CaptchaGenerator — rand() & 8 produces bimodal jitter (only 0 or 8, never 1-7)
Summary¶
srchybrid/CaptchaGenerator.cpp:192 uses rand() & 8 to produce a small vertical jitter for CAPTCHA letter rendering. rand() & 8 tests bit 3 only — it produces only 0 or 8 (50/50) instead of a distributed range. Every CAPTCHA letter is either vertically centered or shifted exactly 8 pixels down. The fix was on the stale branch but not merged to main.
Location¶
srchybrid/CaptchaGenerator.cpp line 192 (inside the letter-rendering loop):
y2 += rand() & 8;
Problem¶
rand() & 8 tests only bit 3 of the return value. The result is a bimodal distribution: either 0 (when bit 3 is clear) or 8 (when bit 3 is set), each with exactly 50% probability. No intermediate values (1–7) are ever produced.
The intent is clearly a small random vertical offset. The bimodal distribution makes the CAPTCHA character placement visually predictable and weakens the randomness of the rendered image.
Fix¶
For a uniform range 0–7 pixels:
y2 += rand() & 7; // 3-bit mask: 0..7
For a uniform range 0–8 pixels:
y2 += rand() % 9; // modulo: 0..8
rand() & 7 is the simplest fix and consistent with the intent of "small random vertical shift".
Product Decision¶
2026-05-01: Marked Wont-Fix for the broadband release by product decision.
The CAPTCHA jitter issue is real but low release value, and the broader CAPTCHA
cleanup remains better aligned with REF-027 if that refactor is ever pursued.
Acceptance Criteria¶
No acceptance criteria remain active under the current product decision. If the item is reopened:
- [ ]
rand() & 8replaced withrand() & 7(orrand() % 9) inCaptchaGenerator.cpp - [ ] CAPTCHA renders with visually distributed vertical offsets (manual visual check)