Is Go vulnerable for buffer overflow

Question

I know languages like c# aren't vulnerable to buffer overflows unless you marshal or use unsafe code. But is go vulnerable for buffer overflows?

Grzegorz Żur · Accepted Answer · 2018-03-06T22:08:09.220

17

Go checks for bounds in strings, arrays and slices so it is not vulnerable as long as you are not playing around with unsafe package.

edited Mar 06 '18 at 22:08

answered Oct 26 '16 at 13:01

Grzegorz Żur

47,257
14
109
105

Do you have a source for this? – cody.tv.weber Mar 06 '18 at 20:08
2

@codemon2002 It is defined in the linked language specification. – Grzegorz Żur Mar 06 '18 at 22:08

score 4 · Answer 2 · answered Oct 26 '16 at 13:06

After a quick search I found this link: http://0xdabbad00.com/2015/04/12/looking_for_security_trouble_spots_in_go_code/

It states that golang is safe from most "known" attacks ("known" as in used in C). For instance, the fact that there is no pointer arithmetics, no manual memory management make it less prone to errors that would lead to "exploitable" code.

I'm no expert of golang but it seems like a well thought language with a good environment (std lib, compiler, etc...)

score 2 · Answer 3 · answered Dec 08 '21 at 13:06

"Go in general is a safe language. It has memory builtin safety measures that should avoid common buffer overflow vulnerabilities, like they often exist in C programs." https://dev.to/jlauinger/exploitation-exercise-with-unsafe-pointer-in-go-information-leak-part-1-1kga

As also said there "The unsafe standard library package defeats this memory safety. With unsafe.Pointer, we can create a pointer of arbitrary type."

So like @Grzegorz Żur said it is not vulnerable as long as you are not playing around with unsafe packages.

Cheers

Is Go vulnerable for buffer overflow

3 Answers3