[wp-trac] [WordPress Trac] #63099: wp_rand() function returns only 0 or 1 when called without parameters on 32-bit PHP systems

[WordPress Trac]

#63099: wp_rand() function returns only 0 or 1 when called without parameters on
32-bit PHP systems
--------------------------+-----------------------------
 Reporter:  kalonya       |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  General       |    Version:  6.7.2
 Severity:  normal        |   Keywords:
  Focuses:                |
--------------------------+-----------------------------
 I've identified a bug in WordPress's wp_rand() function that causes it to
 return only the values 0 or 1 when called without parameters on 32-bit PHP
 systems.

 **Environment Information:**
 - PHP Version: 7.4.33
 - PHP Int Max: 2147483647 (32-bit system)
 - PHP Int Size: 4
 - OS: Linux (64-bit)
 - Server Software: Apache
 - WordPress Version: 6.7.2
 - Random Int Available: Yes
 - OpenSSL Available: Yes

 **Issue Description:**
 When calling wp_rand() without parameters on a 32-bit PHP system, it
 consistently returns only the values 0 or 1, rather than generating random
 numbers across the expected range. This occurs due to an integer overflow
 issue.

 **Debug Results:**

 {{{
 Array
 (
     [start] => Array
         (
             [min] =>
             [max] =>
             [rnd_value_length] => 0
             [rnd_value] => ...
         )

     [max_random_number] => 4294967295
     [php_int_max] => 2147483647
     [after_cast] => Array
         (
             [min] => 0
             [max] => -1
             [max === max_random_number] => false
         )

     [use_random_int_functionality] => true
     [random_int_try] => Array
         (
             [_min] => -1
             [_max] => 0
         )

     [random_int_result] => -1
     [return_path] => random_int success
     [final_result] => 1
 )
 }}}

 **Root Cause Analysis:**
 1. On 32-bit PHP systems (PHP_INT_MAX = 2147483647), the function sets
 $max_random_number to 4294967295 (unsigned 32-bit int max value)
 2. When this value is cast to an integer in 32-bit PHP, it overflows and
 becomes -1
 3. The function then calls random_int(-1, 0) which returns either -1 or 0
 4. Finally, the absint() function converts -1 to 1, resulting in only 0 or
 1 being returned

 **Steps to Reproduce:**
 1. Run WordPress on a 32-bit PHP system
 2. Call wp_rand() without parameters multiple times
 3. Observe that only 0 or 1 is returned

 **Expected Behavior:**
 The function should return random numbers across the full range (0 to
 getrandmax() or similar) when called without parameters, just like PHP's
 native rand() function.

 **Additional Tests:**
 - PHP's native rand() and mt_rand() functions work correctly on the same
 system
 - When wp_rand() is called with specific parameters (e.g., wp_rand(10,
 100)), it behaves correctly

 This appears to be a bug in how the function handles 32-bit PHP systems
 when called without parameters.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/63099>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform