On Thu, Apr 24, 2014 at 01:59:10PM +0200, Erik Cederstrand wrote: > Den 24/04/2014 kl. 13.07 skrev Ronald F. Guilmette <rfg@tristatelogic.com>: > > > > Sir, does not the following trivial and obvious single line modification > > to the above code eliminate the warning? And does it not do so *without* > > the need for ``considerable effort''? > > > > int x = -1; > > > > I thank you for providing me with the example above, and thus also this > > opportunity to so perfectly illustrate my fundamental point. > > The example I gave is of course trivial to rewrite. It was the > shortest possible example I could think of to illustrate the > situation. It was condensed from a really convoluted if-else case > which was not incorrect but quite difficult to untangle. And yes, it's > laudable to rewrite it for the sake of readability, but it doesn't fix > any security issues. I'm generally of the opinion that, all else being equal, making your code readable is a way to find bugs you did not know existed. Even more amazingly, making your code readable fixes bugs that have not yet been written. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"