Ensure the buffer provided to MPAS_io_get_var_generic is large enough. #1367
+269
−14
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
amstokely
approved these changes
Oct 16, 2025
jim-p-w
force-pushed
the
atmosphere/check_buffer_len
branch
from
3d97db2 to
d610024
Compare
mgduda
requested changes
Dec 20, 2025
jim-p-w
force-pushed
the
atmosphere/check_buffer_len
branch
from
d610024 to
7f2f3a8
Compare
mgduda
reviewed
Dec 23, 2025
mgduda
reviewed
Dec 23, 2025
mgduda
reviewed
Dec 23, 2025
mgduda
reviewed
Dec 23, 2025
mgduda
reviewed
Dec 23, 2025
mgduda
reviewed
Dec 23, 2025
mgduda
reviewed
Dec 23, 2025
mgduda
requested changes
Dec 28, 2025
mgduda
requested changes
Jan 2, 2026
mgduda
approved these changes
Jan 3, 2026
Contributor
mgduda
left a comment
mgduda
left a comment
There was a problem hiding this comment.
@jim-p-w I've verified that the changes to mpas_io.F catch cases where we would otherwise have tried to read a string into a buffer that was too small. If you could rework the commit history so that it contains just a couple of commits -- perhaps one to modify the framework mpas_io code, and another to add unit tests -- I think we'll be ready to merge this.
Contributor
Author
|
@mgduda Is the initial commit message in the PR suitable for the framework commit? Or do you have suggestions/edits you would prefer to see? |
A fixed size array is provided as an input buffer when reading 0d-char character variables. Call MPAS_io_inq_var prior to the read to get the size of the variable’s value, and only proceed with the read if the variable’s value will fit in the provided array. Return an error code if the variable’s value is larger than the provided input buffer.
Character variables are read into fixed size arrays when reading netcdf files. A test is added which tries to read character variables into a buffer which isn't large enough to hold the data. The test verifies the read fails with a suitable error code.
jim-p-w
force-pushed
the
atmosphere/check_buffer_len
branch
from
7b258f4 to
9bdcede
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes a potential buffer overrun when reading string variables from a netcdf file.
A fixed size array is provided as an output buffer when reading a 0d-char character variable.
Call MPAS_io_inq_var prior to the read to get the size of the variable, and only proceed with the read if the size of the variable will fit in the provided array.
Return an error code if the variable value is larger than the provided output buffer.
A unit test is included to verify:
Fixes issue #1350
Note
When building with PIO, if the charArray (or the charArray1d) value exceeds the size of the tempchar buffer provided to the call to
PIO_get_var, the value will be truncated to the size of the provided tempchar buffer (lines 2018, 2023, and 2042 in src/framework/mpas_io.F).