On Sat, May 21, 2016 at 10:52 AM, Pedro F. Giffuni <p...@freebsd.org> wrote: > Author: pfg > Date: Sat May 21 17:52:44 2016 > New Revision: 300377 > URL: https://svnweb.freebsd.org/changeset/base/300377 > > Log: > ndis(4): Avoid overflow. > > This is a long standing problem: our random() function returns an > unsigned integer but the rand provided by ndis(4) returns an int. > Scale it down. > > MFC after: 2 weeks > > Modified: > head/sys/compat/ndis/subr_ntoskrnl.c > > Modified: head/sys/compat/ndis/subr_ntoskrnl.c > ============================================================================== > --- head/sys/compat/ndis/subr_ntoskrnl.c Sat May 21 17:38:43 2016 > (r300376) > +++ head/sys/compat/ndis/subr_ntoskrnl.c Sat May 21 17:52:44 2016 > (r300377) > @@ -3189,7 +3189,7 @@ static int > rand(void) > { > > - return (random()); > + return (random() / 2 + 1); > } > > static void >
Won't this still return a negative integer in many cases? random(9) returns u_long, whereas this rand() routine returns 'int'. Even on architectures where long is the same size as ordinary integers, the range of possible results of the 'random() / 2 + 1' expression, before implicit cast to signed, is [1, 2^31] (inclusive). 2^31 is not representable by typical signed 32-bit integers, so this will wrap to INT_MIN. Also, I'm not sure why zero is excluded from the range. On architectures where long is larger than ordinary integers, this expression has no hope of fitting in the non-negative range of a signed integer. Why not instead: return ((u_int)random() / 2); Best, Conrad _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
