There's a library called "unsafe" explicitely for this. I think it's reasonable to expect people to generally not use it, though.

http://golang.org/pkg/unsafe/

As far as I know, it can only create a pointer of type A that actually points to a value of type B, not reference unallocated/deallocated memory. Nullable<T> could do that too if the language allowed it.

It's definitely possible to access unallocated memory e.g.,

// p points to address 1000

p := (*int)(unsafe.Pointer(uintptr(1000)))

Of course, this is why use of the unsafe package is heavily discouraged.

Any language that lets you call out into third-party libraries not written in that language can end up with heap corruption.

The important distinction is that a 'Nullable' value type need not involve a pointer, which means it can entirely live on the stack, which dramatically limits the damage that can be done by corruption: Worst case, corruption sets the 'hasValue' flag to true, and you read an uninitialized struct off the stack. Much less catastrophic than a double-free or pointer into random memory (Though, of course, a determined attacker could probably make do with either).