From: Jacopo Mondi <jacopo.mondi@ideasonboard.com>
To: David CARLIER <devnexen@gmail.com>
Cc: Jacopo Mondi <jacopo.mondi@ideasonboard.com>,
Daniel Scally <dan.scally@ideasonboard.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Hans Verkuil <hverkuil+cisco@kernel.org>,
Nayden Kanchev <nayden.kanchev@arm.com>,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH v2] media: mali-c55: fix integer overflow in scaler factor calculation
Date: Tue, 2 Jun 2026 12:18:23 +0200 [thread overview]
Message-ID: <ah6seVCMzk0JODrf@zed> (raw)
In-Reply-To: <CA+XhMqyhpn0kHgz=i9WUS+1rFN4kWW3DpUYubBN1k-qcKo+RpQ@mail.gmail.com>
Hi David
On Sat, May 30, 2026 at 11:02:40AM +0100, David CARLIER wrote:
> Hi Jacopo,
>
> On Sat, May 30, 2026 at 10:55:59AM +0200, Jacopo Mondi wrote:
> > Have you hit this issue ?
>
> Not on hardware, I found it by code analysis. The sink format is clamped to
> 8192 and crop is clamped against the sink, so crop->width can reach
> 4096+, where (crop << 20) overflows 32 bits before landing in the u64.
> I don't have a >=4096 source to reproduce on, but it's provable from the
> operand widths and the clamp. UHD (3840) is just under; 4096 gives a
> zero increment, wider values a garbage one.
>
> > Could we maybe first do the crop/scale division and then do the Q4.20
> > conversion ? We could maybe save the below do_div() [...]
>
> I don't think we can - dividing first loses the fraction the Q4.20
> factor is there to keep. E.g. crop=4096, scale=1920:
>
> correct: 4096 * 2^20 / 1920 = 2236962 (~2.133)
> divide-first: (4096 / 1920) << 20 = 2097152 (2.0) -> ~6.7% off
>
> So the multiply has to come first, and that pushes the numerator up to
> 8192 * 2^20 = 2^33, which needs a 64-bit divide either way. BIT_ULL()
> just does the existing multiply in 64-bit. Happy to switch do_div() to
> div_u64() if you prefer, but that's orthogonal.
Oh yes you're right, I think using ULL is certainly better.
Reviewed-by: Jacopo Mondi <jacopo.mondi@ideasonboard.com>
Thanks
j
>
> Cheers !
prev parent reply other threads:[~2026-06-02 10:18 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-29 2:44 [PATCH] media: mali-c55: fix integer overflow in scaler factor calculation David Carlier
2026-05-29 5:06 ` [PATCH v2] " David Carlier
2026-05-30 8:55 ` Jacopo Mondi
2026-05-30 10:02 ` David CARLIER
2026-06-02 10:18 ` Jacopo Mondi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ah6seVCMzk0JODrf@zed \
--to=jacopo.mondi@ideasonboard.com \
--cc=dan.scally@ideasonboard.com \
--cc=devnexen@gmail.com \
--cc=hverkuil+cisco@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=nayden.kanchev@arm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.