Hello everybody,
I'm Igor, I'm participating in the Linux kernel mentorship program and
working to fix some bugs found by the syzbot. I'm currently working on
this bug below:
https://syzkaller.appspot.com/bug?id=071122e4f772c1ec834c7a6facc0b5058d215481
The bug consists of an out-of-bound access of an vmalloc vector at the
imageblit function.
At this moment, I'm trying to understand what is happening between the
IOCTL and the imageblit function. I tried to follow the commit history,
but even with the entire history, and after reading the code several
times, I have no clue why some operations are being done. Operations like:
Lines 148 and 177-180:
https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/bitblit.c#L148
Lines 251-256:
https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/sysimgblt.c#L251
Line 190:
https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/sysimgblt.c#L190
Anyone know/remember what these operations are doing?
Thanks for your attention,
---
Igor M. A. Torrente