Comment 92 for bug 2059809

The virtual_size is _in_ the footer, because the footer is just the header format at the end, but I don't see any potential sane situation where the footer could redefine the virtual_size to be a different value, especially for its intended purpose, which is making the format easier for streaming workloads. However, it doesn't really matter since the virtual_size is generally just informative. What does matter is the content of the descriptor region, which I also don't think makes sense to redefine for a streaming scenario, where you can't go back and read the descriptor from a different location in a stream you can't seek. The spec contains no useful language (that I see) that clarifies how to handle the situation. Yes, qemu blindly uses the footer instead of the header (admittedly as the spec says it should), if present.

It's for these reasons that the current version of the patch just rejects an image with a footer. Even if we captured the footer, we'd have to reject the image if the footer contained a different pointer to the descriptor which would have already passed through without our ability to capture and read it.