On 06/05/2012 11:05 AM, Richard Guenther wrote:
And that would only be at -O1. Note that such range-checks will defeat most, if not all, loop optimizations, too. So C++ code using std::vector in compute-intensive parts would be severely pessimized.
Array bounds check elimination could deal with that, but that would require to teach the compiler about std::vector internals.
So, I don't think fortifying libstdc++ is a good idea at all.
For std::vector and operator[] I agree, but I wouldn't discard the entire idea completely. (std::array would be much cheaper to check, but then we'd lose consistency.)
I'm going to look for tool support for locating such uses of operator[]. We might start recommending developers to switch to the at() member functions in most code.
-- Florian Weimer / Red Hat Product Security Team
