From: Jacopo Mondi <jacopo.mondi@ideasonboard.com>
To: David CARLIER <devnexen@gmail.com>
Cc: Jacopo Mondi <jacopo.mondi@ideasonboard.com>,
Daniel Scally <dan.scally@ideasonboard.com>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Hans Verkuil <hverkuil+cisco@kernel.org>,
Nayden Kanchev <nayden.kanchev@arm.com>,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH v2] media: mali-c55: fix integer overflow in scaler factor calculation
Date: Tue, 2 Jun 2026 12:18:23 +0200 [thread overview]
Message-ID: <ah6seVCMzk0JODrf@zed> (raw)
In-Reply-To: <CA+XhMqyhpn0kHgz=i9WUS+1rFN4kWW3DpUYubBN1k-qcKo+RpQ@mail.gmail.com>
Hi David
On Sat, May 30, 2026 at 11:02:40AM +0100, David CARLIER wrote:
> Hi Jacopo,
>
> On Sat, May 30, 2026 at 10:55:59AM +0200, Jacopo Mondi wrote:
> > Have you hit this issue ?
>
> Not on hardware, I found it by code analysis. The sink format is clamped to
> 8192 and crop is clamped against the sink, so crop->width can reach
> 4096+, where (crop << 20) overflows 32 bits before landing in the u64.
> I don't have a >=4096 source to reproduce on, but it's provable from the
> operand widths and the clamp. UHD (3840) is just under; 4096 gives a
> zero increment, wider values a garbage one.
>
> > Could we maybe first do the crop/scale division and then do the Q4.20
> > conversion ? We could maybe save the below do_div() [...]
>
> I don't think we can - dividing first loses the fraction the Q4.20
> factor is there to keep. E.g. crop=4096, scale=1920:
>
> correct: 4096 * 2^20 / 1920 = 2236962 (~2.133)
> divide-first: (4096 / 1920) << 20 = 2097152 (2.0) -> ~6.7% off
>
> So the multiply has to come first, and that pushes the numerator up to
> 8192 * 2^20 = 2^33, which needs a 64-bit divide either way. BIT_ULL()
> just does the existing multiply in 64-bit. Happy to switch do_div() to
> div_u64() if you prefer, but that's orthogonal.
Oh yes you're right, I think using ULL is certainly better.
Reviewed-by: Jacopo Mondi <jacopo.mondi@ideasonboard.com>
Thanks
j
>
> Cheers !
prev parent reply other threads:[~2026-06-02 10:18 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-29 2:44 [PATCH] media: mali-c55: fix integer overflow in scaler factor calculation David Carlier
2026-05-29 5:06 ` [PATCH v2] " David Carlier
2026-05-30 8:55 ` Jacopo Mondi
2026-05-30 10:02 ` David CARLIER
2026-06-02 10:18 ` Jacopo Mondi [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ah6seVCMzk0JODrf@zed \
--to=jacopo.mondi@ideasonboard.com \
--cc=dan.scally@ideasonboard.com \
--cc=devnexen@gmail.com \
--cc=hverkuil+cisco@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=nayden.kanchev@arm.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox