> When compiled with a sufficiently nasty compiler...
I don't think this is true. Does the C standard say anywhere that if you read an arbitrary
buffer before ever writing it, then the entire buffer can be ignored forevermore? Even though
the OpenSSL code is idiotic, even the nastiest C compiler will be obligated to do the right
> openssl guys are not strong on admitting fault.
That is all too true. :( The OpenSSL guys' handling of this incident has been so strange
that I wonder if they're related to OpenBSD somehow...?