From 2ee9981d992aa54e92494533e053540375f16663 Mon Sep 17 00:00:00 2001 From: Ykkrosh Date: Sun, 13 May 2012 23:40:06 +0000 Subject: [PATCH] Replace boost::uniform_real to avoid OOS caused by changes in behaviour between Boost versions This was SVN commit r11857. --- source/scriptinterface/ScriptInterface.cpp | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/source/scriptinterface/ScriptInterface.cpp b/source/scriptinterface/ScriptInterface.cpp index 4f6c32ac0e..9a16a0d182 100644 --- a/source/scriptinterface/ScriptInterface.cpp +++ b/source/scriptinterface/ScriptInterface.cpp @@ -439,6 +439,22 @@ JSBool ProfileStop(JSContext* UNUSED(cx), uintN UNUSED(argc), jsval* vp) // Math override functions: +// boost::uniform_real is apparently buggy in Boost pre-1.47 - for integer generators +// it returns [min,max], not [min,max). The bug was fixed in 1.47. +// We need consistent behaviour, so manually implement the correct version: +static double generate_uniform_real(boost::rand48& rng, double min, double max) +{ + while (true) + { + double n = (double)(rng() - rng.min()); + double d = (double)(rng.max() - rng.min()) + 1.0; + ENSURE(d > 0 && n >= 0 && n <= d); + double r = n / d * (max - min) + min; + if (r < max) + return r; + } +} + JSBool Math_random(JSContext* cx, uintN UNUSED(argc), jsval* vp) { // Grab the RNG that was hidden in our slot @@ -447,9 +463,7 @@ JSBool Math_random(JSContext* cx, uintN UNUSED(argc), jsval* vp) return JS_FALSE; boost::rand48* rng = static_cast(JSVAL_TO_PRIVATE(rngp)); - // TODO: is the double generation sufficiently deterministic for us? - boost::uniform_real dist; - double r = dist(*rng); + double r = generate_uniform_real(*rng, 0.0, 1.0); jsval rv; if (!JS_NewNumberValue(cx, r, &rv))