Hello everybody,

I'm Igor, I'm participating in the Linux kernel mentorship program and working to fix some bugs found by the syzbot. I'm currently working on this bug below:

https://syzkaller.appspot.com/bug?id=071122e4f772c1ec834c7a6facc0b5058d21548...

The bug consists of an out-of-bound access of an vmalloc vector at the imageblit function.

At this moment, I'm trying to understand what is happening between the IOCTL and the imageblit function. I tried to follow the commit history, but even with the entire history, and after reading the code several times, I have no clue why some operations are being done. Operations like:

Lines 148 and 177-180: https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/b... Lines 251-256: https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/s... Line 190: https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/s...

Anyone know/remember what these operations are doing?

Thanks for your attention, --- Igor M. A. Torrente