svn commit: r300377 - head/sys/compat/ndis
Conrad Meyer
cem at FreeBSD.org
Sat May 21 19:12:33 UTC 2016
On Sat, May 21, 2016 at 10:52 AM, Pedro F. Giffuni <pfg at freebsd.org> wrote:
> Author: pfg
> Date: Sat May 21 17:52:44 2016
> New Revision: 300377
> URL: https://svnweb.freebsd.org/changeset/base/300377
>
> Log:
> ndis(4): Avoid overflow.
>
> This is a long standing problem: our random() function returns an
> unsigned integer but the rand provided by ndis(4) returns an int.
> Scale it down.
>
> MFC after: 2 weeks
>
> Modified:
> head/sys/compat/ndis/subr_ntoskrnl.c
>
> Modified: head/sys/compat/ndis/subr_ntoskrnl.c
> ==============================================================================
> --- head/sys/compat/ndis/subr_ntoskrnl.c Sat May 21 17:38:43 2016 (r300376)
> +++ head/sys/compat/ndis/subr_ntoskrnl.c Sat May 21 17:52:44 2016 (r300377)
> @@ -3189,7 +3189,7 @@ static int
> rand(void)
> {
>
> - return (random());
> + return (random() / 2 + 1);
> }
>
> static void
>
Won't this still return a negative integer in many cases?
random(9) returns u_long, whereas this rand() routine returns 'int'.
Even on architectures where long is the same size as ordinary
integers, the range of possible results of the 'random() / 2 + 1'
expression, before implicit cast to signed, is [1, 2^31] (inclusive).
2^31 is not representable by typical signed 32-bit integers, so this
will wrap to INT_MIN. Also, I'm not sure why zero is excluded from
the range.
On architectures where long is larger than ordinary integers, this
expression has no hope of fitting in the non-negative range of a
signed integer.
Why not instead:
return ((u_int)random() / 2);
Best,
Conrad
More information about the svn-src-all
mailing list