Skip to content

vp8decoder: vp9decoder: av1decoder: mpeg2decoder: Fix multiplication wraparound , h264decoder: h265decoder: Align with wraparound fix

Marek Vasut requested to merge marex/gstreamer:v4l2-decoder-wraparound into main

The GstVp8Picture system_frame_number is guint32, constant 1000 is guint32, GstV4l2CodecVp8Dec v4l2_vp8_frame.*_frame_ts multiplication result is u64 .

u64 result = (u32)((u32)system_frame_number * (u32)1000);

behaves the same as

u64 result = (u32)(((u32)system_frame_number * (u32)1000) & 0xffffffff);

so in case system_frame_number > 4294967295 / 1000, the result will wrap around. Since the result is really used as a cookie used to look up V4L2 buffers related to the currently decoded frame, this wraparound leads to visible corruption during VP8 decoding. At 30 FPS this occurs after cca. 40 hours of playback .

Fix this by changing the 1000 from u32 to u64, i.e.:

u64 result = (u64)((u32)system_frame_number * (u64)1000ULL);

this way, the wraparound is prevented and the correct cookie is used.

The same applies to VP9, AV1, MPEG2 . Align H264 and H265 decoder code with this fix.

Merge request reports