Edit report at http://bugs.php.net/bug.php?id=46587&edit=1
ID: 46587 Updated by: [email protected] Reported by: atomo64 at gmail dot com Summary: mt_/rand produce out of range numbers when min = 0 and max > get_randmax -Status: Assigned +Status: Closed Type: Bug Package: Math related Operating System: Debian sid PHP Version: 5.2.6 -Assigned To: pajoye +Assigned To: iliaa Block user comment: N Private report: N New Comment: This bug has been fixed in SVN. Snapshots of the sources are packaged every three hours; this change will be in the next snapshot. You can grab the snapshot at http://snaps.php.net/. Thank you for the report, and for helping us make PHP better. Previous Comments: ------------------------------------------------------------------------ [2010-11-23 14:09:17] [email protected] Automatic comment from SVN on behalf of iliaa Revision: http://svn.php.net/viewvc/?view=revision&revision=305692 Log: Fixed bug #46587 (mt_rand() does not check that max is greater than min). ------------------------------------------------------------------------ [2009-03-09 14:06:58] mmcnickle at gmail dot com The problem is that there is an integer overflow on UL: ------------ <?php define('UL',mt_getrandmax() + 1000); var_dump(UL, (int)UL); ------------ will produce ------------ float(2147484647) int(-2147482649) ------------ The $min and $max parameter names on mt_rand() (and rand()) are misleading, as $min can be larger than $max and mt_rand will produce a correct value between $min and $max. In the bug example, the expected result is returned: a random value between -2147482649 and 0. If you want to change the integer overflow behaviour, it would be best to do a check using mt_getrandmax() in the PHP code: <?php $max = mt_getrandmax() + 1000; if ($max > mt_getrandmax()) { $max = mt_getrandmax(); } $r = mt_rand(0, $max); // $r is now a number between 0 and mt_getrandmax() ------------------------------------------------------------------------ [2008-11-17 02:50:20] atomo64 at gmail dot com Description: ------------ Whenever min is set to 0 and max is set to anything greater than getrandmax (or the mt_ version) the returned PRN is always (despite the upper limit check in the example code) a number minor than 0. Reproduce code: --------------- define("UL", mt_getrandmax()+1000); $r=mt_rand(0, UL); if ($r < 0 || $r > UL) echo "Random value out of range\n"; Expected result: ---------------- No output Actual result: -------------- Random value out of range ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=46587&edit=1
