I've noticed a very strange behavior on every recent firmware regarding record deletion. It periodically removes old mp4 even if there is a plenty of space. The root cause is in the math how they count free SD space and it's % compared to total space.
First of all there is a nice QWORD->DWORD conversion (uint overflow) when firmware counts total/free/available bytes:
(uint)((ulonglong)stack.f_bsize * (ulonglong)stack.f_blocks);
which, according to an unsigned overflow rule, literally comes to TotalBytes % 0x100000000 resulting wrong numbers in log when SD size > 4GB. It looks like a leftover from older versions and later in code they recalculate sizes in KB, so theoretically up to 4TB sizes should be supported, BUT:
Secondly, when a firmware decides whether to clean space or not it checks sizes in KB:
if ((0x32000 < (uint)FreeKB) && ((uint)TotalKB < (uint)FreeKB * 0x1e)) then return else delete
meaning 'run cleanup if less then either ~204MB or 1/30 left free' <- here is the issue.
obviously, (uint)FreeKB * 0x1e will overflow DWORD if FreeKB > 0x888888, or roughly 136GB, leaving a 4-byte register with only a little remainder, making the condition false and starting a records cleanup.
Since wyze has no feedback form or bug hunting, let's fix in this lib.
beaverdude
commented
3 years ago
https://github.com/HclX/WyzeHacks/blob/b5ce449d8c8171ed5976d071c250556f1d1eb34a/src/utils/libhacks.c#L73-L79 tl;dr please limit the SD card emulation to 128GB.
I've noticed a very strange behavior on every recent firmware regarding record deletion. It periodically removes old mp4 even if there is a plenty of space. The root cause is in the math how they count free SD space and it's % compared to total space. First of all there is a nice QWORD->DWORD conversion (uint overflow) when firmware counts total/free/available bytes:
(uint)((ulonglong)stack.f_bsize * (ulonglong)stack.f_blocks);which, according to an unsigned overflow rule, literally comes toTotalBytes % 0x100000000resulting wrong numbers in log when SD size > 4GB. It looks like a leftover from older versions and later in code they recalculate sizes in KB, so theoretically up to 4TB sizes should be supported, BUT: Secondly, when a firmware decides whether to clean space or not it checks sizes in KB:if ((0x32000 < (uint)FreeKB) && ((uint)TotalKB < (uint)FreeKB * 0x1e)) then return else deletemeaning 'run cleanup if less then either ~204MB or 1/30 left free' <- here is the issue. obviously,(uint)FreeKB * 0x1ewill overflow DWORD if FreeKB > 0x888888, or roughly 136GB, leaving a 4-byte register with only a little remainder, making the condition false and starting a records cleanup.Since wyze has no feedback form or bug hunting, let's fix in this lib.