docs: deprecated.rst: Clarify open-coded arithmetic with literals

Although using literals for size calculation in allocator arguments may
be harmless due to compiler warnings in case of overflows, it is better
to refactor the code to avoid the use of open-coded arithmetic.

So, clarify the preferred way in these cases.

Suggested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Len Baker <len.baker@gmx.com>
Reviewed-by: Gustavo A. R. Silva <gustavoars@kernel.org>
Link: https://lore.kernel.org/r/20210925143455.21221-1-len.baker@gmx.com
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
This commit is contained in:
Len Baker 2021-09-25 16:34:55 +02:00 коммит произвёл Jonathan Corbet
Родитель 6e74e68d0b
Коммит 3577cdb23b
1 изменённых файлов: 3 добавлений и 2 удалений

Просмотреть файл

@ -59,8 +59,9 @@ risk of them overflowing. This could lead to values wrapping around and a
smaller allocation being made than the caller was expecting. Using those
allocations could lead to linear overflows of heap memory and other
misbehaviors. (One exception to this is literal values where the compiler
can warn if they might overflow. Though using literals for arguments as
suggested below is also harmless.)
can warn if they might overflow. However, the preferred way in these
cases is to refactor the code as suggested below to avoid the open-coded
arithmetic.)
For example, do not use ``count * size`` as an argument, as in::