php · zeriyoshi · Jul 22, 2022 · Jul 20, 2022 · Jul 21, 2022 · Jul 22, 2022
diff --git a/NEWS b/NEWS
@@ -51,6 +51,7 @@ PHP                                                                        NEWS
 
 - Random:
   . Added new random extension. (Go Kudo)
+  . Fixed bug GH-9066 (signed integer overflow). (zeriyoshi)
 
 - SPL:
   . Widen iterator_to_array() and iterator_count()'s $iterator parameter to

@@ -245,8 +245,6 @@ extern PHPAPI const php_random_algo php_random_algo_xoshiro256starstar;
 extern PHPAPI const php_random_algo php_random_algo_secure;
 extern PHPAPI const php_random_algo php_random_algo_user;
 
-# define PHP_RANDOM_ALGO_IS_DYNAMIC(algo)	((algo)->generate_size == 0)
-
 typedef struct _php_random_engine {
 	const php_random_algo *algo;
 	php_random_status *status;

@@ -319,13 +319,13 @@ PHPAPI zend_object *php_random_engine_common_clone_object(zend_object *object)
 /* {{{ php_random_range */
 PHPAPI zend_long php_random_range(const php_random_algo *algo, php_random_status *status, zend_long min, zend_long max)
 {
-	zend_ulong umax = max - min;
+	zend_ulong umax = (zend_ulong) max - (zend_ulong) min;
 
-	if (PHP_RANDOM_ALGO_IS_DYNAMIC(algo) || algo->generate_size > sizeof(uint32_t) || umax > UINT32_MAX) {
-		return (zend_long) rand_range64(algo, status, umax) + min;
+	if (algo->generate_size == 0 || algo->generate_size > sizeof(uint32_t) || umax > UINT32_MAX) {
+		return (zend_long) (rand_range64(algo, status, umax) + min);
 	}
 
-	return (zend_long) rand_range32(algo, status, umax) + min;
+	return (zend_long) (rand_range32(algo, status, umax) + min);
 }
 /* }}} */
-Original file line number
+Diff line change
@@ Expand Up / @@ -51,6 +51,7 @@ PHP NEWS @@
     - Random:
       . Added new random extension. (Go Kudo)
+      . Fixed bug GH-9066 (signed integer overflow). (zeriyoshi)
     - SPL:
       . Widen iterator_to_array() and iterator_count()'s $iterator parameter to
@@ Expand Down @@