From 50fb6f8c0220025b36ddfbff56f98e34985af638 Mon Sep 17 00:00:00 2001 From: Marek Vasut Date: Sat, 9 Dec 2023 16:24:22 +0100 Subject: [PATCH] av1decoder: Fix multiplication wraparound The GstAV1Picture system_frame_number is guint32, constant 1000 is guint32, GstV4l2CodecAV1Dec v4l2_av1_frame.*_frame_ts multiplication result is u64 . ``` u64 result = (u32)((u32)system_frame_number * (u32)1000); ``` behaves the same as ``` u64 result = (u32)(((u32)system_frame_number * (u32)1000) & 0xffffffff); ``` so in case `system_frame_number > 4294967295 / 1000`, the `result` will wrap around. Since the `result` is really used as a cookie used to look up V4L2 buffers related to the currently decoded frame, this wraparound leads to visible corruption during AV1 decoding. At 30 FPS this occurs after cca. 40 hours of playback . Fix this by changing the 1000 from u32 to u64, i.e.: ``` u64 result = (u64)((u32)system_frame_number * (u64)1000ULL); ``` this way, the wraparound is prevented and the correct cookie is used. Part-of: --- subprojects/gst-plugins-bad/sys/v4l2codecs/gstv4l2codecav1dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/subprojects/gst-plugins-bad/sys/v4l2codecs/gstv4l2codecav1dec.c b/subprojects/gst-plugins-bad/sys/v4l2codecs/gstv4l2codecav1dec.c index ea8ebb1b4d..b107afac80 100644 --- a/subprojects/gst-plugins-bad/sys/v4l2codecs/gstv4l2codecav1dec.c +++ b/subprojects/gst-plugins-bad/sys/v4l2codecs/gstv4l2codecav1dec.c @@ -547,7 +547,7 @@ gst_v4l2_codec_av1_fill_refs (GstV4l2CodecAV1Dec * self, /* the decoder might not have filled all slots in the first few frames */ self->v4l2_frame.reference_frame_ts[i] = - ref_pic ? GST_CODEC_PICTURE_FRAME_NUMBER (ref_pic) * 1000 : 0; + ref_pic ? GST_CODEC_PICTURE_FRAME_NUMBER (ref_pic) * G_GUINT64_CONSTANT (1000) : 0; } memcpy (self->v4l2_frame.ref_frame_idx, frame_hdr->ref_frame_idx,