recent coverity and rand
mstahl at redhat.com
Thu Oct 2 14:35:28 PDT 2014
On 02/10/14 17:44, Caolán McNamara wrote:
> The latest coverity has taken a dislike to "rand" and we've a big block
> of cids, cid#1242372 to cid#1242410 now marked with
> static_checker_DC.WEAK_CRYPTO "Don't call".
there were definitely bad implementations of standard C library random
functions; no idea if that is the case on current desktop platforms...
iirc couple years ago users were actually complaining about bad random
numbers in Calc generated from rand() on Windows.
> We have our own random pool stuff in sal, is there a drop in replacement
> for rand in there somewhere or a common pattern we could follow in
> replacing those ?
let's see what we've got:
* direct usage of boost::random for fancy distributions in Calc,
double uniform() function with [0,1) range
implemented with boost::random / MersenneTwister for speed
MD5-based PRNG, probably designed for cryptographic purposes,
although mostly untouched since the 90s and perhaps insufficient
for crypto today; it doesn't even appear to be seeded with *real*
entropy... (if there are actual cryptographic uses of this they
probably should be replaced with something from NSS)
... so i'd guess that the comphelper/random.hxx approach is most
promising for general-purpose random numbers (i.e. not crypto); it even
nicely encapsulates the boost template madness behind a small ABI.
oh, there is also a <random> header in C++11, likely inspired by
boost::random; i wonder if our new baseline toolchains have support for
this... actually GCC 4.5 release notes list it as a new feature, and
MSVC 2012 has it too:
... so perhaps <random> is usable for us already.
More information about the LibreOffice