The Shuffle function in random.h can cause items to be empty #24013

issue guoyl opened this issue on January 8, 2022
  1. guoyl commented at 11:20 PM on January 8, 2022: none

    <!-- This issue tracker is only for technical issues related to Bitcoin Core. General bitcoin questions and/or support requests are best directed to the Bitcoin StackExchange at https://bitcoin.stackexchange.com. For reporting security issues, please read instructions at https://bitcoincore.org/en/contact/. If the node is "stuck" during sync or giving "block checksum mismatch" errors, please ensure your hardware is stable by running memtest and observe CPU temperature with a load-test tool such as linpack before creating an issue! -->

    <!-- Describe the issue -->

    In the file src/random.h: template <typename I, typename R> void Shuffle(I first, I last, R&& rng) { while (first != last) { size_t j = rng.randrange(last - first); if (j) { using std::swap; swap(*first, *(first + j)); } ++first; } }

    The argument rng is an instance of the FastRandomContext class. The member function randrange defined as follows: uint64_t randrange(uint64_t range) noexcept { assert(range); --range; int bits = CountBits(range); while (true) { uint64_t ret = randbits(bits); if (ret <= range) return ret; } }

    it returns value <= range。 means that the swap(*first, *(first + j)); the j variable may be equal to vector size. so *(first + j) may be overflow. As a result, the value of an item in the vector may be empty after Shuffle。

    Expected behavior

    <!--- What behavior did you expect? -->

    Causes some values to be empty after Shuffle. Actual behavior

    <!--- What was the actual behavior (provide screenshots if the issue is GUI-related)? -->

    To reproduce

    <!--- How reliably can you reproduce the issue, what are the steps to do so? -->

    System information

    <!-- What version of Bitcoin Core are you using, where did you get it (website, self-compiled, etc)? -->

    the latest version

    <!-- What type of machine are you observing the error on (OS/CPU and disk type)? -->

    <!-- GUI-related issue? What is your operating system and its version? If Linux, what is your desktop environment and graphical shell? -->

    <!-- Any extra information that might be useful in the debugging process. -->

    <!--- This is normally the contents of a `debug.log` or `config.log` file. Raw text or a link to a pastebin type site are preferred. -->

  2. guoyl added the label Bug on Jan 8, 2022
  3. MarcoFalke commented at 7:13 AM on January 9, 2022: member

    No, range = range - 1, aka --range.

  4. guoyl commented at 9:17 PM on January 9, 2022: none

    good! I have noticed the the function randrange decreased it.

  5. MarcoFalke commented at 7:39 AM on January 10, 2022: member

    ok, closing then

  6. MarcoFalke closed this on Jan 10, 2022
  7. DrahtBot locked this on Jan 10, 2023
Contributors
guoylMarcoFalke
Labels
Bug
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-21 18:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me