vfs: check userland buffers before reading them.
[haiku.git] / src / system / libroot / posix / glibc / stdlib / random_r.c
blob09677e6077e3e51737a37660a5051971da6a38ca
1 /*
2 Copyright (C) 1995 Free Software Foundation
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, write to the Free
16 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
17 02111-1307 USA. */
20 Copyright (C) 1983 Regents of the University of California.
21 All rights reserved.
23 Redistribution and use in source and binary forms, with or without
24 modification, are permitted provided that the following conditions
25 are met:
27 1. Redistributions of source code must retain the above copyright
28 notice, this list of conditions and the following disclaimer.
29 2. Redistributions in binary form must reproduce the above copyright
30 notice, this list of conditions and the following disclaimer in the
31 documentation and/or other materials provided with the distribution.
32 4. Neither the name of the University nor the names of its contributors
33 may be used to endorse or promote products derived from this software
34 without specific prior written permission.
36 THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
37 ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
39 ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
40 FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
41 DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
42 OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
43 HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
44 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
45 OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
46 SUCH DAMAGE.*/
49 * This is derived from the Berkeley source:
50 * @(#)random.c 5.5 (Berkeley) 7/6/88
51 * It was reworked for the GNU C Library by Roland McGrath.
52 * Rewritten to be reentrant by Ulrich Drepper, 1995
55 #include <errno.h>
56 #include <limits.h>
57 #include <stddef.h>
58 #include <stdlib.h>
61 /* An improved random number generation package. In addition to the standard
62 rand()/srand() like interface, this package also has a special state info
63 interface. The initstate() routine is called with a seed, an array of
64 bytes, and a count of how many bytes are being passed in; this array is
65 then initialized to contain information for random number generation with
66 that much state information. Good sizes for the amount of state
67 information are 32, 64, 128, and 256 bytes. The state can be switched by
68 calling the setstate() function with the same array as was initialized
69 with initstate(). By default, the package runs with 128 bytes of state
70 information and generates far better random numbers than a linear
71 congruential generator. If the amount of state information is less than
72 32 bytes, a simple linear congruential R.N.G. is used. Internally, the
73 state information is treated as an array of longs; the zeroth element of
74 the array is the type of R.N.G. being used (small integer); the remainder
75 of the array is the state information for the R.N.G. Thus, 32 bytes of
76 state information will give 7 longs worth of state information, which will
77 allow a degree seven polynomial. (Note: The zeroth word of state
78 information also has some other information stored in it; see setstate
79 for details). The random number generation technique is a linear feedback
80 shift register approach, employing trinomials (since there are fewer terms
81 to sum up that way). In this approach, the least significant bit of all
82 the numbers in the state table will act as a linear feedback shift register,
83 and will have period 2^deg - 1 (where deg is the degree of the polynomial
84 being used, assuming that the polynomial is irreducible and primitive).
85 The higher order bits will have longer periods, since their values are
86 also influenced by pseudo-random carries out of the lower bits. The
87 total period of the generator is approximately deg*(2**deg - 1); thus
88 doubling the amount of state information has a vast influence on the
89 period of the generator. Note: The deg*(2**deg - 1) is an approximation
90 only good for large deg, when the period of the shift register is the
91 dominant factor. With deg equal to seven, the period is actually much
92 longer than the 7*(2**7 - 1) predicted by this formula. */
96 /* For each of the currently supported random number generators, we have a
97 break value on the amount of state information (you need at least this many
98 bytes of state info to support this random number generator), a degree for
99 the polynomial (actually a trinomial) that the R.N.G. is based on, and
100 separation between the two lower order coefficients of the trinomial. */
102 /* Linear congruential. */
103 #define TYPE_0 0
104 #define BREAK_0 8
105 #define DEG_0 0
106 #define SEP_0 0
108 /* x**7 + x**3 + 1. */
109 #define TYPE_1 1
110 #define BREAK_1 32
111 #define DEG_1 7
112 #define SEP_1 3
114 /* x**15 + x + 1. */
115 #define TYPE_2 2
116 #define BREAK_2 64
117 #define DEG_2 15
118 #define SEP_2 1
120 /* x**31 + x**3 + 1. */
121 #define TYPE_3 3
122 #define BREAK_3 128
123 #define DEG_3 31
124 #define SEP_3 3
126 /* x**63 + x + 1. */
127 #define TYPE_4 4
128 #define BREAK_4 256
129 #define DEG_4 63
130 #define SEP_4 1
133 /* Array versions of the above information to make code run faster.
134 Relies on fact that TYPE_i == i. */
136 #define MAX_TYPES 5 /* Max number of types above. */
138 struct random_poly_info
140 int seps[MAX_TYPES];
141 int degrees[MAX_TYPES];
144 static const struct random_poly_info random_poly_info =
146 { SEP_0, SEP_1, SEP_2, SEP_3, SEP_4 },
147 { DEG_0, DEG_1, DEG_2, DEG_3, DEG_4 }
153 /* Initialize the random number generator based on the given seed. If the
154 type is the trivial no-state-information type, just remember the seed.
155 Otherwise, initializes state[] based on the given "seed" via a linear
156 congruential generator. Then, the pointers are set to known locations
157 that are exactly rand_sep places apart. Lastly, it cycles the state
158 information a given number of times to get rid of any initial dependencies
159 introduced by the L.C.R.N.G. Note that the initialization of randtbl[]
160 for default usage relies on values produced by this routine. */
162 __srandom_r (seed, buf)
163 unsigned int seed;
164 struct random_data *buf;
166 int type;
167 int32_t *state;
168 long int i;
169 long int word;
170 int32_t *dst;
171 int kc;
173 if (buf == NULL)
174 goto fail;
175 type = buf->rand_type;
176 if ((unsigned int) type >= MAX_TYPES)
177 goto fail;
179 state = buf->state;
180 /* We must make sure the seed is not 0. Take arbitrarily 1 in this case. */
181 if (seed == 0)
182 seed = 1;
183 state[0] = seed;
184 if (type == TYPE_0)
185 goto done;
187 dst = state;
188 word = seed;
189 kc = buf->rand_deg;
190 for (i = 1; i < kc; ++i)
192 /* This does:
193 state[i] = (16807 * state[i - 1]) % 2147483647;
194 but avoids overflowing 31 bits. */
195 long int hi = word / 127773;
196 long int lo = word % 127773;
197 word = 16807 * lo - 2836 * hi;
198 if (word < 0)
199 word += 2147483647;
200 *++dst = word;
203 buf->fptr = &state[buf->rand_sep];
204 buf->rptr = &state[0];
205 kc *= 10;
206 while (--kc >= 0)
208 int32_t discard;
209 (void) __random_r (buf, &discard);
212 done:
213 return 0;
215 fail:
216 return -1;
219 weak_alias (__srandom_r, srandom_r)
221 /* Initialize the state information in the given array of N bytes for
222 future random number generation. Based on the number of bytes we
223 are given, and the break values for the different R.N.G.'s, we choose
224 the best (largest) one we can and set things up for it. srandom is
225 then called to initialize the state information. Note that on return
226 from srandom, we set state[-1] to be the type multiplexed with the current
227 value of the rear pointer; this is so successive calls to initstate won't
228 lose this information and will be able to restart with setstate.
229 Note: The first thing we do is save the current state, if any, just like
230 setstate so that it doesn't matter when initstate is called.
231 Returns a pointer to the old state. */
233 __initstate_r (seed, arg_state, n, buf)
234 unsigned int seed;
235 char *arg_state;
236 size_t n;
237 struct random_data *buf;
239 int type;
240 int degree;
241 int separation;
242 int32_t *state;
244 if (buf == NULL)
245 goto fail;
247 if (n >= BREAK_3)
248 type = n < BREAK_4 ? TYPE_3 : TYPE_4;
249 else if (n < BREAK_1)
251 if (n < BREAK_0)
253 __set_errno (EINVAL);
254 goto fail;
256 type = TYPE_0;
258 else
259 type = n < BREAK_2 ? TYPE_1 : TYPE_2;
261 degree = random_poly_info.degrees[type];
262 separation = random_poly_info.seps[type];
264 buf->rand_type = type;
265 buf->rand_sep = separation;
266 buf->rand_deg = degree;
267 state = &((int32_t *) arg_state)[1]; /* First location. */
268 /* Must set END_PTR before srandom. */
269 buf->end_ptr = &state[degree];
271 buf->state = state;
273 __srandom_r (seed, buf);
275 state[-1] = TYPE_0;
276 if (type != TYPE_0)
277 state[-1] = (buf->rptr - state) * MAX_TYPES + type;
279 return 0;
281 fail:
282 __set_errno (EINVAL);
283 return -1;
286 weak_alias (__initstate_r, initstate_r)
288 /* Restore the state from the given state array.
289 Note: It is important that we also remember the locations of the pointers
290 in the current state information, and restore the locations of the pointers
291 from the old state information. This is done by multiplexing the pointer
292 location into the zeroth word of the state information. Note that due
293 to the order in which things are done, it is OK to call setstate with the
294 same state as the current state
295 Returns a pointer to the old state information. */
297 __setstate_r (arg_state, buf)
298 char *arg_state;
299 struct random_data *buf;
301 int32_t *new_state = 1 + (int32_t *) arg_state;
302 int type;
303 int old_type;
304 int32_t *old_state;
305 int degree;
306 int separation;
308 if (arg_state == NULL || buf == NULL)
309 goto fail;
311 old_type = buf->rand_type;
312 old_state = buf->state;
313 if (old_type == TYPE_0)
314 old_state[-1] = TYPE_0;
315 else
316 old_state[-1] = (MAX_TYPES * (buf->rptr - old_state)) + old_type;
318 type = new_state[-1] % MAX_TYPES;
319 if (type < TYPE_0 || type > TYPE_4)
320 goto fail;
322 buf->rand_deg = degree = random_poly_info.degrees[type];
323 buf->rand_sep = separation = random_poly_info.seps[type];
324 buf->rand_type = type;
326 if (type != TYPE_0)
328 int rear = new_state[-1] / MAX_TYPES;
329 buf->rptr = &new_state[rear];
330 buf->fptr = &new_state[(rear + separation) % degree];
332 buf->state = new_state;
333 /* Set end_ptr too. */
334 buf->end_ptr = &new_state[degree];
336 return 0;
338 fail:
339 __set_errno (EINVAL);
340 return -1;
343 weak_alias (__setstate_r, setstate_r)
345 /* If we are using the trivial TYPE_0 R.N.G., just do the old linear
346 congruential bit. Otherwise, we do our fancy trinomial stuff, which is the
347 same in all the other cases due to all the global variables that have been
348 set up. The basic operation is to add the number at the rear pointer into
349 the one at the front pointer. Then both pointers are advanced to the next
350 location cyclically in the table. The value returned is the sum generated,
351 reduced to 31 bits by throwing away the "least random" low bit.
352 Note: The code takes advantage of the fact that both the front and
353 rear pointers can't wrap on the same call by not testing the rear
354 pointer if the front one has wrapped. Returns a 31-bit random number. */
357 __random_r (buf, result)
358 struct random_data *buf;
359 int32_t *result;
361 int32_t *state;
363 if (buf == NULL || result == NULL)
364 goto fail;
366 state = buf->state;
368 if (buf->rand_type == TYPE_0)
370 int32_t val = state[0];
371 val = ((state[0] * 1103515245) + 12345) & 0x7fffffff;
372 state[0] = val;
373 *result = val;
375 else
377 int32_t *fptr = buf->fptr;
378 int32_t *rptr = buf->rptr;
379 int32_t *end_ptr = buf->end_ptr;
380 int32_t val;
382 val = *fptr += *rptr;
383 /* Chucking least random bit. */
384 *result = (val >> 1) & 0x7fffffff;
385 ++fptr;
386 if (fptr >= end_ptr)
388 fptr = state;
389 ++rptr;
391 else
393 ++rptr;
394 if (rptr >= end_ptr)
395 rptr = state;
397 buf->fptr = fptr;
398 buf->rptr = rptr;
400 return 0;
402 fail:
403 __set_errno (EINVAL);
404 return -1;
407 weak_alias (__random_r, random_r)