Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 22 Sep 2014 15:41:10 +0200
From: Jens Gustedt <Jens.Gustedt@...ia.fr>
To: musl@...ts.openwall.com
Subject: [PATCH v2] fix a bug in the rand48 family of prng


This fixes a bug found by Nadav Har'El, who observed that musl was giving
different prn sequences than other systems, even if seeded with the same
value.

The problem with something like

a = lc[0] | lc[1]<<16 | lc[2]+0ULL<<32;

where lc[1] is an unsigned short and int is 32bit is the following

(1) lc[1] is promoted to int
(2) the left shift 16 is performed on int

this is UB if bit 15 is set in lc[1], since it moves a 1 into the sign
bit.

In particular, bit 15 *is* 1 for the default multplicator A as defined by POSIX.

(On systems with 16 bit int all of this has UB anyhow.)

If the platform defines the behavior (most do) we are still not
saved. Then we have an bit-or between an int and an ullong. If the int is
negative sign extension sets all the high bits of the result, messing up
the computation completely.
---
 src/prng/__rand48_step.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


View attachment "0001-fix-a-bug-in-the-rand48-family-of-prng.patch" of type "text/x-patch" (481 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.