Mysterious operations in sysimgblt.c and sysimgblt.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello everybody,

I'm Igor, I'm participating in the Linux kernel mentorship program and working to fix some bugs found by the syzbot. I'm currently working on this bug below:

https://syzkaller.appspot.com/bug?id=071122e4f772c1ec834c7a6facc0b5058d215481

The bug consists of an out-of-bound access of an vmalloc vector at the imageblit function.

At this moment, I'm trying to understand what is happening between the IOCTL and the imageblit function. I tried to follow the commit history, but even with the entire history, and after reading the code several times, I have no clue why some operations are being done. Operations like:

Lines 148 and 177-180: https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/bitblit.c#L148 Lines 251-256: https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/sysimgblt.c#L251 Line 190: https://elixir.bootlin.com/linux/v5.13-rc1/source/drivers/video/fbdev/core/sysimgblt.c#L190

Anyone know/remember what these operations are doing?

Thanks for your attention,
---
Igor M. A. Torrente



[Index of Archives]     [Linux DRI Users]     [Linux Intel Graphics]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]
  Powered by Linux