vp9decoder: Fix multiplication wraparound

The GstVp9Picture system_frame_number is guint32, constant 1000 is guint32, GstV4l2CodecVp9Dec v4l2_vp9_frame.*_frame_ts multiplication result is u64 . ``` u64 result = (u32)((u32)system_frame_number * (u32)1000); ``` behaves the same as ``` u64 result = (u32)(((u32)system_frame_number * (u32)1000) & 0xffffffff); ``` so in case `system_frame_number > 4294967295 / 1000`, the `result` will wrap around. Since the `result` is really used as a cookie used to look up V4L2 buffers related to the currently decoded frame, this wraparound leads to visible corruption during VP9 decoding. At 30 FPS this occurs after cca. 40 hours of playback . Fix this by changing the 1000 from u32 to u64, i.e.: ``` u64 result = (u64)((u32)system_frame_number * (u64)1000ULL); ``` this way, the wraparound is prevented and the correct cookie is used. Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/5850>
2024-06-02 10:52:21 +00:00 · 2023-12-09 16:08:31 +01:00 · 2023-12-09 16:08:31 +01:00 · 763bf9fe62
parent bc56f7f9b7
commit 763bf9fe62
1 changed files with 6 additions and 3 deletions
--- a/subprojects/gst-plugins-bad/sys/v4l2codecs/gstv4l2codecvp9dec.c
+++ b/subprojects/gst-plugins-bad/sys/v4l2codecs/gstv4l2codecvp9dec.c
@ -273,17 +273,20 @@ gst_v4l2_codecs_vp9_dec_fill_refs (GstV4l2CodecVp9Dec * self,

  if (reference_frames && reference_frames->pic_list[h->ref_frame_idx[0]]) {
    ref_pic = reference_frames->pic_list[h->ref_frame_idx[0]];
-    self->v4l2_vp9_frame.last_frame_ts = ref_pic->system_frame_number * 1000;
+    self->v4l2_vp9_frame.last_frame_ts =
+        ref_pic->system_frame_number * G_GUINT64_CONSTANT (1000);
  }

  if (reference_frames && reference_frames->pic_list[h->ref_frame_idx[1]]) {
    ref_pic = reference_frames->pic_list[h->ref_frame_idx[1]];
-    self->v4l2_vp9_frame.golden_frame_ts = ref_pic->system_frame_number * 1000;
+    self->v4l2_vp9_frame.golden_frame_ts =
+        ref_pic->system_frame_number * G_GUINT64_CONSTANT (1000);
  }

  if (reference_frames && reference_frames->pic_list[h->ref_frame_idx[2]]) {
    ref_pic = reference_frames->pic_list[h->ref_frame_idx[2]];
-    self->v4l2_vp9_frame.alt_frame_ts = ref_pic->system_frame_number * 1000;
+    self->v4l2_vp9_frame.alt_frame_ts =
+        ref_pic->system_frame_number * G_GUINT64_CONSTANT (1000);
  }
 }