I have read a bit about the security of printf() in C++. Examples can be found e.g. here. It left me wondering if fmt.Printf() from golang is safe. To be more specific if it is safe if the formatted string itself could be forged.
inputString := "String from user"
x := "test"
fmt.Printf(inputString, x, 15)
When trying to replicate the exploits from C++, golang does not seem to be vulnerable.
E.g. fmt.Printf("%s%s%s%s%s%s%s%s%s%s%s%s ") does not crash the program in golang.
Such an analysis of course is no proof that this would be secure in golang. So i wanted to ask here: Have the developers of go foolproofed its printf function?
Edit: By foolproof I mean that it does not have any unexpected side effects. I would expect the resulting string to be totally compromised of course. I would not expect the user to be able to gain privileged information (like the content of variables not passed to printf), or the user to be able to write any memory (e.g. assign a new value to x).
Many of the memory issues in C/C++ are related to null termination and buffer overflows. Golang lacks both of those. Strings are managed resources. Baring a compiler bug, it's not possible to terminate a string in such a way as to escape into the stack.
Take your example, as the example. Due to the variadic nature of the function, having a lot of input handlers with no handlers does not impact the code. As far as printf knows, the format string needs nothing replaced. Since you can't pass in anything destructive, even if your example took a dynamic value for ' a ...interface{}', you're protected by the compiler's string protecting code.