Greenspun's Tenth Rule states that, "any sufficiently complicated C or Fortran program contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Common Lisp." For the current topic, "bug-ridden" is especially important.
It turns out that if your C code allows overflows, then it automatically contains the ability to load new code at runtime -- as if it had a scripting language to begin with. That language is machine code, which is further ironic, because machine code is worse than C (an impressive feat).
So, "sufficiently complicated" actually means "doesn't do runtime checks on any operation that could cause an overflow", which is almost all C code out there. The only question is how easy it is to trigger such a bug to run arbitrary code (e.g. by loading a picture).
Greenspun's Tenth Rule states that, "any sufficiently complicated C or Fortran program contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Common Lisp." For the current topic, "bug-ridden" is especially important.
It turns out that if your C code allows overflows, then it automatically contains the ability to load new code at runtime -- as if it had a scripting language to begin with. That language is machine code, which is further ironic, because machine code is worse than C (an impressive feat).
So, "sufficiently complicated" actually means "doesn't do runtime checks on any operation that could cause an overflow", which is almost all C code out there. The only question is how easy it is to trigger such a bug to run arbitrary code (e.g. by loading a picture).