Are .NET applications immune from classic pointer errors?

Question

Does some article or proof exist that .NET applications are immune to low level errors?

I'm talking about the classic pointer errors we can see in a C++ application, memory overflow, problems from the Intel DEP and so on.

I'm talking about .NET applications that do not use "unsafe" code, from what is my experience in this case only problems can be that of a memory leak or classic coding errors (like stack overflows) but I've never seen low level errors.

Could someone comment on this?

Answer 1

I would say that by design a pure .NET managed safe application is immune to exploits, but...

1. That's only by design

2. That application is also immune to performing any useful work - to do that it will have to interoperate with some unmanaged code - a great deal of effort goes into ensuring the BCL is immune to exploits, but...

   a. you can still write code to very effectively trash your hard drive and spam the planet with that.

   b. you can also call out to code that is designed to execute arbitrary native code that you could construct from a .NET application

Generally, it is immune to pointer errors and exec [data] type problems, but .NET is not immune to stack or memory overflow - there are a couple of points of memory leakage (infinite resurrection and large object heap).

Perhaps this is what you are looking for:

"Type Safety of C# and .NET CLR" ftp://ftp.inf.ethz.ch/pub/publications/diss/th17003.pdf

Answer 2

Although the managed environment keeps your code from generating any low-level errors as far as memory allocation and invalid pointers go, there's still a risk of low-level errors if your code uses any classes that in turn use operating system resources, such as file streams, network connections, threads, Windows handles, and COM objects.