How Unsafe is C#'s Unsafe Block?


How to Boost Database Development Productivity on Linux, Docker, and Kubernetes with Microsoft SQL Server 2017

Environment: C#

C# is the language of .NET. Microsoft believes this is the most powerful and safest language around. Yaaa. It is a "remix" of Java with certain features such as Unsafe blocks to boost performance. But, there is the hack; Microsoft has tried to make conflicting goals meet with C# an example of which are unsafe blocks. C#'s unsafe blocks can render code that is as dangerous as C++. To see how, let's look at the following code:

public class AClass {
  public int aValueMember=0;
  private string _aRefMember="default";
  public string aRefMember
    get {return _aRefMember;}

Now, looking at this class, it may seem that the instance member _aRefMember's value="default" cannot be changed. If you think so, picture this...

public class Client {
  public static void Main(string[] arg) {
    AClass obj=new AClass();
    Console.WriteLine("Before Unsafe Block.................");
    Console.WriteLine("obj.aRefMember: ="+obj.aRefMember);
    unsafe {
      char* arrayPtr;
      fixed(int* ptr=&obj.aValueMember) {
        arrayPtr=(char*)(*(ptr-1));    // taking the address of
                                       // obj._aRefMember,
                                       // subtracting 1 becuase
                                       // the heap and stack grow
                                       // downwards in C#
                                       // this can be even nastier
                                       // *(ptr-1)=-1;
        arrayPtr[6]='D';               // first 6 bytes of the
                                       // string contains
                                       // information such as the
                                       // length of the string...
        arrayPtr[7] ='E';
        arrayPtr[8] ='F';
        arrayPtr[9] ='A';

    Console.WriteLine("After Unsafe Block.....");
    Console.WriteLine("obj.aRefMember: ="+obj.aRefMember);

The Value of "obj.aRefMember" changed to "DEFAULT" from "default" ..... But, that's not all. You also can make the referance _aRefMember point to any location with this code:

  *(ptr-1)=XX;    // XX is any address be it legal or illegal

One thing that is encouraging is that if you assign an illegal address to the referance, the application will not crash but the CLR will raise a NullPointerException.

What the above code illustrates is that C#'s unsafe mechanism makes it as unsafe as C++. In principle, you can do many of the nasty things with it that you could do with C++, such as playing with the vTable and so forth.


  • test

    Posted by waldo on 10/05/2012 01:43pm

    Seems we have a few Microsoft apologists in the audiance.

  • Get a Life guys, he is just having his say

    Posted by Legacy on 08/19/2003 12:00am

    Originally posted by: 25yrVet

    Same as you guys can, no language is perfect, but surely needs to be discussed.

    Contribute dont denegrate

  • *Yawn* Another MS Basher

    Posted by Legacy on 08/08/2003 12:00am

    Originally posted by: Microsoftie

    How unoriginal.

    Here's an idea - how about if you don't want unsafe code, you don't write any? I would rather have the option of/not using unsafe code than have a language designer decide for me. I like choice.

  • What else would you expect?

    Posted by Legacy on 08/07/2003 12:00am

    Originally posted by: Warren Stevens

    I'm not trying to be too harsh towards the author, but...

    Is the fact that "unsafe" code actually turns out to be unsafe surprising to anyone???

  • Another whimp ass Java programmer

    Posted by Legacy on 08/06/2003 12:00am

    Originally posted by: Sam Fugarino

    What's wrong with you people. You use the term "as dangerous as C++." All I can say is so what. You don't have to use unsafe code in C#.By the way, Java was designed with C++ in mind.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • As all sorts of data becomes available for storage, analysis and retrieval - so called 'Big Data' - there are potentially huge benefits, but equally huge challenges...
  • The agile organization needs knowledge to act on, quickly and effectively. Though many organizations are clamouring for "Big Data", not nearly as many know what to do with it...
  • Cloud-based integration solutions can be confusing. Adding to the confusion are the multiple ways IT departments can deliver such integration...

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date