Pointers in Go: A Friendly Guide
Pointers can be one of the more daunting topics for newcomers to the Go programming language—or any language, for that matter. . In the world of Go programming, pointers play a vital role, allowing you to access and modify data stored at various locations in your computer's memory.
so yeah what are pointers anyway ?
Essentially, a pointer references a memory location where data is stored rather than the data itself. Think of it like the address of a house—the address isn't the house itself, but it tells you where the house is located.
why use pointers ?
Pointers are powerful tools in Go because they allow you to:
- Modify data stored elsewhere: Since variables passed into functions are passed by value (i.e., a copy is created), without pointers, any modifications you make inside the function won’t affect the original variable. Pointers address this by allowing functions to modify the original variable directly.
- Optimize performance: Using pointers can be more efficient in terms of both memory usage and execution time. By passing around a memory address instead of large structs or objects, you cut down on the overhead required by copying large amounts of data.
basics of pointer syntax
In Go, a pointer is defined by placing a
Here's an example:
In this example,
Dereferencing Pointers
Dereferencing is the act of accessing the value at the memory address the pointer is pointing to. You dereference a pointer by placing an
Using the earlier example:
By prefixing
working with pointers in functions
One common use of pointers is to modify a variable inside a function:
This function changes the value of
pointer gotchas
While powerful, pointers need to be used with care to avoid common mistakes such as:
- Null pointer dereferencing: Accessing a pointer that hasn't been initialized can cause runtime errors because there’s no valid memory address to access.
- Memory leaks: This occurs when memory is allocated but not properly released, a more typical issue with languages that require manual memory management. Go's garbage collector significantly mitigates this risk, but it's good practice to keep track of your memory allocations.
best practices with pointers
- Use pointers when you need to modify the data being passed to a function.
- Consider the overhead of copying large structs vs. using pointer semantics.
- Avoid relying too much on pointers, as it might make your code harder to understand and maintain.
concluding thoughts
Pointers are a fundamental concept that can be powerful tools for efficient programming in Go. Think of them as arrows pointing to data locations. Understanding this simple analogy can make using pointers less daunting.
#TakeAByte #golang #pointers
@Mi_Ra_Ch
Pointers can be one of the more daunting topics for newcomers to the Go programming language—or any language, for that matter. . In the world of Go programming, pointers play a vital role, allowing you to access and modify data stored at various locations in your computer's memory.
so yeah what are pointers anyway ?
Essentially, a pointer references a memory location where data is stored rather than the data itself. Think of it like the address of a house—the address isn't the house itself, but it tells you where the house is located.
why use pointers ?
Pointers are powerful tools in Go because they allow you to:
- Modify data stored elsewhere: Since variables passed into functions are passed by value (i.e., a copy is created), without pointers, any modifications you make inside the function won’t affect the original variable. Pointers address this by allowing functions to modify the original variable directly.
- Optimize performance: Using pointers can be more efficient in terms of both memory usage and execution time. By passing around a memory address instead of large structs or objects, you cut down on the overhead required by copying large amounts of data.
basics of pointer syntax
In Go, a pointer is defined by placing a
* before a type. Let’s say you are dealing with an int. A pointer to an int is declared as *int.Here's an example:
var a int = 58
var p *int = &a
In this example,
a is a regular integer, and p is a pointer to an integer. The &a expression fetches the address of a, hence, p holds the address where the integer value 58 is stored, not the number 58 itself.Dereferencing Pointers
Dereferencing is the act of accessing the value at the memory address the pointer is pointing to. You dereference a pointer by placing an
* before it. Using the earlier example:
fmt.Println(*p) // This will print 58
By prefixing
p with an *, you fetch the value stored at the address p points to—the content of the house rather than its address.working with pointers in functions
One common use of pointers is to modify a variable inside a function:
func modifyValue(num *int) {
*num = 10
}
func main() {
a := 5
modifyValue(&a)
fmt.Println(a) // Prints 10
}This function changes the value of
a in the main function by passing the address of a to modifyValue.pointer gotchas
While powerful, pointers need to be used with care to avoid common mistakes such as:
- Null pointer dereferencing: Accessing a pointer that hasn't been initialized can cause runtime errors because there’s no valid memory address to access.
- Memory leaks: This occurs when memory is allocated but not properly released, a more typical issue with languages that require manual memory management. Go's garbage collector significantly mitigates this risk, but it's good practice to keep track of your memory allocations.
best practices with pointers
- Use pointers when you need to modify the data being passed to a function.
- Consider the overhead of copying large structs vs. using pointer semantics.
- Avoid relying too much on pointers, as it might make your code harder to understand and maintain.
concluding thoughts
Pointers are a fundamental concept that can be powerful tools for efficient programming in Go. Think of them as arrows pointing to data locations. Understanding this simple analogy can make using pointers less daunting.
#TakeAByte #golang #pointers
@Mi_Ra_Ch
⚡4
from "I want to be a doctor in the future" to "I just wanna be able to pay my bills" gotta be the most dramatic transition of my life 🥲
😢6😁4💔2
just wrote a package in Go. it's a link preview library and extracts the components needed for previewing links from a provided URL. It also has a caching feature and customizable user agent.
It's been indexed on official GoDocs site too.
[GitHub Repo] [GoDocs index]
#MyProjects #linkpreview #golang
@Mi_Ra_Ch
go get github.com/AmanuelCh/linkpreview
It's been indexed on official GoDocs site too.
[GitHub Repo] [GoDocs index]
#MyProjects #linkpreview #golang
@Mi_Ra_Ch
🔥5
Mira
just wrote a package in Go. it's a link preview library and extracts the components needed for previewing links from a provided URL. It also has a caching feature and customizable user agent. go get github.com/AmanuelCh/linkpreview It's been indexed on official…
feels great watching your packages making it to the GoDocs 🤗
for my fellow gophers, you can import the package and start using it in your projects when you need it. The README file on the GitHub repo shows you how to use it.
for my fellow gophers, you can import the package and start using it in your projects when you need it. The README file on the GitHub repo shows you how to use it.
🔥10
Fuzzing: The ultimate stress test for your software
What is Fuzzing?
Fuzzing, or fuzz testing, is an automated software testing technique that involves providing a program with invalid, unexpected, or random data as inputs. The goal? To uncover bugs, security vulnerabilities, and other issues that could lead to system crashes or exploits. Imagine throwing a bunch of weird inputs at your software and seeing what breaks—that’s fuzzing in a nutshell!
Why Fuzzing Matter
In today’s digital landscape, security is everything. With cyber threats lurking around every corner, developers need effective ways to identify vulnerabilities before they can be exploited. Fuzzing helps in:
Finding Bugs: It can reveal issues that traditional testing methods might miss, especially edge cases that occur under unusual conditions.
Enhancing Security: By identifying vulnerabilities, fuzzing helps developers patch holes before they can be exploited by malicious actors.
Automating Testing:
Fuzzing can run continuously, making it easier to integrate into CI/CD pipelines, allowing for rapid feedback and quicker fixes.
How Fuzzing Works
Fuzzing can be broken down into a few key steps:
Input Generation: The fuzzer generates a large number of inputs, which can be random or
based on predefined templates. Some fuzzers use smart algorithms to create inputs that are more likely to trigger bugs.
Execution: The generated inputs are fed into the target program. This is where the magic happens—if the program crashes or behaves unexpectedly, that’s a
potential bug!
Monitoring: The fuzzer monitors the program’s behavior during execution. If it detects a crash, it logs this information for further analysis.
Reporting: Finally, the fuzzer compiles a report detailing the inputs that caused
issues, allowing developers to investigate and fix the bugs.
Types of Fuzzing
Black-Box Fuzzing: This approach treats the software as a black box, focusing solely on inputs and outputs without any knowledge of the internal workings. It’s
like throwing spaghetti at the wall to see what sticks.
White-Box Fuzzing: Here, the fuzzer has access to the source code and can generate inputs based on code paths. This method is more efficient but requires more setup.
Grey-Box Fuzzing: A hybrid approach that combines elements of both black-box and white-box fuzzing. It uses some knowledge of the code while still testing the software as a black box.
Popular Fuzzing Tools
There are several fuzzing tools available, each designed for different scenarios. Here are a few heavy hitters in the fuzzing arena:
American Fuzzy Lop (AFL): This is a popular grey-box fuzzer that uses genetic algorithms to
discover new test cases. It’s particularly good at finding memory corruption bugs and is widely used in the security community.
LibFuzzer: Part of the LLVM project, LibFuzzer is a white box fuzzer that performs coverage-guided fuzzing. It’s super effective for testing libraries and can be integrated into existing projects easily.
OSS-Fuzz: A continuous fuzzing service provided by Google for open-source projects. It integrates with other fuzzing tools to continuously test software and
report bugs, helping maintainers keep their projects secure.
Peach Fuzzer: This tool is great for fuzzing network protocols and file formats. It allows testers to define custom data models for generating test inputs, making it highly customizable.
Boofuzz: A fork of the Sulley Fuzzing Framework, Boofuzz is designed for network protocol fuzzing. It’s user-friendly and allows for easy customization
of network protocol specifications.
Real-World Applications of Fuzzing
Fuzzing isn’t just a theoretical exercise; it’s been used in
real-world scenarios to uncover critical vulnerabilities. Here are a couple of notable examples:
Because sometimes, the best way to break things is to break them randomly. -- Me lol
What is Fuzzing?
Fuzzing, or fuzz testing, is an automated software testing technique that involves providing a program with invalid, unexpected, or random data as inputs. The goal? To uncover bugs, security vulnerabilities, and other issues that could lead to system crashes or exploits. Imagine throwing a bunch of weird inputs at your software and seeing what breaks—that’s fuzzing in a nutshell!
Why Fuzzing Matter
In today’s digital landscape, security is everything. With cyber threats lurking around every corner, developers need effective ways to identify vulnerabilities before they can be exploited. Fuzzing helps in:
Finding Bugs: It can reveal issues that traditional testing methods might miss, especially edge cases that occur under unusual conditions.
Enhancing Security: By identifying vulnerabilities, fuzzing helps developers patch holes before they can be exploited by malicious actors.
Automating Testing:
Fuzzing can run continuously, making it easier to integrate into CI/CD pipelines, allowing for rapid feedback and quicker fixes.
How Fuzzing Works
Fuzzing can be broken down into a few key steps:
Input Generation: The fuzzer generates a large number of inputs, which can be random or
based on predefined templates. Some fuzzers use smart algorithms to create inputs that are more likely to trigger bugs.
Execution: The generated inputs are fed into the target program. This is where the magic happens—if the program crashes or behaves unexpectedly, that’s a
potential bug!
Monitoring: The fuzzer monitors the program’s behavior during execution. If it detects a crash, it logs this information for further analysis.
Reporting: Finally, the fuzzer compiles a report detailing the inputs that caused
issues, allowing developers to investigate and fix the bugs.
Types of Fuzzing
Black-Box Fuzzing: This approach treats the software as a black box, focusing solely on inputs and outputs without any knowledge of the internal workings. It’s
like throwing spaghetti at the wall to see what sticks.
White-Box Fuzzing: Here, the fuzzer has access to the source code and can generate inputs based on code paths. This method is more efficient but requires more setup.
Grey-Box Fuzzing: A hybrid approach that combines elements of both black-box and white-box fuzzing. It uses some knowledge of the code while still testing the software as a black box.
Popular Fuzzing Tools
There are several fuzzing tools available, each designed for different scenarios. Here are a few heavy hitters in the fuzzing arena:
American Fuzzy Lop (AFL): This is a popular grey-box fuzzer that uses genetic algorithms to
discover new test cases. It’s particularly good at finding memory corruption bugs and is widely used in the security community.
LibFuzzer: Part of the LLVM project, LibFuzzer is a white box fuzzer that performs coverage-guided fuzzing. It’s super effective for testing libraries and can be integrated into existing projects easily.
OSS-Fuzz: A continuous fuzzing service provided by Google for open-source projects. It integrates with other fuzzing tools to continuously test software and
report bugs, helping maintainers keep their projects secure.
Peach Fuzzer: This tool is great for fuzzing network protocols and file formats. It allows testers to define custom data models for generating test inputs, making it highly customizable.
Boofuzz: A fork of the Sulley Fuzzing Framework, Boofuzz is designed for network protocol fuzzing. It’s user-friendly and allows for easy customization
of network protocol specifications.
Real-World Applications of Fuzzing
Fuzzing isn’t just a theoretical exercise; it’s been used in
real-world scenarios to uncover critical vulnerabilities. Here are a couple of notable examples:
👍1
Google’s OSS-Fuzz Initiative:
Since its launch, Google’s OSS-Fuzz has helped identify over 8,800 vulnerabilities across various open-source projects. By continuously fuzzing these projects, Google has significantly improved the security
posture of many widely-used software applications.
The Month of Kernel Bugs:
This initiative revealed numerous vulnerabilities in the Linux kernel through targeted fuzzing efforts. By focusing on kernel-level code, researchers were able to discover and patch critical flaws that could have been exploited by attackers.
Best Practices for Fuzzing
To get the most out of fuzzing, here are some best practices to keep in mind:
Integrate with CI/CD: Incorporate fuzzing into your continuous integration and delivery pipelines to catch bugs early.
Use Feedback-Based Fuzzing: Leverage tools that provide feedback on code coverage to improve the efficiency of your fuzzing efforts.
Automate Bug Triage: Use automated tools to categorize and prioritize bugs based on their severity, making it easier to manage and address issues.
Document Findings: Keep detailed records of the inputs that caused crashes or unexpected behavior. This will help developers understand and fix the underlying issues.
Concluding Thoughts
Fuzzing is an essential technique in the software testing toolkit, especially in today’s security-conscious environment. By throwing unexpected inputs at your software, you can uncover hidden vulnerabilities and bugs that might otherwise go unnoticed.
#TakeAByte #fuzzing #pentest
@Mi_Ra_Ch
Since its launch, Google’s OSS-Fuzz has helped identify over 8,800 vulnerabilities across various open-source projects. By continuously fuzzing these projects, Google has significantly improved the security
posture of many widely-used software applications.
The Month of Kernel Bugs:
This initiative revealed numerous vulnerabilities in the Linux kernel through targeted fuzzing efforts. By focusing on kernel-level code, researchers were able to discover and patch critical flaws that could have been exploited by attackers.
Best Practices for Fuzzing
To get the most out of fuzzing, here are some best practices to keep in mind:
Integrate with CI/CD: Incorporate fuzzing into your continuous integration and delivery pipelines to catch bugs early.
Use Feedback-Based Fuzzing: Leverage tools that provide feedback on code coverage to improve the efficiency of your fuzzing efforts.
Automate Bug Triage: Use automated tools to categorize and prioritize bugs based on their severity, making it easier to manage and address issues.
Document Findings: Keep detailed records of the inputs that caused crashes or unexpected behavior. This will help developers understand and fix the underlying issues.
Concluding Thoughts
Fuzzing is an essential technique in the software testing toolkit, especially in today’s security-conscious environment. By throwing unexpected inputs at your software, you can uncover hidden vulnerabilities and bugs that might otherwise go unnoticed.
#TakeAByte #fuzzing #pentest
@Mi_Ra_Ch
⚡1
Mira
just wrote a package in Go. it's a link preview library and extracts the components needed for previewing links from a provided URL. It also has a caching feature and customizable user agent. go get github.com/AmanuelCh/linkpreview It's been indexed on official…
at first the goal was to create a site where I can paste a link and get metadata previews especially the image so that when sharing links on telegram I can attach the image. I looked for packages on npm but turns out most of them are hosted on heroku free version back then and don't work anymore. so I wrote a node code that uses puppeteer headless browser and scrapes the site's metadata. but deploying was quite a hustle and decided to write it in Go. the beauty of Go is you don't need extra setups or hosting providers to publish your packages.