Mysterious operations in sysimgblt.c and sysimgblt.c
Igor Torrente
igormtorrente at gmail.com
Fri May 14 14:11:57 UTC 2021
Hello everybody,
I'm Igor, I'm participating in the Linux kernel mentorship program and
working to fix some bugs found by the syzbot. I'm currently working on
this bug below:
https://syzkaller.appspot.com/bug?id=071122e4f772c1ec834c7a6facc0b5058d215481
The bug consists of an out-of-bound access of an vmalloc vector at the
imageblit function.
At this moment, I'm trying to understand what is happening between the
IOCTL and the imageblit function. I tried to follow the commit history,
but even with the entire history, and after reading the code several
times, I have no clue why some operations are being done. Operations like:
Lines 148 and 177-180:
https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/bitblit.c#L148
Lines 251-256:
https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/sysimgblt.c#L251
Line 190:
https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/sysimgblt.c#L190
Anyone know/remember what these operations are doing?
Thanks for your attention,
---
Igor M. A. Torrente
More information about the dri-devel
mailing list