Heap corruption when reading unstructured CGNS: `cg_elements_read_f` writes into `intType` connectivity buffer

[bmlowe1]

Description

I’m seeing nondeterministic heap corruption (e.g. corrupt size vs prev_size) when pysurf reads unstructured CGNS files. The crash shows up around the second zone iteration (often on deallocate), but the root cause appears to be earlier memory corruption in the connectivity read.

cg_elements_read_f seems to expect an integer(cgsize_t) buffer, but pySurf passes zones(iZone)%sections(sec)%elemConn (declared as integer(intType)) directly. When cgsize_t is 64-bit and intType is 32-bit, CGNS writes past the buffer / corrupts the heap.

pysurf/src/CGNSInterface/cgnsInterface.F90

Line 467 in d36efa4

zones(iZone)%sections(sec)%elemConn, CG_Null, ierr)

Workaround / Fix

Reading element connectivity into a temporary cgsize_t array and then assigning fixes it:

integer(kind=cgsize_t), allocatable :: elements(:)

if (allocated(elements)) deallocate(elements)
allocate(elements(nConn*nElem))
call cg_elements_read_f(cg, base, iZone, sec, elements, CG_Null, ierr)
if (ierr .eq. CG_ERROR) call cg_error_exit_f

zones(iZone)%sections(sec)%elemConn = int(elements, kind=intType) + zoneStart

(Original code passed zones(iZone)%sections(sec)%elemConn directly to cg_elements_read_f.)

Suggestion

Either store elemConn as cgsize_t internally, or always read into a cgsize_t temporary and convert to intType afterward.

[A-CGray]

@sseraj , could you take a look at this?

[sseraj]

This and #41 are likely the result of compiling CGNS with 64-bit support. pySurf currently only works with 32-bit CGNS (see the MACH-Aero docs for the recommended configure flags). There was some discussion related to this in #35.

Adding 64-bit support would require using cgsize_t throughout the code. In the meantime, it might be worth adding a clear error message during compilation if 64-bit CGNS is detected.

[bmlowe1]

Yes, that makes sense. We’ve been building CGNS with 64‑bit integers for a couple of years now, and we use pySurf primarily for pyGeo’s DVGeoMulti functionality. It would be beneficial for everyone if pySurf supported 64‑bit cgsize_t, though I understand the additional effort involved. As a practical first step, adding a clear compile‑ or run‑time error when cgsize_t does not match intType would help users avoid silent failures and make the limitation explicit.