open (file, payload_offset,
+				    payload_length);
   if (!off_file)
     goto fail;