PHP :: Bug #72784 :: BC break in rand(): throws warning in 7.1 and returns FALSE for max-min range

Bug #72784	BC break in rand(): throws warning in 7.1 and returns FALSE for max-min range
Submitted:	2016-08-08 15:13 UTC	Modified:	2016-08-10 22:41 UTC
From:	bugs dot php dot net at majkl578 dot cz	Assigned:	leigh (profile)
Status:	Closed	Package:	Math related
PHP Version:	7.1.0beta2	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	bugs dot php dot net at majkl578 dot cz
New email:
PHP Version:		OS:

New Comment:

[2016-08-08 15:13 UTC] bugs dot php dot net at majkl578 dot cz

Description:
------------
When rand() is given parameters in the reverse order - max first, min second, it now throws warning and returns FALSE. In all previous PHP versions it did not return any warning and returned the a number from the range.

This is especially tricky in scripts where rand() is supplied arguments from variable, it'd be now required to write rand(min($a, $b), max($a, $b)) instead of just rand($a, $b).

Although I understand the reasoning behind requiring specific order, returning FALSE is a BC break and should not be introduced in 7.x (warning is IMHO fine though).

Test script:
---------------
var_dump(rand(5, 1));

Expected result:
----------------
int(N)

Actual result:
--------------
Warning: rand(): max(1) is smaller than min(5) ...
bool(false)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2016-08-08 15:34 UTC] cmb@php.net

-Assigned To: +Assigned To: leigh

[2016-08-08 15:34 UTC] cmb@php.net

Confirmed: <https://3v4l.org/l7i5e>.

There have been several fixes to rand() et. al. which have been
proprosed as on voted upon in
<https://wiki.php.net/rfc/rng_fixes>.

I'm not sure whether this change was desired, or just by accident.
Leigh?

[2016-08-08 16:08 UTC] leigh@php.net

This will be a side effect of rand() now being an alias of mt_rand(). So unfortunately both accidental and intentional.

I think the easiest course of action is to relax the strict min/max ordering on mt_rand().

[2016-08-08 20:43 UTC] cmb@php.net

> I think the easiest course of action is to relax the strict
> min/max ordering on mt_rand().

I wouldn't want this lax behavior in the long run, though. Maybe
allowing it for now with a deprecation notice would be okay.
Probably some discussion on internals is appropriate.

[2016-08-08 21:21 UTC] leigh@php.net

For now I've allowed min > max but kept the warning. I'll ping internals too.

[2016-08-10 11:28 UTC] mbeccati@php.net

Also, see: https://bugs.php.net/bug.php?id=46587

[2016-08-10 22:41 UTC] leigh@php.net

-Status: Assigned +Status: Closed

[2016-08-10 22:41 UTC] leigh@php.net

Behaviour restored by commit 9a9004318fa3a5b2c2c3c4a4fafed9ad4767df4a

rand() is relaxed
mt_rand() is strict

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Wed Nov 27 07:01:27 2024 UTC