On Wed Aug 21 14:31:34 2024 +0300, Karina Yankevich wrote:
> In v4l2_detect_gtf(), it seems safer to cast the 32-bit image_width
> variable to the 64-bit type u64 before multiplying to avoid
> a possible overflow. The resulting object code even seems to
> look better, at least on x86_64.
> 
> Found by Linux Verification Center (linuxtesting.org) with Svace.
> 
> [Sergey: rewrote the patch subject/descripition]
> 
> Fixes: c9bc9f50753d ("[media] v4l2-dv-timings: fix overflow in gtf timings 
> calculation")
> Cc: sta...@vger.kernel.org
> Signed-off-by: Karina Yankevich <k.yankev...@omp.ru>
> Signed-off-by: Sergey Shtylyov <s.shtyl...@omp.ru>
> Signed-off-by: Hans Verkuil <hverk...@xs4all.nl>

Patch committed.

Thanks,
Hans Verkuil

 drivers/media/v4l2-core/v4l2-dv-timings.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

---

diff --git a/drivers/media/v4l2-core/v4l2-dv-timings.c 
b/drivers/media/v4l2-core/v4l2-dv-timings.c
index 6361e11d2be7..7710cb26bea0 100644
--- a/drivers/media/v4l2-core/v4l2-dv-timings.c
+++ b/drivers/media/v4l2-core/v4l2-dv-timings.c
@@ -764,7 +764,7 @@ bool v4l2_detect_gtf(unsigned int frame_height,
                u64 num;
                u32 den;
 
-               num = ((image_width * GTF_D_C_PRIME * (u64)hfreq) -
+               num = (((u64)image_width * GTF_D_C_PRIME * hfreq) -
                      ((u64)image_width * GTF_D_M_PRIME * 1000));
                den = (hfreq * (100 - GTF_D_C_PRIME) + GTF_D_M_PRIME * 1000) *
                      (2 * GTF_CELL_GRAN);
@@ -774,7 +774,7 @@ bool v4l2_detect_gtf(unsigned int frame_height,
                u64 num;
                u32 den;
 
-               num = ((image_width * GTF_S_C_PRIME * (u64)hfreq) -
+               num = (((u64)image_width * GTF_S_C_PRIME * hfreq) -
                      ((u64)image_width * GTF_S_M_PRIME * 1000));
                den = (hfreq * (100 - GTF_S_C_PRIME) + GTF_S_M_PRIME * 1000) *
                      (2 * GTF_CELL_GRAN);

Reply via email to