bin/54878: incorrect divisor in /usr/bin/jot -r
David Brinegar
jot.3.brinegar at spamgourmet.com
Fri Jul 25 23:30:11 PDT 2003
>Number: 54878
>Category: bin
>Synopsis: incorrect divisor in /usr/bin/jot -r
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 25 23:30:09 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: David Brinegar
>Release: FreeBSD 4.6-RELEASE i386
>Organization:
>Environment:
Any FreeBSD machine.
>Description:
src/usr.bin/jot/jot.c uses incorrect divisor.
revision 1.24, line 278:
*y = arc4random() / (double)UINT32_MAX;
will 1 time in 2^32 assign 1.0 to *y, creating a distribution
of [0,1] instead of the intended [0,1) spread.
For example one would expect something like the following:
> jot -w %d -r 1000 1 4 | sort -n | uniq -c
333 1
333 2
334 3
Internally, jot is assigning *y to 1,2,3, and very rarely 4:
[1.0,2.0) => 1
[2.0,3.0) => 2
[3.0,4.0) => 3
4.0 => 4
So this bug creates the remote possiblity of something like:
> jot -w %d -r 1000 1 4 | sort -n | uniq -c
333 1
333 2
333 3
1 4
>How-To-Repeat:
jot -w $d -r 0 1 4 | grep 4 | head -1
and wait a potentially very long time. :-)
>Fix:
src/usr.bin/jot/jot.c revision 1.24, line 278:
*y = arc4random() / (double)UINT32_MAX;
should be:
*y = arc4random() / (1.0 + (double)UINT32_MAX);
and similar for other revisions, where the divisor should be
one more than the maximum *random() function return value.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list