PHP :: Bug #75514 :: mt_rand returns value outside [$min,$max]+ on 32-bit

Bug #75514	mt_rand returns value outside [$min,$max]+ on 32-bit
Submitted:	2017-11-13 08:13 UTC	Modified:	2017-11-13 08:53 UTC
From:	remi@php.net	Assigned:	remi (profile)
Status:	Closed	Package:	*General Issues
PHP Version:	7.1.11	OS:	32-bit
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	remi@php.net
New email:
PHP Version:		OS:

New Comment:

[2017-11-13 08:13 UTC] remi@php.net

Description:
------------
Notice this affects on 32-bit build

Test script:
---------------
php -r 'mt_srand(0, MT_RAND_PHP); var_dump(mt_rand(0,999999999), mt_rand(0,999));'

Expected result:
----------------
# On 64-bit build, this is ok
int(448865905)
int(592)


Actual result:
--------------
int(448865905)
int(-407)   # out of range

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2017-11-13 08:19 UTC] remi@php.net

-PHP Version: 7.2.0RC6 +PHP Version: 7.1.11

[2017-11-13 08:19 UTC] remi@php.net

7.1 is also affected

[2017-11-13 08:44 UTC] remi@php.net

-Assigned To: +Assigned To: remi

[2017-11-13 08:45 UTC] remi@php.net

Possible fix

diff --git a/ext/standard/mt_rand.c b/ext/standard/mt_rand.c
index 2335a92..6669cbc 100644
--- a/ext/standard/mt_rand.c
+++ b/ext/standard/mt_rand.c
@@ -294,7 +294,7 @@ PHPAPI zend_long php_mt_rand_range(zend_long min, zend_long max)
  * rand() allows min > max, mt_rand does not */
 PHPAPI zend_long php_mt_rand_common(zend_long min, zend_long max)
 {
-	zend_long n;
+	uint32_t n;
 
 	if (BG(mt_rand_mode) == MT_RAND_MT19937) {
 		return php_mt_rand_range(min, max);
@@ -302,7 +302,7 @@ PHPAPI zend_long php_mt_rand_common(zend_long min, zend_long max)
 
 	/* Legacy mode deliberately not inside php_mt_rand_range()
 	 * to prevent other functions being affected */
-	n = (zend_long)php_mt_rand() >> 1;
+	n = php_mt_rand() >> 1;
 	RAND_RANGE_BADSCALING(n, min, max, PHP_MT_RAND_MAX);
 
 	return n;

[2017-11-13 08:53 UTC] remi@php.net

-Summary: mt_rand returns value outside [$min,$max]+ +Summary: mt_rand returns value outside [$min,$max]+ on 32-bit

[2017-11-13 09:23 UTC] remi@php.net

Automatic comment on behalf of remi@remirepo.net
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e704e1e8c25ff726e7c890cce20fb932210737b7
Log: Fixed bug #75514 mt_rand returns value outside [$min,$max]+ on 32-bit

[2017-11-13 09:23 UTC] remi@php.net

-Status: Assigned +Status: Closed

[2017-11-28 16:52 UTC] remi@php.net

Previous fix introduce a regression for 64-bit

Reverted and fix differently
http://git.php.net/?p=php-src.git;a=commitdiff;h=2b071028973782ed87e7038e56d47e9897be804a

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Nov 22 06:01:30 2024 UTC