Comment by LtWorf

12 hours ago

> the Go runtime which is written with deep expertise of Unix software

Go has no mmap(), import a 3rd party dependency for that and you'll get a segfault the very second you do a mistake.

Python has an mmap module which will catch many memory errors and present them as exception rather than causing a CVE.

4 comments

LtWorf

I don't agree with the parent comment, but mmap is exposed (low-level) in the standard library and there's a high-level wrapper in x/exp. You need to be careful with mmap no matter where you're using it.

What Go mmap CVE were you thinking of?

LtWorf 10 hours ago
> What Go mmap CVE were you thinking of?
Every time you see "segmentation fault", that right there is a CVE.
- tptacek 3 hours ago
  
  No, obviously.
- LtWorf 6 hours ago
  
  I see the vibe security experts found my comment :D