Subject: Mysterious operations in sysimgblt.c and sysimgblt.c

Hello everybody,

I'm Igor, I'm participating in the Linux kernel mentorship program and
working to fix some bugs found by the syzbot. I'm currently working on
this bug below:

https://syzkaller.appspot.com/bug?id=071122e4f772c1ec834c7a6facc0b5058d215481

The bug consists of an out-of-bound access of an vmalloc vector at the
imageblit function.

At this moment, I'm trying to understand what is happening between the
IOCTL and the imageblit function. I tried to follow the commit history,
but even with the entire history, and after reading the code several
times, I have no clue why some operations are being done. Operations like:

Lines 148 and 177-180:
https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/bitblit.c#L148
Lines 251-256:
https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/sysimgblt.c#L251
Line 190:
https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/sysimgblt.c#L190

Anyone know/remember what these operations are doing?

Thanks for your attention,
---
Igor M. A. Torrente