Assuming that a C# program uses only managed .NET code, is it possible to have a buffer overflow security vulnerability within that program? If so, how would such vulnerability be possible?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Assuming that a C# program uses only managed .NET code, is it possible to have a buffer overflow security vulnerability within that program? If so, how would such vulnerability be possible?
Yes, but they are much harder to produce. You can only get buffer overflows if you use certain unsafe constructs, not with "normal" C# code. Memory corrupting code shouldn’t be possible at all, when your code is running with lowered trust.
A few possibilities for buffer overflows:
unsafekeyword, which allows pointers. Unsafe code is just as easy to get wrong, as pointer based code in C or C++.MarshalclassThere are also a few other ways to corrupt memory apart from buffer overflows.
StructLayoutKind.Explicit(The runtime itself is written in C++, so a bug in the runtime can also corrupt memory or overflow a buffer, but I consider that out of scope for this question)