[Development] websockets (was RE: Qt 5.3 Feature freeze is coming quite soon...)

Thiago Macieira thiago.macieira at intel.com
Mon Feb 10 23:42:55 CET 2014


Em seg 10 fev 2014, às 20:34:20, Olivier Goffart escreveu:
> > > static QElapsedTimer t;
> > > return qsrand(t.nsecsElapsed());
> >
> > 
> >
> > You forgot to start() the timer. Which means this is a really poor choice
> > for seeing the random engine, since a newly-started elapsed timer will be
> > very close to zero.
> 
> I relied on the fact that the statics are zero initialized.

Zero initialisation is not valid initialisation for QElapsedTimer. You'll get 
a garbage output.

It may work due to the way that the implementation is done. But it's totally 
undefined behaviour. Don't use it.

Right now, QElapsedTimer uses LLONG_MIN as a pattern to indicate invalid 
values, but I could change that to use zeroes. It's extremely unlikely that 
the monotonic clock is zero when you start the timer. Zero comparison is a lot 
simpler than LLONG_MIN.

Also, there's a pending patch to make QElapsedTimer non-POD by adding a 
default constructor. Quite a few people have been bitten by the need to 
invalidate() or start().

Finally, even if it were valid to zero-initialise QElapsedTimer, it would be a 
security breach to use it in such a way to seed the random generator. If you 
don't modify a system, boot times should be fairly constant. That means 
multiple boots will initialise applications at roughly the same time, which 
means the monotonic clock will have the same value and you'd be seeding the 
PRNG with the same value or the same few possibilities. That would mean a 
predictable sequence out of qrand().

-- 
Thiago Macieira - thiago.macieira (AT) intel.com
  Software Architect - Intel Open Source Technology Center




More information about the Development mailing list