From 4918afb25a2ee683036ef2c0aba005c4edef89da Mon Sep 17 00:00:00 2001
From: Ivan Maidanski <ivmai@mail.ru>
Date: Fri, 28 Oct 2016 10:57:20 +0300
Subject: [PATCH] Workaround 'insecure libc pseudo-random number generator
 used' code defect

* dbg_mlc.c [LINT2] (GC_random): New function.
* dbg_mlc.c [KEEP_BACK_PTRS && LINT2] (RANDOM): Define to GC_random.
* dbg_mlc.c [KEEP_BACK_PTRS && LINT2]: Do not include stdlib.h.
* dbg_mlc.c [KEEP_BACK_PTRS && !LINT2] (GC_RAND_MAX): Define.
* dbg_mlc.c (GC_generate_random_heap_address): Replace RAND_MAX with
GC_RAND_MAX.
* include/private/gc_priv.h [LINT2] (GC_RAND_MAX): New macro.
* include/private/gc_priv.h [LINT2] (GC_random): Prototype (as
GC_API_PRIV).
* tests/disclaim_bench.c [LINT2] (rand): Redefine to GC_random.
* tests/disclaim_test.c [LINT2] (rand): Likewise.
* tests/disclaim_test.c [LINT2]: Include private/gc_priv.h instead of
config.h.
---
 dbg_mlc.c                 | 20 ++++++++++++++++++--
 include/private/gc_priv.h |  5 +++++
 tests/disclaim_bench.c    |  5 +++++
 tests/disclaim_test.c     |  7 ++++++-
 4 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/dbg_mlc.c b/dbg_mlc.c
index fbfa6bc4..21d423da 100644
--- a/dbg_mlc.c
+++ b/dbg_mlc.c
@@ -54,9 +54,24 @@
   }
 #endif /* !SHORT_DBG_HDRS */
 
+#ifdef LINT2
+  long GC_random(void)
+  {
+    static unsigned seed = 1; /* not thread-safe */
+
+    /* Linear congruential pseudo-random numbers generator.     */
+    seed = (seed * 1103515245U + 12345) & GC_RAND_MAX; /* overflow is ok */
+    return (long)seed;
+  }
+#endif
+
 #ifdef KEEP_BACK_PTRS
 
+#ifdef LINT2
+# define RANDOM() GC_random()
+#else
 # include <stdlib.h>
+# define GC_RAND_MAX RAND_MAX
 
 # if defined(__GLIBC__) || defined(SOLARIS) \
      || defined(HPUX) || defined(IRIX5) || defined(OSF1)
@@ -64,6 +79,7 @@
 # else
 #   define RANDOM() (long)rand()
 # endif
+#endif /* !LINT2 */
 
   /* Store back pointer to source in dest, if that appears to be possible. */
   /* This is not completely safe, since we may mistakenly conclude that    */
@@ -144,8 +160,8 @@
     size_t i;
     word heap_offset = RANDOM();
 
-    if (GC_heapsize > RAND_MAX) {
-        heap_offset *= RAND_MAX;
+    if (GC_heapsize > GC_RAND_MAX) {
+        heap_offset *= GC_RAND_MAX;
         heap_offset += RANDOM();
     }
     heap_offset %= GC_heapsize;
diff --git a/include/private/gc_priv.h b/include/private/gc_priv.h
index 8370fc73..73eb48cd 100644
--- a/include/private/gc_priv.h
+++ b/include/private/gc_priv.h
@@ -2000,6 +2000,11 @@ GC_EXTERN GC_bool GC_have_errors; /* We saw a smashed or leaked object. */
   GC_INNER void GC_generate_random_backtrace_no_gc(void);
 #endif
 
+#ifdef LINT2
+# define GC_RAND_MAX (~0U >> 1)
+  GC_API_PRIV long GC_random(void);
+#endif
+
 GC_EXTERN GC_bool GC_print_back_height;
 
 #ifdef MAKE_BACK_GRAPH
diff --git a/tests/disclaim_bench.c b/tests/disclaim_bench.c
index 1a1f5a17..5e70cbbe 100644
--- a/tests/disclaim_bench.c
+++ b/tests/disclaim_bench.c
@@ -20,6 +20,11 @@
 
 #include "gc_disclaim.h"
 
+#ifdef LINT2
+# undef rand
+# define rand() (int)GC_random()
+#endif
+
 #define my_assert(e) \
     if (!(e)) { \
         fprintf(stderr, "Assertion failure, line %d: " #e "\n", __LINE__); \
diff --git a/tests/disclaim_test.c b/tests/disclaim_test.c
index f7f366f9..16b94f4f 100644
--- a/tests/disclaim_test.c
+++ b/tests/disclaim_test.c
@@ -20,7 +20,12 @@
 #include <stdio.h>
 #include <string.h>
 
-#ifdef HAVE_CONFIG_H
+#ifdef LINT2
+  /* For GC_random() */
+# include "private/gc_priv.h"
+# undef rand
+# define rand() (int)GC_random()
+#elif defined(HAVE_CONFIG_H)
   /* For GC_[P]THREADS */
 # include "config.h"
 #endif
-- 
2.40.0