Fix typo in pg_srand48 (srand48 in older branches).

">" should be ">>". This typo results in failure to use all of the bits of the provided seed. This might rise to the level of a security bug if we were relying on srand48 for any security-critical purposes, but we are not --- in fact, it's not used at all unless the platform lacks srandom(), which is improbable. Even on such a platform the exposure seems minimal. Reported privately by Andres Freund.

Fix typo in pg_srand48 (srand48 in older branches).
">" should be ">>". This typo results in failure to use all of the bits of the provided seed. This might rise to the level of a security bug if we were relying on srand48 for any security-critical purposes, but we are not --- in fact, it's not used at all unless the platform lacks srandom(), which is improbable. Even on such a platform the exposure seems minimal. Reported privately by Andres Freund.
48e4b8dc · Tom Lane · b3aaf908 · 48e4b8dc
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

src/port/erand48.c src/port/erand48.c +1 -1

未找到文件。
--- a/src/port/erand48.c
+++ b/src/port/erand48.c
@@ -96,7 +96,7 @@ pg_srand48(long seed)
 {
 	_rand48_seed[0] = RAND48_SEED_0;
 	_rand48_seed[1] = (unsigned short) seed;
-	_rand48_seed[2] = (unsigned short) (seed > 16);
+	_rand48_seed[2] = (unsigned short) (seed >> 16);
 	_rand48_mult[0] = RAND48_MULT_0;
 	_rand48_mult[1] = RAND48_MULT_1;
 	_rand48_mult[2] = RAND48_MULT_2;