From 82defae2f443ce4dabfc8f9f3e2189b2b629f537 Mon Sep 17 00:00:00 2001 From: Andy Stokely Date: Fri, 25 Jul 2025 19:40:18 -0600 Subject: [PATCH] Fix buffer overflow in c_attname due to missing null terminator The c_attname array in the streaminfo_query function (in mpas_stream_inquiry.F) was allocated to the same size as the attname variable. When attname had no padding, this caused a buffer overflow when appending a C null terminator (c_null_char) to c_attname. --- src/framework/mpas_stream_inquiry.F | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/framework/mpas_stream_inquiry.F b/src/framework/mpas_stream_inquiry.F index 4a81ead1ad..dd7ffec2eb 100644 --- a/src/framework/mpas_stream_inquiry.F +++ b/src/framework/mpas_stream_inquiry.F @@ -249,7 +249,7 @@ end function query_streams_file call mpas_f_to_c_string(streamname, c_streamname) if (present(attname)) then - allocate(c_attname(len(attname))) + allocate(c_attname(len(attname)+1)) call mpas_f_to_c_string(attname, c_attname) c_attname_ptr = c_loc(c_attname) else