php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46587 mt_/rand produce out of range numbers when min = 0 and max > get_randmax
Submitted: 2008-11-17 02:50 UTC Modified: 2010-11-23 14:09 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: atomo64 at gmail dot com Assigned: iliaa
Status: Closed Package: Math related
PHP Version: 5.2.6 OS: Debian sid
Private report: No CVE-ID:
 [2008-11-17 02:50 UTC] atomo64 at gmail dot com
Description:
------------
Whenever min is set to 0 and max is set to anything greater than 
getrandmax (or the mt_ version) the returned PRN is always (despite 
the upper limit check in the example code) a number minor than 0.

Reproduce code:
---------------
define("UL", mt_getrandmax()+1000);
$r=mt_rand(0, UL);
if ($r < 0 || $r > UL)
echo "Random value out of range\n";

Expected result:
----------------
No output

Actual result:
--------------
Random value out of range

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-09 14:06 UTC] mmcnickle at gmail dot com
The problem is that there is an integer overflow on UL:

------------
<?php
define('UL',mt_getrandmax() + 1000);
var_dump(UL, (int)UL);
------------

will produce
------------
float(2147484647)
int(-2147482649)
------------

The $min and $max parameter names on mt_rand() (and rand()) are misleading, as $min can be larger than $max and mt_rand will produce a correct value between $min and $max.

In the bug example, the expected result is returned: a random value between -2147482649 and 0.

If you want to change the integer overflow behaviour, it would be best to do a check using mt_getrandmax() in the PHP code:

<?php
$max = mt_getrandmax() + 1000;

if ($max > mt_getrandmax()) {
    $max = mt_getrandmax();
}
$r = mt_rand(0, $max); // $r is now a number between 0 and mt_getrandmax()
 [2010-11-23 14:09 UTC] iliaa@php.net
Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=305692
Log: Fixed bug #46587 (mt_rand() does not check that max is greater than min).
 [2010-11-23 14:09 UTC] iliaa@php.net
-Status: Assigned +Status: Closed -Assigned To: pajoye +Assigned To: iliaa
 [2010-11-23 14:09 UTC] iliaa@php.net
This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2010-11-25 17:44 UTC] cataphract@php.net
Automatic comment from SVN on behalf of cataphract
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=305754
Log: - Fixed bug #53403 (use of unitialized values). Fixes the fix for bug #46587.
- Added test for bug #46587.
 [2011-01-27 13:50 UTC] belov1985 at gmail dot com
Arr.. I use this feature five years!! ]:->

mt_rand(0, 10) - works, but mt_rand(10, 0) - why no? it's great, that there is no need to check min & max...

WBR, Konstantin
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Fri Apr 18 08:02:55 2014 UTC