[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]

Jerry Leichter leichter at lrw.com
Mon Mar 3 14:28:39 EST 2014

On Mar 3, 2014, at 2:04 PM, Bear <bear at sonic.net> wrote:
> Okay, I have to say this despite the complaints on this 
> list about how common TERRIBLE security practices may be.
> This is completely over the top.  There is no way that this
> could possibly be accidental.
> In point of fact, I know of no commonly used or commercially 
> sold compiler that fails to emit unreachable-code warnings 
> by default.  Therefore I do not believe that this could be 
> anything but deliberate.  I would be willing to state exactly 
> that in a court of law.
You'd be showing your ignorance.  Both gcc and llvm have this warning turned off by default, at least for C.  In fact, neither of them have it as part of -Wall - you have to explicitly request it (-Wunreachable-code).  From the documentation:  "This option is not made part of -Wall because in a debugging version of a program there is often substantial code which checks correct functioning of the program and is, hopefully, unreachable because the program does work.  Another common use of unreachable code is to provide behavior which is selectable at compile-time."

You may not like it - I don't - but that's the way the compilers are configured - and have been for a long time.

> PS.  Any language that allows "goto" without use of a 
> keyword that can be searched for project-wide without 
> knowing the label gone-to is at best suspect.  It should 
> be terrifyingly easy (as easy as "grep -r goto *") to 
> find all uses of a Dubious Practice.
I have no idea what this means.
                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140303/725e2a2e/attachment.bin>

More information about the cryptography mailing list