[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]

Bear bear at sonic.net
Sat Mar 8 18:37:28 EST 2014

On Thu, 2014-03-06 at 01:40 +0100, Lodewijk andré de la porte wrote:
> 2014-03-04 23:38 GMT+01:00 Ray Dillinger <bear at sonic.net>:
>         As a developer, I rely on that warning because unreachable
>         code is ALWAYS a mistake. 
> Why with buffer overflows no code is truly unreachable! So I would
> rely on that warning to detect any possible buffer overflow.

Oh, that is so not the way it works.  "Unreachable code" by 
the sense the compiler looks for is code that cannot be reached
in the course of normal control flow.  Buffer overflows can 
work just as well with code that *can* be reached by normal 
control flow, so the "Unreachable code" warning won't touch 

On the other hand, using a language with boundary checking 
on parameters and variables (which is most modern languages, 
even modern compiled languages) is a fine way to disallow 
buffer overflow bugs completely. 

More information about the cryptography mailing list