[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]
Bear
bear at sonic.net
Sat Mar 8 18:37:28 EST 2014
On Thu, 2014-03-06 at 01:40 +0100, Lodewijk andré de la porte wrote:
>
> 2014-03-04 23:38 GMT+01:00 Ray Dillinger <bear at sonic.net>:
> As a developer, I rely on that warning because unreachable
> code is ALWAYS a mistake.
>
> Why with buffer overflows no code is truly unreachable! So I would
> rely on that warning to detect any possible buffer overflow.
Oh, that is so not the way it works. "Unreachable code" by
the sense the compiler looks for is code that cannot be reached
in the course of normal control flow. Buffer overflows can
work just as well with code that *can* be reached by normal
control flow, so the "Unreachable code" warning won't touch
them.
On the other hand, using a language with boundary checking
on parameters and variables (which is most modern languages,
even modern compiled languages) is a fine way to disallow
buffer overflow bugs completely.
Bear
More information about the cryptography
mailing list