Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:100230 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 65274 invoked from network); 16 Aug 2017 19:47:33 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 16 Aug 2017 19:47:33 -0000 Authentication-Results: pb1.pair.com header.from=leight@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=leight@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.128.195 as permitted sender) X-PHP-List-Original-Sender: leight@gmail.com X-Host-Fingerprint: 209.85.128.195 mail-wr0-f195.google.com Received: from [209.85.128.195] ([209.85.128.195:36109] helo=mail-wr0-f195.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D2/86-34801-551A4995 for ; Wed, 16 Aug 2017 15:47:33 -0400 Received: by mail-wr0-f195.google.com with SMTP id y67so4754900wrb.3 for ; Wed, 16 Aug 2017 12:47:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=dsddBk7pamzjJdVKiX7Kmm1WdTTeM0i6aznzfzNoixc=; b=c8Jya2KVRYqMCuBtRIM6V7qbQjW/0eKVRNQTtDgvGE7OxTzOnvLbeyXQQpCIFOykne pRsNpY0+rS3vzjSslL/59Q+yKNvsh1qXYuQLOsgXwHfweCiY/iUMW9a+YaM3urNgDqOE S/x4XLLGoY3BJTU2dQYK8JQN3GxSSD3Pn5BUxkLa3HjPXha1dgX0KUzubp7HfL7IE0Vo z3WcarExiahB+yMnCIU8mgHwtHmBzYtokX3n8Y7W4tOFxYt8foE7OvdNgzqoZ5ztM6QM DnAjA66tKQZNi9vE/u9ToabEmsiTGItxCsWyzM95D9+2+PuNcU/LXlypbDIQt8DlhWuc lh3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=dsddBk7pamzjJdVKiX7Kmm1WdTTeM0i6aznzfzNoixc=; b=MnrLDBzzKFD9kW5YriXUY8+k2Q1PDF4TMv4LLnY6cuT97GOGAIZsh4lCTuxDTg4e+q Ti1wfJSHUJw5y1HOzKGpXgJU5UtVCtn0EGGRkqcfsYMMR2dSz5o68CcgcT3/l/GcORs5 owfmrf75a0q7qJcQA9j1sM0umya+pElRX2vxg8NHVCxg6az9QTo7Nxz2yHwFXxWAjvom mL8V1FzeTnJ+mRkAzTslKVIIvyj2yPHGfuCTQFRL7kRpcH7R3djWHvDZucw4oyf5Vime ML4xfY2j77XS9Thv5eDLoEUZnH97razOw6qgDJFUmobBgnlS52w2HvVjM69gl5djf+AX jGGg== X-Gm-Message-State: AHYfb5iyIxOm1H7rQuSjm0X5R/YTdtCmA51Ku23cpVUVLCUtEgFYoFzo xd10Td4ZCvFRmIGCjVpTJHl83R7idyOj X-Received: by 10.223.161.214 with SMTP id v22mr1861590wrv.135.1502912850000; Wed, 16 Aug 2017 12:47:30 -0700 (PDT) MIME-Version: 1.0 References: <20170816191247.GA12324@openwall.com> In-Reply-To: <20170816191247.GA12324@openwall.com> Date: Wed, 16 Aug 2017 19:47:19 +0000 Message-ID: To: Solar Designer , PHP internals Content-Type: multipart/alternative; boundary="f403045f2ede8d81480556e42af9" Subject: Re: [PHP-DEV] PHP 7.1.0 to 7.2.0beta2 mt_rand() modulo bias bug From: leight@gmail.com (Leigh) --f403045f2ede8d81480556e42af9 Content-Type: text/plain; charset="UTF-8" On Wed, 16 Aug 2017 at 20:13 Solar Designer wrote: > Also, why even bother to support ranges beyond 32-bit? Sounds like a > misfeature to me, considering it won't(?) be universally available on > all PHP builds anyway (not on 32-bit ones, right?) and thus shouldn't(?) > be relied upon by applications (although it might become reasonable for > application developers not to care about 32-bit soon). I also see few > use cases for it, even if it were universally available. > It was possible (on 64 bit builds) to specify min and max such that the size of the output required from mt_rand was the full 64 bit range. Prior to 7.1 this full output was created by stretching a single 32 bit output up to the required range using floating point arithmetic, which caused other biases in the output. Unfortunately when fixing this bias, a new bias was introduced. I took known working code from the CSPRNG and didn't account for the variable length of the sample. My proposed fix would be to add a "limit_max" variable, initialise it to UINT32_MAX, and in the first range check where we decide to add an extra output or not, set it to ZEND_ULONG_MAX. Then the statement creating the ceiling value can use limit_max instead of the constant value. --f403045f2ede8d81480556e42af9--