On Mon, Mar 2, 2009 at 12:32 PM, Peter Dimov <pdimov@pdimov.com> wrote:
Thorsten Ottosen:
John Maddock skrev:
- From glancing at the implementation posted to the list, it does not appear to fall back to heap allocation once the maximum stack capacity is reached. push_back() simply asserts that the stack capacity hasn't been used up yet.
Yes, that is necessary to make push_back() inlinable.
It's also necessary if you want to introduce stack buffer overflow attacks. Now, I don't question the right of every C++ programmer to be able to overflow the stack, but I don't like this ability being presented under the name "push_back".
I agree strongly with Peter. The default needs to be safety, unless there is something to indicate the danger is accepted. Thus push_back() could throw on overflow, while unchecked_push_back() could have the semantics of the current push_back() implementation. There are probably other approaches, too, that would provide reasonable security. --Beman