Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:100455
Return-Path: <solar@openwall.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 82081 invoked from network); 7 Sep 2017 19:41:21 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Sep 2017 19:41:21 -0000
Authentication-Results: pb1.pair.com header.from=solar@openwall.com; sender-id=pass
Authentication-Results: pb1.pair.com smtp.mail=solar@openwall.com; spf=pass; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain openwall.com designates 195.42.179.200 as permitted sender)
X-PHP-List-Original-Sender: solar@openwall.com
X-Host-Fingerprint: 195.42.179.200 mother.openwall.net  
Received: from [195.42.179.200] ([195.42.179.200:61836] helo=mother.openwall.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id BD/86-10715-ED0A1B95 for <internals@lists.php.net>; Thu, 07 Sep 2017 15:41:19 -0400
Received: (qmail 14066 invoked from network); 7 Sep 2017 19:41:15 -0000
Received: from localhost (HELO pvt.openwall.com) (127.0.0.1)
  by localhost with SMTP; 7 Sep 2017 19:41:15 -0000
Received: by pvt.openwall.com (Postfix, from userid 503)
	id 878A0AB18D; Thu,  7 Sep 2017 21:41:04 +0200 (CEST)
Date: Thu, 7 Sep 2017 21:41:04 +0200
To: Nikita Popov <nikita.ppv@gmail.com>
Cc: Leigh <leight@gmail.com>, PHP internals <internals@lists.php.net>,
	Davey Shafik <davey@php.net>, Joe Watkins <krakjoe@php.net>
Message-ID: <20170907194104.GA14546@openwall.com>
References: <20170816191247.GA12324@openwall.com> <CAPwsocE+8_4J9ZFtWbExH4mKG1haMs1c0OsTXUijn_+rNUN5wQ@mail.gmail.com> <CAF+90c82H_4z5TGmKJGS1_Md0c15DvMBngPxUp=Upsx3mb0_2g@mail.gmail.com> <20170816214155.GA12831@openwall.com> <20170816220242.GA13012@openwall.com> <CAF+90c-q_6edO0aoJw=w5q_EopwbtWO8S7uYqAiiRys2zWr2ww@mail.gmail.com> <20170817131830.GB14477@openwall.com> <20170823200509.GA2195@openwall.com> <CAF+90c-J9RxztUh+QuKyBpnnYweQijrkkZaqCQfcmZ95Lx0LqA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAF+90c-J9RxztUh+QuKyBpnnYweQijrkkZaqCQfcmZ95Lx0LqA@mail.gmail.com>
User-Agent: Mutt/1.4.2.3i
Subject: Re: [PHP-DEV] PHP 7.1.0 to 7.2.0beta2 mt_rand() modulo bias bug
From: solar@openwall.com (Solar Designer)

On Thu, Sep 07, 2017 at 08:23:22PM +0200, Nikita Popov wrote:
> Sorry for the long delay. I've just applied
> https://github.com/php/php-src/commit/fd07302024bc47082b13b32217147fd39d1e9e61
> to the 7.2 branch.

Thank you!

Maybe you'd add similar tests for 64-bit ranges?  Right now,
rand_range64()'s bias avoidance is left untested.  Need to come up with
numbers that would demonstrate the bias if the bias-avoiding loop
failed.

Also, the comment (by me, in the test) that says "7.1.0 to 7.2.0beta2"
should now say "7.1.0 to 7.2.0beta3" since beta3 was released with the
bug still intact.

Alexander