On 6 February 2018 at 20:19, Martin Sebor wrote: > But no runtime protection happens for libstdc++ containers, > even with _FORTIFY_SOURCE, because libstdc++ either uses > the GCC built-in functions (__builtin_memcpy) directly or > "rolls" its own loops (std::copy, etc.) that GCC transforms > into calls to the non-checking built-ins. For the former, > it might be worth considering using the checking built-ins > instead. Jonathan will know best if this would make sense > and how much it might benefit. For the latter, I'm sure > there are opportunities for GCC to do better and check > the bounds of the copies either before emitting calls to > these functions or propagating their bounds. My completely unsubstantiated guess is that people might pass out-of-bounds pointers to std::string members more often than other containers. We certainly could add more checking, but I don't know if it's worth prioritizing. There are thousands of things we could do with more hands to do the work. I've opened https://gcc.gnu.org/PR84256 so it isn't forgotten.
