An interesting analysis in a Guardian article below: “Apple should have found it, but didn’t either of its compilers (GCC and Clang) should have thrown an error, but testing by others has shown that it doesn’t unless you have a particular warning flag (for “unreachable code”) set. A compiler which pointed to “unreachable cod” (that is, a segment of code which will never be activated because it lies beneath a code diversion that always applies) would have caught it.” The full article is at the link provided.
http://www.theguardian.com/technology/2014/feb/25/apples-ssl-iphone-vulnerability-how-did-it-happen-and-what-next