No, I'm more trusting of those two precisely because they are used often in an unsafe environment and both have been gone over by people looking for problems to that end (and are under scrutiny for such problems going forward). I know of no such efforts being made on gcc since it's not in general use processing arbitrary user input, hence I'm substantially less sure of what it might do for malicious input.