NetBSD Problem Report #56824
From www@netbsd.org Sun May 8 22:17:20 2022
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id EC2621A9239
for <gnats-bugs@gnats.NetBSD.org>; Sun, 8 May 2022 22:17:19 +0000 (UTC)
Message-Id: <20220508221719.108E11A923B@mollari.NetBSD.org>
Date: Sun, 8 May 2022 22:17:19 +0000 (UTC)
From: guilherme.janczak@yandex.com
Reply-To: guilherme.janczak@yandex.com
To: gnats-bugs@NetBSD.org
Subject: modulo by 0 in arc4random_uniform()
X-Send-Pr-Version: www-1.0
>Number: 56824
>Category: lib
>Synopsis: modulo by 0 in arc4random_uniform()
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: lib-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun May 08 22:20:01 +0000 2022
>Closed-Date: Sun May 08 22:40:10 +0000 2022
>Last-Modified: Sun May 08 23:10:00 +0000 2022
>Originator: Guilherme Janczak
>Release: 9.2
>Organization:
>Environment:
NetBSD localhost 9.2 NetBSD 9.2 (GENERIC) #0: Wed May 12 13:15:55 UTC 2021 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>Description:
arc4random_uniform performs a modulo by 0 if it receives 0 as an argument, causing the program that calls it to be terminated with SIGFPE.
I've included an example C program that triggers the bug and also the fix.
>How-To-Repeat:
#include <stdio.h>
#include <stdlib.h>
int
main(void)
{
uint32_t rnd;
printf("arc4random_uniform(0): ");
fflush(stdout);
rnd = arc4random_uniform(0);
printf("%llu\n", (unsigned long long)rnd);
}
>Fix:
Index: lib/libc/gen/arc4random.c
===================================================================
RCS file: /cvsroot/src/lib/libc/gen/arc4random.c,v
retrieving revision 1.33
diff -u -p -u -r1.33 arc4random.c
--- lib/libc/gen/arc4random.c 19 Apr 2022 20:32:15 -0000 1.33
+++ lib/libc/gen/arc4random.c 7 May 2022 19:35:37 -0000
@@ -623,6 +623,8 @@ arc4random_uniform(uint32_t bound)
{
struct arc4random_prng *prng;
uint32_t minimum, r;
+ if (bound <= 1)
+ return 0;
/*
* We want a uniform random choice in [0, n), and arc4random()
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: joerg@NetBSD.org
State-Changed-When: Sun, 08 May 2022 22:40:10 +0000
State-Changed-Why:
This is not a bug. You are asking for a number in the range [0, 0), which is empty.
A domain error is the correct result.
From: Guilherme Janczak <guilherme.janczak@yandex.com>
To: gnats-bugs@netbsd.org
Cc: lib-bug-people@netbsd.org, netbsd-bugs@netbsd.org,
gnats-admin@netbsd.org, joerg@netbsd.org
Subject: Re: lib/56824 (modulo by 0 in arc4random_uniform())
Date: Sun, 8 May 2022 22:58:46 +0000
On Sun, May 08, 2022 at 10:40:10PM +0000, joerg@NetBSD.org wrote:
> Synopsis: modulo by 0 in arc4random_uniform()
>
> State-Changed-From-To: open->closed
> State-Changed-By: joerg@NetBSD.org
> State-Changed-When: Sun, 08 May 2022 22:40:10 +0000
> State-Changed-Why:
> This is not a bug. You are asking for a number in the range [0, 0), which is empty.
> A domain error is the correct result.
>
That's true, but arc4random_uniform comes from OpenBSD and their version
returns 0 in this case. Wouldn't it make more sense to imitate OpenBSD
behavior than to introduce different behavior?
From: Joerg Sonnenberger <joerg@bec.de>
To: Guilherme Janczak <guilherme.janczak@yandex.com>
Cc: gnats-bugs@netbsd.org, lib-bug-people@netbsd.org,
netbsd-bugs@netbsd.org, gnats-admin@netbsd.org, joerg@netbsd.org
Subject: Re: lib/56824 (modulo by 0 in arc4random_uniform())
Date: Mon, 9 May 2022 01:05:12 +0200
Am Sun, May 08, 2022 at 10:58:46PM +0000 schrieb Guilherme Janczak:
> On Sun, May 08, 2022 at 10:40:10PM +0000, joerg@NetBSD.org wrote:
> > Synopsis: modulo by 0 in arc4random_uniform()
> >
> > State-Changed-From-To: open->closed
> > State-Changed-By: joerg@NetBSD.org
> > State-Changed-When: Sun, 08 May 2022 22:40:10 +0000
> > State-Changed-Why:
> > This is not a bug. You are asking for a number in the range [0, 0), which is empty.
> > A domain error is the correct result.
> >
> That's true, but arc4random_uniform comes from OpenBSD and their version
> returns 0 in this case. Wouldn't it make more sense to imitate OpenBSD
> behavior than to introduce different behavior?
It doesn't make the answer less nonsensical.
Joerg
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home