From: Ilia Alshanetsky <iliaa@php.net>
Date: Tue, 23 Nov 2010 13:09:15 +0000 (+0000)
Subject: Fixed bug #46587 (mt_rand() does not check that max is greater than min).
X-Git-Tag: php-5.3.4RC2~29
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4f3ab10786809cf720c81c8ad29aa6eaacc8ae0a;p=php

Fixed bug #46587 (mt_rand() does not check that max is greater than min).
---

diff --git a/NEWS b/NEWS
index c2c108e2e6..4c9618bcb9 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,8 @@
     EXTR_OVERWRITE. (jorto at redhat dot com)
   . Fixed bug #47168 (printf of floating point variable prints maximum of 40 
     decimal places). (Ilia)
+  . Fixed bug #46587 (mt_rand() does not check that max is greater than min).
+    (Ilia)  
       
 - Intl extension:
   . Fixed crashes on invalid parameters in intl extension (Stas, Maksymilian
diff --git a/ext/standard/rand.c b/ext/standard/rand.c
index 4f1f18b278..eb26cc5c50 100644
--- a/ext/standard/rand.c
+++ b/ext/standard/rand.c
@@ -322,6 +322,11 @@ PHP_FUNCTION(mt_rand)
 		php_mt_srand(GENERATE_SEED() TSRMLS_CC);
 	}
 
+	if (max < min) {
+		php_error_docref(NULL TSRMLS_CC, E_WARNING, "max(%d) is smaller than min(%d)", max, min);
+		RETURN_FALSE;
+	}
+
 	/*
 	 * Melo: hmms.. randomMT() returns 32 random bits...
 	 * Yet, the previous php_rand only returns 31 at most.