[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]

Lodewijk andré de la porte l at odewijk.nl
Sun Mar 9 18:50:33 EDT 2014

2014-03-09 0:37 GMT+01:00 Bear <bear at sonic.net>:

> Oh, that is so not the way it works.  "Unreachable code" by
> the sense the compiler looks for is code that cannot be reached
> in the course of normal control flow.  Buffer overflows can
> work just as well with code that *can* be reached by normal
> control flow, so the "Unreachable code" warning won't touch
> them.

Oh, you so don't get what I meant. What is normal control flow anyway? This
is not functional programming. This is about GOTO related stuff. GOTO
actually sets the instruction pointer, go figure!

On the other hand, using a language with boundary checking
> on parameters and variables (which is most modern languages,
> even modern compiled languages) is a fine way to disallow
> buffer overflow bugs completely.

Talk to the hordes of angry C(++) programmers about that. Fact is that a
pointer is a very powerful and convenient way to deal with mass memory
manipulation. Fact also is that we are rarely making memory manipulators,
frequently API intermediaries.

I have to say it doesn't always get much easier with higher level
languages. Transparent (iow: unclear if I am using them) references cause a
many great bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140309/53066f5c/attachment.html>

More information about the cryptography mailing list