dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
10
share rss forum feed

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

4 recommendations

reply to Link Logger

Re: Understanding Apple's SSL/TLS Bug

   if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
        goto fail;
        goto fail;
 

Snarky comment #1 - no code reviews at Apple, huh?

Snarky comment #2 - Edsger told you they were harmful!


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3

1 recommendation

said by dave:

Snarky comment #2 - Edsger told you they were harmful!

I don't know what the busting my gut rolling around on the floor laughing my ass off until I p*ssed my pants acronym is, but really it is tragically unfortunate that programmers today likely don't know who Edsger is and so this would be a post child example of those who don't learn from history are due to repeat it.

To bad I never had a chance to show Edsger my 'Come From' language.

Blake
Considered harmful
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

4 edits

1 recommendation

reply to dave
Evidently Apple employs "real programmers".

quote:
* Real Programmers aren't afraid to use GOTO's.

* Real Programmers can write five-page-long DO loops without getting confused.

* Real Programmers like Arithmetic IF statements -- they make the code more interesting.

:D

    if (a = b) goto epic_fail;
 
...
 
epic_fail:
    printf("Obviously programming isn't my forte. Time for a career change!\n");
 

PS:
--
Don't feed trolls--it only makes them grow!


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to dave
If you try compiling this in VC++ you will get a warning about unreachable code, but compile it in gcc and you won't get a warning using gcc's default settings. Good tools are essential, even for good coders as we all know about and have likely experienced 4AM code for example.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool


TAZ

join:2014-01-03
Tucson, AZ
kudos:3
said by Link Logger:

If you try compiling this in VC++ you will get a warning about unreachable code, but compile it in gcc and you won't get a warning using gcc's default settings. Good tools are essential, even for good coders as we all know about and have likely experienced 4AM code for example.

Apple uses Clang, FWIW.


leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET
reply to dave
I didn't recognize the first name, the last name is more familiar to me.

For everybody else that has an IDGI moment, this should help: (wikiquote) Edsger W. Dijkstra .

P.S.: dave See Profile might find the "Misattributed" section at the above link interesting
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8

2 recommendations

Then my joke was not in fact wirthless.


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to StuartMW
said by StuartMW:

Evidently Apple employs "real programmers".

quote:
* Real Programmers aren't afraid to use GOTO's.

* Real Programmers can write five-page-long DO loops without getting confused.

* Real Programmers like Arithmetic IF statements -- they make the code more interesting.

...

My personal favorite from that same source:
quote:
Real Programmers write self-modifying code...
Many years ago, in a period of coding arrogance, I constructed a Lotus Symphony program for special-purpose data archiving, analysis, and forecasting that contains a 975-line macro with 155 lengthy lines of self-modifying code, which I've run monthly since 1986. Each time it's run, it analyzes the entire data and forecast histories, performs computations, and accordingly modifies various lines within the macro code (both limits and instructions) for the next run. It has worked beautifully for its intended purpose over all those years. But, if my life depended on it, I could never reconstruct the values it's created along the way unless I re-started it from the documented initial state (the only documentation) and manually re-ran it for each set of monthly inputs. But real programmers never look back, and they never apologize...
--
The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money. -- A. de Tocqueville


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

said by Blackbird:

But real programmers never look back, and they never apologize...

Well fortunately the software engineers/computer scientists of today probably don't know what assembler language is let alone write any software in it. It is very difficult, if not impossible (by design), to write self-modifying code in high level languages. In assembler you can do what you want barring hardware restrictions.

The people that write ("good") malware do know assembler and how to do stuff at the hardware (CPU) level. I find it amusing that some 15-yr old hacker in Russia can write better code, in many respects, than a college educated software "professional".

To me software engineering is like any other engineering and requires discipline and a methodical approach. I know, however, that many in the industry don't believe that. Writing and building code is very easy unlike creating a building, bridge or a car. The latter require lots of planning and sometimes experimentation, before construction ever starts. Programs not so much.
--
Don't feed trolls--it only makes them grow!


Ctrl Alt Del
Premium
join:2002-02-18
kudos:1

1 edit

1 recommendation

reply to Link Logger
Some have said that -Wunreachable-code will cause gcc to catch it, but according to »gcc.gnu.org/ml/gcc-help/2011-05/···360.html this flag has been silently ignored.

But Apple now uses clang, which has -Weverything »clang.llvm.org/docs/UsersManual.···erything which no one has conclusively said will catch this.

In fact, the code style appears like it was a switch statement in a previous life, and was changed to if statements. Or this was a git merge that no one caught. And that there's no unit testing for this method, apparently.

All around fail.

EDIT: According to »twitter.com/_peterdn/status/4372···30523648 clang (not gcc) with the flag -Wunreachable-code will correctly label the code as unreachable.

Here's a great writeup: »www.imperialviolet.org/2014/02/2···bug.html
--
less talk, more music


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
Doesn't sound like that flag is enabled by default and not included in -wall which is interesting.


Ctrl Alt Del
Premium
join:2002-02-18
kudos:1
My mind boggles at the amount of fail involved in this bug.

The source file has all kinds of different indentation styles, different methods mix switch statements and chained if statements, apparently there's no corresponding unit tests, and the default build environment doesn't catch this.

At least we can all see the bug as it's open source.
--
less talk, more music


Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
I'm not sure that the fail is what people think it is. I'm thinking copy/paste error or one person suggested a possible merge problem, but certainly there are a couple of different ways to have found this and apparently none of them did, but I wouldn't be in a rush to hang anyone over this, but review the process and figure out what happened and how to prevent it in the future, but I doubt I'd be hanging anyone as I don't think it was a single person point of failure and process and tools are likely part of the problem.

Blake
--
Vendor: Author of Link Logger which is a traffic analysis and firewall logging tool