-
time_t return of time() may be signed 32-bit and in that case probably will roll over in the year 2038 and yield a negative value; signedness was propagated in the XOR operation to the 'value' and then 'v' variables. The 'v % 62' operation then would had resulted in a negative value and LETTER[v%62] would had accessed an arbitrary data location. The same could had happened if the static long 'value' variable after a very long run time contained a sufficiently large value to which the time^pid value added resulted in a wrap / roll-over to a negative value. Using unsigned long types for 'value' and 'v' and casting time_t to unsigned long cures all this.