From 09221ec87d716ee151816176e0ab667adca8d3c8 Mon Sep 17 00:00:00 2001
From: Alex Shinn <ashinn@users.noreply.github.com>
Date: Wed, 28 May 2014 08:34:36 +0900
Subject: [PATCH] Fixing possible overflow in random bignums. Fixes issue #222.

---
 lib/srfi/27/rand.c      |  7 +++----
 tests/srfi-27-tests.scm | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+), 4 deletions(-)
 create mode 100644 tests/srfi-27-tests.scm

diff --git a/lib/srfi/27/rand.c b/lib/srfi/27/rand.c
index 28ab79a6..46945d8f 100644
--- a/lib/srfi/27/rand.c
+++ b/lib/srfi/27/rand.c
@@ -58,10 +58,9 @@ static sexp sexp_rs_random_integer (sexp ctx, sexp self, sexp_sint_t n, sexp rs,
       sexp_call_random(rs, m);
       data[i] = m;
     }
-    sexp_call_random(rs, m);
-    mod = sexp_bignum_data(bound)[hi-1] * sizeof(int32_t) / sizeof(sexp_uint_t);
-    if (mod)
-      data[i] = m % mod;
+    mod = sexp_bignum_data(bound)[hi-1];
+    if (mod && sexp_bignum_data(res)[hi-1] > 0)
+      sexp_bignum_data(res)[hi-1] %= mod;
 #endif
   } else {
     res = sexp_type_exception(ctx, self, SEXP_FIXNUM, bound);
diff --git a/tests/srfi-27-tests.scm b/tests/srfi-27-tests.scm
new file mode 100644
index 00000000..651eb7bf
--- /dev/null
+++ b/tests/srfi-27-tests.scm
@@ -0,0 +1,20 @@
+
+(import (scheme base)
+        (srfi 27)
+        (chibi test))
+
+(test-begin "srfi-27")
+
+(define (test-random rand n)
+  (test-assert (<= 0 (rand n) (- n 1))))
+
+(let ((rs (make-random-source)))
+  ;; chosen by fair dice roll.  guaranteed to be random
+  (random-source-pseudo-randomize! rs 4 4)
+  (let ((rand (random-source-make-integers rs)))
+    (do ((k 0 (+ k 5))
+         (n 1 (* n 2)))
+        ((> k 1024))
+      (test-random rand n))))
+
+(test-end)