lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 14 Sep 2021 15:07:00 -0600
From:   Jonathan Corbet <>
To:     Len Baker <>, Kees Cook <>
Cc:     Len Baker <>,
        "Gustavo A. R. Silva" <>,
        Joe Perches <>,,,
Subject: Re: [PATCH v2] docs: deprecated.rst: Clarify open-coded arithmetic
 with literals

Len Baker <> writes:

> Although using literals for size calculation in allocator arguments may
> be harmless due to compiler warnings in case of overflows, it is better
> to refactor the code to avoid the use of open-coded math idiom.
> So, clarify the preferred way in these cases.
> Suggested-by: Kees Cook <>
> Signed-off-by: Len Baker <>
> ---
> Changelog v1 -> v2
>  - Clarify the sentence by changing "keep <foo> out" with "avoid <foo>"
>    (Joe Perches).
>  Documentation/process/deprecated.rst | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> diff --git a/Documentation/process/deprecated.rst b/Documentation/process/deprecated.rst
> index 9d83b8db8874..b5a8be914178 100644
> --- a/Documentation/process/deprecated.rst
> +++ b/Documentation/process/deprecated.rst
> @@ -60,7 +60,8 @@ smaller allocation being made than the caller was expecting. Using those
>  allocations could lead to linear overflows of heap memory and other
>  misbehaviors. (One exception to this is literal values where the compiler
>  can warn if they might overflow. Though using literals for arguments as
> -suggested below is also harmless.)
> +suggested below is also harmless. So, the preferred way in these cases is
> +to refactor the code to avoid the open-coded math idiom.)

Sorry for being so slow to get to this...  honestly, though, I've been
staring at it for a bit and cannot figure out what you are trying to
communicate.  What does "math idiom" mean here?  If you are trying to
say that using literals is *not* harmless, then perhaps the first part
of the parenthetical should be taken out?



Powered by blists - more mailing lists