php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #75514 mt_rand returns value outside [$min,$max]+ on 32-bit
Submitted: 2017-11-13 08:13 UTC Modified: 2017-11-13 08:53 UTC
From: remi@php.net Assigned: remi (profile)
Status: Closed Package: *General Issues
PHP Version: 7.1.11 OS: 32-bit
Private report: No CVE-ID: None
 [2017-11-13 08:13 UTC] remi@php.net
Description:
------------
Notice this affects on 32-bit build

Test script:
---------------
php -r 'mt_srand(0, MT_RAND_PHP); var_dump(mt_rand(0,999999999), mt_rand(0,999));'

Expected result:
----------------
# On 64-bit build, this is ok
int(448865905)
int(592)


Actual result:
--------------
int(448865905)
int(-407)   # out of range


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-11-13 08:19 UTC] remi@php.net
-PHP Version: 7.2.0RC6 +PHP Version: 7.1.11
 [2017-11-13 08:19 UTC] remi@php.net
7.1 is also affected
 [2017-11-13 08:44 UTC] remi@php.net
-Assigned To: +Assigned To: remi
 [2017-11-13 08:45 UTC] remi@php.net
Possible fix

diff --git a/ext/standard/mt_rand.c b/ext/standard/mt_rand.c
index 2335a92..6669cbc 100644
--- a/ext/standard/mt_rand.c
+++ b/ext/standard/mt_rand.c
@@ -294,7 +294,7 @@ PHPAPI zend_long php_mt_rand_range(zend_long min, zend_long max)
  * rand() allows min > max, mt_rand does not */
 PHPAPI zend_long php_mt_rand_common(zend_long min, zend_long max)
 {
-	zend_long n;
+	uint32_t n;
 
 	if (BG(mt_rand_mode) == MT_RAND_MT19937) {
 		return php_mt_rand_range(min, max);
@@ -302,7 +302,7 @@ PHPAPI zend_long php_mt_rand_common(zend_long min, zend_long max)
 
 	/* Legacy mode deliberately not inside php_mt_rand_range()
 	 * to prevent other functions being affected */
-	n = (zend_long)php_mt_rand() >> 1;
+	n = php_mt_rand() >> 1;
 	RAND_RANGE_BADSCALING(n, min, max, PHP_MT_RAND_MAX);
 
 	return n;
 [2017-11-13 08:53 UTC] remi@php.net
-Summary: mt_rand returns value outside [$min,$max]+ +Summary: mt_rand returns value outside [$min,$max]+ on 32-bit
 [2017-11-13 09:23 UTC] remi@php.net
Automatic comment on behalf of remi@remirepo.net
Revision: http://git.php.net/?p=php-src.git;a=commit;h=e704e1e8c25ff726e7c890cce20fb932210737b7
Log: Fixed bug #75514 mt_rand returns value outside [$min,$max]+ on 32-bit
 [2017-11-13 09:23 UTC] remi@php.net
-Status: Assigned +Status: Closed
 [2017-11-28 16:52 UTC] remi@php.net
Previous fix introduce a regression for 64-bit

Reverted and fix differently
http://git.php.net/?p=php-src.git;a=commitdiff;h=2b071028973782ed87e7038e56d47e9897be804a
 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Tue Jul 17 05:01:41 2018 UTC