Re: [syzbot] KASAN: vmalloc-out-of-bounds Write in imageblit (2)
From: Khalid Masum
Date:  Mon Aug 01 2022 - 11:42:39 EST
#syz test: https://github.com/torvalds/linux.git 3d7cb6b04c3f
---
 drivers/video/fbdev/core/fbcon.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c
index 1a9aa12cf886..d026f3845b60 100644
--- a/drivers/video/fbdev/core/fbcon.c
+++ b/drivers/video/fbdev/core/fbcon.c
@@ -2591,14 +2591,13 @@ static unsigned long fbcon_getxy(struct vc_data *vc, unsigned long pos,
 {
 	unsigned long ret;
 	int x, y;
+	unsigned long offset = (pos - vc->vc_origin) / 2;
+	x = offset % vc->vc_cols;
+	y = offset / vc->vc_cols;
+	ret = pos + (vc->vc_cols - x) * 2;
 
-	if (pos >= vc->vc_origin && pos < vc->vc_scr_end) {
-		unsigned long offset = (pos - vc->vc_origin) / 2;
-
-		x = offset % vc->vc_cols;
-		y = offset / vc->vc_cols;
-		ret = pos + (vc->vc_cols - x) * 2;
-	} else {
+	if (pos < vc->vc_origin || pos >= vc->vc_scr_end ||
+	                           ret >= vc->vc_scr_end) {
 		/* Should not happen */
 		x = y = 0;
 		ret = vc->vc_origin;
-- 
2.36.1