- Fixed bug #53403 (use of unitialized values). Fixes the fix for bug #46587.

- Added test for bug #46587.

diff --git a/ext/standard/rand.c b/ext/standard/rand.c
index 8cd130d9698636363c2e0595872b9c5de2790bd5..5658d3c70ca655036e54279e0b13d86b829b0954 100644 (file)
--- a/ext/standard/rand.c
+++ b/ext/standard/rand.c
@@ -315,18 +315,19 @@ PHP_FUNCTION(mt_rand)
        long number;
        int  argc = ZEND_NUM_ARGS();
 
-       if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE)
-               return;
+       if (argc != 0) {
+               if (zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) {
+                       return;
+               } else if (max < min) {
+                       php_error_docref(NULL TSRMLS_CC, E_WARNING, "max(%ld) is smaller than min(%ld)", max, min);
+                       RETURN_FALSE;
+               }
+       }
 
        if (!BG(mt_rand_is_seeded)) {
                php_mt_srand(GENERATE_SEED() TSRMLS_CC);
        }
 
-       if (max < min) {
-               php_error_docref(NULL TSRMLS_CC, E_WARNING, "max(%ld) is smaller than min(%ld)", max, min);
-               RETURN_FALSE;
-       }
-
        /*
         * Melo: hmms.. randomMT() returns 32 random bits...
         * Yet, the previous php_rand only returns 31 at most.

diff --git a/ext/standard/tests/general_functions/bug46587.phpt b/ext/standard/tests/general_functions/bug46587.phpt
new file mode 100644 (file)
index 0000000..becbde9
--- /dev/null
+++ b/ext/standard/tests/general_functions/bug46587.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #46587 (mt_rand() does not check that max is greater than min).
+--FILE--
+<?php
+
+var_dump(mt_rand(3,8));
+var_dump(mt_rand(8,3));
+
+echo "Done.\n";
+?>
+--EXPECTF--
+int(%d)
+
+Warning: mt_rand(): max(3) is smaller than min(8) in %s on line %d
+bool(false)
+Done.