Hacker News new | past | comments | ask | show | jobs | submit login

This is exactly what I thought when I first saw the Apple bug, and I was surprised that the author didn't mention this at all. He's blaming the programming language here, but I have yet to see a language where a single line accidentally duplicated or transposed by a merge tool couldn't cause the same problem.



Well, in Python, if you duplicate a return statement, then your code will recognize only the first statement. This, for example, will return 1:

  def func():
    return 1
    return 2
If the code from the goto fail example was written in Python so as to return an object when a condition was met, and it ended up with 2 return statements, then Python would have just returned the first one in the proper scope and moved on. Of course, this still depends on implementation in the code itself.


If we're talking about returns, then C/C++ would behave the same way. The second return is unreachable.

A duplicated line that isn't idempotent and that doesn't jump out of the current scope would be problematic.


Java (if it had gotos) would not have compiled this code because it doesn't allow unreachable code.


In the Apple SSL bug, a goto statement works much like a function call or a throw in Java. Here's a Java example that compiles without warning and has the same flaw:

    public static void foo() throws Exception {
        throw new Exception();
    }

    public static int bar() throws Exception {
        int x = 0;
        if(x == 1)
            foo();		
            foo();
        x++;
        return x;
    }




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: