Skip to content

Ensure the buffer provided to MPAS_io_get_var_generic is large enough. #1367

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Ensure the buffer provided to MPAS_io_get_var_generic is large enough. #1367

wants to merge 1 commit into from

Conversation

@jim-p-w
Copy link
Contributor

@jim-p-w jim-p-w commented Oct 14, 2025
edited
Loading

This PR fixes a potential buffer overrun when reading string variables from a netcdf file.

A fixed size array is provided as an output buffer when reading a 0d-char character variable.
Call MPAS_io_inq_var prior to the read to get the size of the variable, and only proceed with the read if the size of the variable will fit in the provided array.
Return an error code if the variable value is larger than the provided output buffer.

A unit test is included to verify:

  1. An attempt to read a string variable into a buffer which is too small to hold the string value is detected
  2. When a buffer which is too small is detected, the read won't occur and an error code is returned
  3. When the test is run via valgrind, valgrind detects no memory errors or corruption
  4. If the code which detects the too small buffer is commented out the test crashes and valgrind reports memory corruption

Fixes issue #1350

Note

When building with PIO, if the charArray (or the charArray1d) value exceeds the size of the tempchar buffer provided to the call to PIO_get_var, the value will be truncated to the size of the provided tempchar buffer (lines 2018, 2023, and 2042 in src/framework/mpas_io.F).

@jim-p-w jim-p-w marked this pull request as draft October 14, 2025 22:29
@mgduda mgduda requested review from amstokely and mgduda October 15, 2025 15:51
@jim-p-w
Ensure the buffer provided to MPAS_io_get_var_generic is large enough.
d610024 
A fixed size array is provided as an output buffer when reading a 0d-char
character variable. Call MPAS_io_inq_var prior to the read to get the
size of the variable, and only proceed with the read if the size of the
variable will fit in the provided array.
Return an error code if the variable value is larger than the provided
output buffer.
@jim-p-w jim-p-w force-pushed the atmosphere/check_buffer_len branch from 3d97db2 to d610024 Compare October 16, 2025 16:14
@jim-p-w jim-p-w marked this pull request as ready for review October 16, 2025 16:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mgduda mgduda Awaiting requested review from mgduda

1 more reviewer

@amstokely amstokely amstokely approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

bug fix Framework

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jim-p-w @amstokely @mgduda