random_r: fix null dereference when passed uninitialized buf

Merged George Matsumura requested to merge Gorg/gcompat:current into current

Previously, initstate_r would attempt to pack the n, i, and j values into the state array pointed to by the x member value of buf, which would cause access to an invalid region of memory when buf was uninitialized. However, packing the values into the state array was required when buf was initialized, as otherwise the values of n, i, and j would not be saved. Critically, initstate_r had no means by which to distinguish between an uninitialized and initialized buf struct.

This change makes the random_r and srandom_r do the packing and unpacking of the n, i, and j values instead. This does lead to a somewhat more inefficient algorithm, but preserves compatibility in case setstate_r is passed a state array that was initialized with the normal initstate function.

Thank you for your time in looking at this.

Signed-off-by: George Matsumura gm960420@ohio.edu

Merge request reports