As per their docs, they identify something as a bloodhound exploit 274 if there's a piece of potentially malicious code that attempts to exploit the integer overflow vulnerability in GDI+. Symantec themself say that even an innocent program could be identified as malicious due to the "sensitive" nature of the detection technology used for identifying this particular malware (in cases where your program somehow share the behavioural characteristics of the code that exploits the said vulnerability).
Apply the patches if that's not already done, and if the problem persists, send your program to Symantec as what's being wrongly detected as malware.
The standard says tat distinct objects must have distinct identity (and if the identity is the address, a common way to get that is posing sizeof(A) = 1 by definition).
But this is ... compiler dependent. (they can even use 4 bytes to preserve the alignment!)
An Empty B inheriting the empty A may still have sizeof(B) == 1, not 2.
I know I shouldn't be using this type for strings and all this. Believe me, I've tried repeatedly to convince my customer this is not the right way to do things, but unfortunately it is not my decission...
Agreed. Use std::string or you can use one of many already existing string classes. You also could create an array of char if you have a series of strings whose length the compiler can computebv in advance.