Page MenuHomePhabricator
Differential D19985

Harden "Filesystem::readRandomInteger()" against misuse and builtin failure
ClosedPublic
Actions

Authored by epriestley on Jan 16 2019, 8:40 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jan 28, 4:36 AM
Unknown Object (File)
Tue, Jan 28, 3:08 AM
Unknown Object (File)
Dec 19 2024, 12:32 AM
Unknown Object (File)
Dec 17 2024, 6:07 PM
Unknown Object (File)
Dec 12 2024, 9:55 AM
Unknown Object (File)
Dec 10 2024, 4:57 PM
Unknown Object (File)
Dec 9 2024, 3:35 PM
Unknown Object (File)
Dec 8 2024, 12:22 AM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Commits
rPHU14f30f7b6767: Harden "Filesystem::readRandomInteger()" against misuse and builtin failure
Summary

See D19981. Make more of an effort to make sure that nothing unexpected-but-in-our-control can go awry here.

Test Plan

See unit tests.

Diff Detail

Repository
rPHU libphutil
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Jan 16 2019, 8:40 PM
Harbormaster returned this revision to the author for changes because remote builds failed.Jan 16 2019, 8:41 PM
Harbormaster failed remote builds in B21547: Diff 47695!
epriestley added a comment.Jan 16 2019, 8:42 PM

Looks like PHP_INT_MIN wasn't introduced until PHP 7.

epriestley updated this revision to Diff 47696.Jan 16 2019, 8:50 PM
  • Remove PHP_INT_MIN test that only works on PHP 7.0.0 or newer.
  • Add a check for mt_getrandmax() before hitting the MT code.
Harbormaster completed remote builds in B21548: Diff 47696.Jan 16 2019, 8:51 PM
epriestley requested review of this revision.Jan 16 2019, 8:51 PM
epriestley added inline comments.Jan 16 2019, 8:52 PM
src/filesystem/Filesystem.php
576–587

This specific test came out of the "Notes" section in the mt_rand() documentation.

I think the implementation is: generate a value, normalize it to [0, max - min], then add min -- so it's only the difference between min and max that matters, not the actual value of min or max.

amckinley accepted this revision.Jan 16 2019, 8:53 PM
This revision is now accepted and ready to land.Jan 16 2019, 8:53 PM
Closed by commit rPHU14f30f7b6767: Harden "Filesystem::readRandomInteger()" against misuse and builtin failure (authored by epriestley). · Explain WhyJan 16 2019, 8:56 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
filesystem/
28 lines
__tests__/
38 lines

Diff 47697

View Options

src/filesystem/Filesystem.php

Loading...
View Options

src/filesystem/__tests__/FilesystemTestCase.php

Loading...
Phabricator · Built by Phacility