Re: recent coverity and rand

2014-10-07 Thread Kohei Yoshida
On Tue, 2014-10-07 at 10:18 +0300, Tor Lillqvist wrote: > The problem was that it called > comphelper::rng::uniform_real_distribution() with two equal arguments, > which is invalid use of that API, and causes the current > implementation to get stuck in a loop in the boost code. (I didn't > bothe

Re: recent coverity and rand

2014-10-07 Thread Tor Lillqvist
> FYI, this change > > double random(double min, double max) > { > -return floor(((double)rand() / ((unsigned int)RAND_MAX + 1)) * (max - > min + 1) + min); > +return comphelper::rng::uniform_real_distribution(min, max); > } > > in sc/source/core/opencl/opencl_device.cxx has made the ope

Re: recent coverity and rand

2014-10-06 Thread Kohei Yoshida
On Thu, 2014-10-02 at 16:44 +0100, Caolán McNamara wrote: > The latest coverity has taken a dislike to "rand" and we've a big block > of cids, cid#1242372 to cid#1242410 now marked with > static_checker_DC.WEAK_CRYPTO "Don't call". > > We have our own random pool stuff in sal, is there a drop in r

Re: recent coverity and rand

2014-10-04 Thread Norbert Thiebaud
On Sat, Oct 4, 2014 at 3:23 PM, Caolán McNamara wrote: > On Thu, 2014-10-02 at 23:35 +0200, Michael Stahl wrote: >> * direct usage of boost::random for fancy distributions in Calc, >> sc/source/ui/StatisticsDialogs/RandomNumberGeneratorDialog.cxx >> >> * include/comphelper/random.hxx: >> doubl

Re: recent coverity and rand

2014-10-04 Thread Caolán McNamara
On Thu, 2014-10-02 at 23:35 +0200, Michael Stahl wrote: > * direct usage of boost::random for fancy distributions in Calc, > sc/source/ui/StatisticsDialogs/RandomNumberGeneratorDialog.cxx > > * include/comphelper/random.hxx: > double uniform() function with [0,1) range > implemented with boo

Re: recent coverity and rand

2014-10-02 Thread Michael Stahl
On 02/10/14 17:44, Caolán McNamara wrote: > The latest coverity has taken a dislike to "rand" and we've a big block > of cids, cid#1242372 to cid#1242410 now marked with > static_checker_DC.WEAK_CRYPTO "Don't call". there were definitely bad implementations of standard C library random functions;

recent coverity and rand

2014-10-02 Thread Caolán McNamara
The latest coverity has taken a dislike to "rand" and we've a big block of cids, cid#1242372 to cid#1242410 now marked with static_checker_DC.WEAK_CRYPTO "Don't call". We have our own random pool stuff in sal, is there a drop in replacement for rand in there somewhere or a common pattern we could