On Sun, May 13, 2018 at 9:05 PM, Steven D'Aprano <[email protected]> wrote: > On Sat, 12 May 2018 21:42:13 -0500, Python wrote: > >> Responding to this further would essentially just require me to >> reiterate what I already wrote--I won't do that. I'll simply maintain >> that in my rather lenghty experience, this mistake has actually been >> rather rare and has to my knowledge *never* caused a support issue >> requiring a bug fix to production code in projects I've been associated >> with. It's a useful construction whose detriment has, IMO, been >> completely overblown. > > I already linked to the attempt to install a backdoor in the Linux kernel > with this, but even for accidental errors, thirty seconds on the CVE > database finds at least one real-world example: > > https://www.cvedetails.com/cve/CVE-2009-4633/ > > > I expect that these days it will be rare, since most C compilers would > default to warning about it if you run with warnings enabled. >
That assumes that you regularly run with warnings enabled. While that might seem like a no-brainer, unfortunately it isn't. With the number of C compilers out there, it's hard to make sure your code compiles cleanly with -Wall on every one of them; and if there's a spew of warnings, one more isn't going to be noticed. So for a large codebase, it's entirely possible that it WON'T regularly be compiled with warnings enabled. Warnings certainly help, but they're not a complete solution. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
