[dapperdrake]

Confer the recent bug related to goto-error handling in OpenSSH where the "additional" error return value wasn’t caught and allowed a security bypass accepting a failed key.

Cleanup is good. Jumping around with "goto" confused most people in practice. It seems highly likely that most programmers model "defer" differently in their minds.

EDIT:

IIRC it was CVE-2025-26465. Read the code and the patch.

[uecker]

It is not clear to me that defer helps here. The issue is management of state (the return value) not control flow.

[dapperdrake]

The return value depends on control flow ("obvious", please bear with me):

With "goto" the cleanup-up can jump anywhere. With "defer" the cleanup cannot really jump anywhere. It is easier to mentally stick to simply cleaning up in a common sense way. And taking care of multiple "unrelated" clean-up steps is "handled for you."

(Attacks on this sometimes approach complaints about lack of "common sense".)