- Fixed bug #53403 (use of unitialized values). Fixes the fix for bug #46587.

- Added test for bug #46587.

2 files changed, 24 insertions, 7 deletions

diff --git a/ext/standard/rand.c b/ext/standard/rand.c
index 8cd130d969..5658d3c70c 100644
--- a/ext/standard/rand.c
+++ b/ext/standard/rand.c
@@ -315,18 +315,19 @@ PHP_FUNCTION(mt_rand)
 	long number;
 	int  argc = ZEND_NUM_ARGS();
 
-	if (argc != 0 && zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE)
-		return;
+	if (argc != 0) {
+		if (zend_parse_parameters(argc TSRMLS_CC, "ll", &min, &max) == FAILURE) {
+			return;
+		} else if (max < min) {
+			php_error_docref(NULL TSRMLS_CC, E_WARNING, "max(%ld) is smaller than min(%ld)", max, min);
+			RETURN_FALSE;
+		}
+	}
 
 	if (!BG(mt_rand_is_seeded)) {
 		php_mt_srand(GENERATE_SEED() TSRMLS_CC);
 	}
 
-	if (max < min) {
-		php_error_docref(NULL TSRMLS_CC, E_WARNING, "max(%ld) is smaller than min(%ld)", max, min);
-		RETURN_FALSE;
-	}
-
 	/*
 	 * Melo: hmms.. randomMT() returns 32 random bits...
 	 * Yet, the previous php_rand only returns 31 at most.
diff --git a/ext/standard/tests/general_functions/bug46587.phpt b/ext/standard/tests/general_functions/bug46587.phpt
new file mode 100644
index 0000000000..becbde9648
--- /dev/null
+++ b/ext/standard/tests/general_functions/bug46587.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Bug #46587 (mt_rand() does not check that max is greater than min).
+--FILE--
+<?php
+
+var_dump(mt_rand(3,8));
+var_dump(mt_rand(8,3));
+
+echo "Done.\n";
+?>
+--EXPECTF--
+int(%d)
+
+Warning: mt_rand(): max(3) is smaller than min(8) in %s on line %d
+bool(false)
+Done.