[j_s]

Has HN ever discussed the possibilities when purposely crafting worst-case input to amplify a denial-of-service attack?

[nightcracker]

If whoever you're targeting uses libc++, I already did the analysis: https://bugs.llvm.org/show_bug.cgi?id=20837

To my knowledge it's still not fixed.

[beagle3]

Doug McKilroy did some 20 years ago, for quick sort:

http://www.cs.dartmouth.edu/~doug/mdmspe.pdf