"Golang" wait,why not Safe

This is a creation in Article, where the information may have evolved or changed.

Slice I know, not just an array-based window!

Give me a question.

Good ~

Package Main

Func Main () {

var arr = [10]int{0, 1, 2, 3, 4, 5, 6, 7, 8, 9}

S: = Arr[2:6]

Modify (s)

}

Func Modify (tmp []int) {

Listen and listen //implement this function to change the value of arr[8] to

}

You must not tell me this is true:

var point = &tmp[3]

Point + = 3

*point = 200

You really have a blind heart to do this:)

Because the Golang pointer does not allow operations, such as this will throw invalid Operation:point + = 3 (mismatched types *int and int) Error ~ ~ ~

Forget it, or let do this young.

The light blue is the slice current length, the entire blue (light blue + dark blue) is the capacity of the slice

You can see {2,3,4,5} from the window of slice, but if you expand the capacity of slice you can see {2,3,4,5,6,7,8,9}, slice can modify the slice of the array from the point of view of the arr[8].

(1) address of the s[3] address, i.e. arr[5]

&S[3]

(2) Convert the address of s[3] to an unsafe pointer

unsafe. Pointer (&s[3])

(3) Convert the s[3] unsafe pointer to a UINT address

UIntPtr (unsafe. Pointer (&s[3]))

(4) Move the pointer back 3 elements

var nextelement = uintptr (unsafe. Pointer (&s[3])+ 3 * 8 listen//How do I know that each int accounts for 8 bytes, you can use unsafe. Offsetof View

(5) Convert the UINT address of the target element to an unsafe pointer

unsafe. Pointer (nextelement listen )

(6) Convert the unsafe pointer of the target element to an address

( *int) (unsafe. Pointer (nextelement listening ))

(7) Modifying the value of the target element

* (*int) (unsafe. Pointer (nextelement listen )) = 200

The complete program is as follows:

Package Main

Import "FMT"

Import "unsafe"

Func Main () {

var arr = [10]int{0, 1, 2, 3, 4, 5, 6, 7, 8, 9}

S: = Arr[2:6]

Modify (s)

Fmt. Println (arr)

}

Func Modify (tmp []int) {

var src = uintptr (unsafe. Pointer (&tmp[3]))

var dest = (*int) (unsafe. Pointer (src + 3*8))

*dest = 200

}

Execute the result as follows:

[0 1 2 3 4 5 6 7 200 9]

So even though slice is part of the array, and there is no capacity to expand, the attacker can still attack the invisible elements of the underlying array by simply manipulating the slice, which is a security risk from a secure coding standpoint:)

Some knowledge about slice, I want to do an animation, from the dimension of the window to explain again.

This article is from the "Green Guest" blog, please be sure to keep this source http://qingkechina.blog.51cto.com/5552198/1895889