Stack Buffer Overflow in nastran-g.c when processing large PBAR/PSHELL PIDs

**Bug Type:** Security / Buffer Overflow / Crash

**Description:**
In `src/conv/nastran-g.c`, the PBAR and PSHELL conversion loops use `sprintf` to write group names into a fixed-size stack buffer:

```c
char name[NAMESIZE+1];  // 17 bytes
sprintf(name, "pbar_group.%d", pbp->pid);
sprintf(name, "pshell.%d", psh->pid);
```
If the PID has more than 6 digits (or 10 digits for 32-bit max int), the resulting string exceeds the buffer size, causing a stack buffer overflow. This can crash nastran-g and theoretically allow code execution.

### Proposed Fix:

Increase the buffer size to 32 bytes:
```c
char name[32];
```

Use snprintf instead of sprintf:
```c
snprintf(name, sizeof(name), "pbar_group.%d", pbp->pid);
snprintf(name, sizeof(name), "pshell.%d", psh->pid);
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Stack Buffer Overflow in nastran-g.c when processing large PBAR/PSHELL PIDs #211

Proposed Fix:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Stack Buffer Overflow in nastran-g.c when processing large PBAR/PSHELL PIDs #211

Description

Proposed Fix:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions