From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 20 Jan 2025 20:06:43 +0000 (+0100)
Subject: stdlib: Fix unintended change to the random_r implementation
X-Git-Tag: glibc-2.41~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=33b684e0194930ff072cf812b37c191637261dbe;p=thirdparty%2Fglibc.git

stdlib: Fix unintended change to the random_r implementation

Commit d5bceac99d24af1131b90027dab267e437b65cd1 changed the sequence
of random numbers.  This was completely unintended.  The statistical
properties of the new sequences are unclear, so restore the old
behavior.

Fixes commit d5bceac99d24af1131b90027dab267e437b65cd1 ("stdlib:
random_r: fix unaligned access in initstate and initstate_r
[BZ #30584]").

Reviewed-by: Noah Goldstein <goldstein.w.n@gmail.com>
---

diff --git a/stdlib/random_r.c b/stdlib/random_r.c
index 605e96983c..b49f03f5be 100644
--- a/stdlib/random_r.c
+++ b/stdlib/random_r.c
@@ -390,9 +390,10 @@ __random_r (struct random_data *buf, int32_t *result)
       int32_t *end_ptr = buf->end_ptr;
       uint32_t val;
 
-      val = read_state (rptr, 0);
-      int32_t t = read_state (fptr, 0);
-      write_state (fptr, 0, t + val);
+      /* Avoid integer overflow with uint32_t arihmetic.  */
+      val = read_state (fptr, 0);
+      val += read_state (rptr, 0);
+      write_state (fptr, 0, val);
       /* Chucking least random bit.  */
       *result = val >> 1;
       ++fptr;