[Cryptography] GOTO Considered Harmful
tytso at mit.edu
Sat Mar 1 00:09:29 EST 2014
On Fri, Feb 28, 2014 at 08:19:25PM -0500, Jerry Leichter wrote:
> It's been suggested that this smells like a git merge problem.
Git is actually quite paranoid if there is any changes in the
surrounding code. It's not at all obvious to me that you could
construct a situation where an automated merge resolution would result
in the double "goto fail;" situation.
I could imagine that git flagged a merge conflict, and a human failed
to delete the extra line while fixing up a merge conflict, but in that
case, the changes needed to clean up the merge conflict, and any
deltas from the automated merge resolution, *do* show up if you use a
code review tool such as Gerrit (which is what the Android and
Chromium developers use; the production kernel team inside Google uses
Gerrit as well, so that all changes get reviewed by a second
I can't speak for other tools (does Apple use Git, or does it use some
other SCCS?), but it's hard to imagine how the use of git and Gerrit
for code review could allow an error like this to slip through.
More information about the cryptography