[Mutt] #3439: Possible constraint violation or undefined behavior in mutt_srandom (init.c)
#3439: Possible constraint violation or undefined behavior in mutt_srandom
(init.c)
--------------------+-------------------------------------------------------
Reporter: vinc17 | Owner: mutt-dev
Type: defect | Status: new
Priority: major | Milestone:
Component: mutt | Version:
Keywords: |
--------------------+-------------------------------------------------------
The mutt_srandom function from init.c contains:
{{{
struct timeval tv;
unsigned seed;
gettimeofday(&tv, NULL);
/* POSIX.1-2008 states that seed is 'unsigned' without specifying its
width.
* Use as many of the lower order bits from the current time of day as
the seed.
* If the upper bound is truncated, that is fine.
*/
seed = (tv.tv_sec << 20) | tv.tv_usec;
srandom(seed);
}}}
POSIX specifies that tv.tv_sec has type time_t, which is an arithmetic
type (integer or floating). If time_t is a floating type, there is a
constraint violation, and if it is a signed integer type, it can have an
undefined behavior. If tv.tv_sec needs to be used, I think the fmod
function from <math.h> would be necessary, with a dependency on the math
library.
Concerning the comment on "unsigned", POSIX specifies the type "unsigned"
in the srandom prototype, and this is equivalent to "unsigned int".
However under Darwin, the type is unsigned long.
--
Ticket URL: <http://dev.mutt.org/trac/ticket/3439>
Mutt <http://www.mutt.org/>
The Mutt mail user agent