bin/54878: incorrect divisor in /usr/bin/jot -r

[David Brinegar]

>Number:         54878
>Category:       bin
>Synopsis:       incorrect divisor in /usr/bin/jot -r
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jul 25 23:30:09 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     David Brinegar
>Release:        FreeBSD 4.6-RELEASE i386
>Organization:
>Environment:
Any FreeBSD machine.


	
>Description:
	
   src/usr.bin/jot/jot.c uses incorrect divisor.

   revision 1.24, line 278:

      *y = arc4random() / (double)UINT32_MAX;

   will 1 time in 2^32 assign 1.0 to *y, creating a distribution
   of [0,1] instead of the intended [0,1) spread.

   For example one would expect something like the following:

   > jot -w %d -r 1000 1 4 | sort -n | uniq -c
    333 1
    333 2
    334 3

   Internally, jot is assigning *y to 1,2,3, and very rarely 4:

      [1.0,2.0) => 1
      [2.0,3.0) => 2
      [3.0,4.0) => 3
           4.0  => 4

   So this bug creates the remote possiblity of something like:

   > jot -w %d -r 1000 1 4 | sort -n | uniq -c
    333 1
    333 2
    333 3
      1 4


>How-To-Repeat:
	

   jot -w $d -r 0 1 4 | grep 4 | head -1

   and wait a potentially very long time. :-)

>Fix:

	
   src/usr.bin/jot/jot.c revision 1.24, line 278:

      *y = arc4random() / (double)UINT32_MAX;

   should be:

      *y = arc4random() / (1.0 + (double)UINT32_MAX);

   and similar for other revisions, where the divisor should be
   one more than the maximum *random() function return value.

>Release-Note:
>Audit-Trail:
>Unformatted: