Home Original page

PHP :: Bug #46587 :: mt_/rand produce out of range numbers when min = 0 and max

Bug #46587 mt_/rand produce out of range numbers when min = 0 and max > get_randmax
Submitted: 2008-11-17 02:50 UTC Modified: 2010-11-23 14:09 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: atomo64 at gmail dot com Assigned: iliaa (profile)
Status: Closed Package: Math related
PHP Version: 5.2.6 OS: Debian sid
Private report: No CVE-ID: None

 [2008-11-17 02:50 UTC] atomo64 at gmail dot com

Description:
------------
Whenever min is set to 0 and max is set to anything greater than 
getrandmax (or the mt_ version) the returned PRN is always (despite 
the upper limit check in the example code) a number minor than 0.

Reproduce code:
---------------
define("UL", mt_getrandmax()+1000);
$r=mt_rand(0, UL);
if ($r < 0 || $r > UL)
echo "Random value out of range\n";

Expected result:
----------------
No output

Actual result:
--------------
Random value out of range

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2009-03-09 14:06 UTC] mmcnickle at gmail dot com

The problem is that there is an integer overflow on UL:

------------
<?php
define('UL',mt_getrandmax() + 1000);
var_dump(UL, (int)UL);
------------

will produce
------------
float(2147484647)
int(-2147482649)
------------

The $min and $max parameter names on mt_rand() (and rand()) are misleading, as $min can be larger than $max and mt_rand will produce a correct value between $min and $max.

In the bug example, the expected result is returned: a random value between -2147482649 and 0.

If you want to change the integer overflow behaviour, it would be best to do a check using mt_getrandmax() in the PHP code:

<?php
$max = mt_getrandmax() + 1000;

if ($max > mt_getrandmax()) {
    $max = mt_getrandmax();
}
$r = mt_rand(0, $max); // $r is now a number between 0 and mt_getrandmax()

 [2010-11-23 14:09 UTC] iliaa@php.net

-Status: Assigned +Status: Closed -Assigned To: pajoye +Assigned To: iliaa

 [2010-11-23 14:09 UTC] iliaa@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

 [2011-01-27 13:50 UTC] belov1985 at gmail dot com

Arr.. I use this feature five years!! ]:->

mt_rand(0, 10) - works, but mt_rand(10, 0) - why no? it's great, that there is no need to check min & max...

WBR, Konstantin