php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #72784 BC break in rand(): throws warning in 7.1 and returns FALSE for max-min range
Submitted: 2016-08-08 15:13 UTC Modified: 2016-08-10 22:41 UTC
From: bugs dot php dot net at majkl578 dot cz Assigned: leigh (profile)
Status: Closed Package: Math related
PHP Version: 7.1.0beta2 OS:
Private report: No CVE-ID: None
 [2016-08-08 15:13 UTC] bugs dot php dot net at majkl578 dot cz
Description:
------------
When rand() is given parameters in the reverse order - max first, min second, it now throws warning and returns FALSE. In all previous PHP versions it did not return any warning and returned the a number from the range.

This is especially tricky in scripts where rand() is supplied arguments from variable, it'd be now required to write rand(min($a, $b), max($a, $b)) instead of just rand($a, $b).

Although I understand the reasoning behind requiring specific order, returning FALSE is a BC break and should not be introduced in 7.x (warning is IMHO fine though).

Test script:
---------------
var_dump(rand(5, 1));

Expected result:
----------------
int(N)

Actual result:
--------------
Warning: rand(): max(1) is smaller than min(5) ...
bool(false)

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2016-08-08 15:34 UTC] cmb@php.net
-Assigned To: +Assigned To: leigh
 [2016-08-08 15:34 UTC] cmb@php.net
Confirmed: <https://3v4l.org/l7i5e>.

There have been several fixes to rand() et. al. which have been
proprosed as on voted upon in
<https://wiki.php.net/rfc/rng_fixes>.

I'm not sure whether this change was desired, or just by accident.
Leigh?
 [2016-08-08 16:08 UTC] leigh@php.net
This will be a side effect of rand() now being an alias of mt_rand(). So unfortunately both accidental and intentional.

I think the easiest course of action is to relax the strict min/max ordering on mt_rand().
 [2016-08-08 20:43 UTC] cmb@php.net
> I think the easiest course of action is to relax the strict
> min/max ordering on mt_rand().

I wouldn't want this lax behavior in the long run, though. Maybe
allowing it for now with a deprecation notice would be okay.
Probably some discussion on internals is appropriate.
 [2016-08-08 21:21 UTC] leigh@php.net
For now I've allowed min > max but kept the warning. I'll ping internals too.
 [2016-08-10 22:41 UTC] leigh@php.net
-Status: Assigned +Status: Closed
 [2016-08-10 22:41 UTC] leigh@php.net
Behaviour restored by commit 9a9004318fa3a5b2c2c3c4a4fafed9ad4767df4a

rand() is relaxed
mt_rand() is strict
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Mon Dec 05 05:05:53 2022 UTC