On 03/24/2016 12:32 PM, Martin Richtarsky wrote:
we are using the -fstack-protector compiler option with gcc 5.x to detect stack smashing. While analyzing a performance regression resulting from this I found the instrumentation is also done for our STL string implementation which has an interned buffer for short strings. So basically a function having an object of that string class on the stack would incur some performance overhead due to checking, although it can be argued that the string class is pretty safe.
I don't think this is true. If your implementation matches typical std::string classes (I assume it does because of “STL string”), it has iterators which allow easy out-of-bounds write access.
Florian
