From aa0c679f484347d20ab6f7c0f75f32f5e360cb89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mattias=20Engdeg=C3=A5rd?= Date: Sun, 29 Dec 2019 13:51:48 +0100 Subject: [PATCH] Avoid unbounded growth of cl-random-state components (bug#38753) * lisp/emacs-lisp/cl-extra.el (cl-random): Perform the modulo 2**23 operation before updating the state instead of after. The result is always the same, but it prevents the state from growing into arbitrary large bignums. Patch from Christopher Wellons. --- lisp/emacs-lisp/cl-extra.el | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lisp/emacs-lisp/cl-extra.el b/lisp/emacs-lisp/cl-extra.el index 7e9d8fe870b..2e0b37c14de 100644 --- a/lisp/emacs-lisp/cl-extra.el +++ b/lisp/emacs-lisp/cl-extra.el @@ -469,7 +469,7 @@ Optional second arg STATE is a random-state object." (while (< (setq i (1+ i)) 200) (cl-random 2 state)))) (let* ((i (cl-callf (lambda (x) (% (1+ x) 55)) (cl--random-state-i state))) (j (cl-callf (lambda (x) (% (1+ x) 55)) (cl--random-state-j state))) - (n (logand 8388607 (aset vec i (- (aref vec i) (aref vec j)))))) + (n (aset vec i (logand 8388607 (- (aref vec i) (aref vec j)))))) (if (integerp lim) (if (<= lim 512) (% n lim) (if (> lim 8388607) (setq n (+ (ash n 9) (cl-random 512 state))))