Skip to content

Conversation

jim-p-w
Copy link
Contributor

@jim-p-w jim-p-w commented Oct 14, 2025

This PR fixes a potential buffer overrun when reading string variables from a netcdf file.

A fixed size array is provided as an output buffer when reading a 0d-char character variable.
Call MPAS_io_inq_var prior to the read to get the size of the variable, and only proceed with the read if the size of the variable will fit in the provided array.
Return an error code if the variable value is larger than the provided output buffer.

A unit test is included to verify:

  1. An attempt to read a string variable into a buffer which is too small to hold the string value is detected
  2. When a buffer which is too small is detected, the read won't occur and an error code is returned
  3. When the test is run via valgrind, valgrind detects no memory errors or corruption
  4. If the code which detects the too small buffer is commented out the test crashes and valgrind reports memory corruption

A fixed size array is provided as an output buffer when reading a 0d-char
character variable. Call MPAS_io_inq_var prior to the read to get the
size of the variable, and only proceed with the read if the size of the
variable will fit in the provided array.
Return an error code if the variable value is larger than the provided
output buffer.
@jim-p-w jim-p-w marked this pull request as draft October 14, 2025 22:29
@mgduda mgduda requested review from amstokely and mgduda October 15, 2025 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants