use strncpy instead of strcpy to avoid possible buffer overflows

src/templates_front/templator_front.org

@@ -27,8 +27,8 @@ module trexio
 
   #+begin_src c :tangle prefix_front.h :noweb yes
 <<header>>
-#ifndef _TREXIO_H
-#define _TREXIO_H
+#ifndef TREXIO_H
+#define TREXIO_H
 
 #include <stdint.h>
 
@@ -228,8 +228,8 @@ trexio_t* trexio_open(const char* file_name, const char mode, const back_end_t b
 
  /* Data for the parent type */
 
-  result->file_name   = (char*) calloc(strlen(file_name)+1,sizeof(char));
-  strcpy(result->file_name, file_name);
+  result->file_name   = CALLOC(strlen(file_name)+1, char);
+  strncpy(result->file_name, file_name, strlen(file_name)+1);
   result->back_end    = back_end;
   result->mode        = mode;
   int irc = pthread_mutex_init ( &(result->thread_lock), NULL);

src/templates_hdf5/templator_hdf5.org

@@ -14,10 +14,11 @@
 
   #+begin_src c :tangle prefix_hdf5.h :noweb yes
 <<header>>
-#ifndef _TREXIO_HDF5_H
-#define _TREXIO_HDF5_H
+#ifndef TREXIO_HDF5_H
+#define TREXIO_HDF5_H
 
 #include "trexio.h"
+#include "trexio_private.h"
 #include "trexio_s.h"
 #include <stdint.h>
 #include <stdio.h>
@@ -272,7 +273,7 @@ trexio_exit_code trexio_hdf5_read_$group$_$group_dset$(const trexio_t* file, $gr
   if (dset_id <= 0) return TREXIO_INVALID_ID; 
 
   // allocate space for the dimensions to be read
-  hsize_t* ddims = (hsize_t*) calloc( (int) rank, sizeof(hsize_t));
+  hsize_t* ddims = CALLOC( (int) rank, hsize_t);
   if (ddims == NULL) return TREXIO_FAILURE;
 
   // read dimensions from the existing dataset

src/templates_text/templator_text.org

@@ -29,8 +29,8 @@
 
   #+begin_src c :tangle prefix_text.h :noweb yes
 <<header>>
-#ifndef _TREXIO_TEXT_H
-#define _TREXIO_TEXT_H
+#ifndef TREXIO_TEXT_H
+#define TREXIO_TEXT_H
 
 #include "trexio.h"
 #include "trexio_private.h"
@@ -139,14 +139,15 @@ trexio_exit_code trexio_text_init(trexio_t* file) {
 
  /* Create the lock file in the directory */
   const char* lock_file_name = "/.lock";
-  char* file_name =
-    CALLOC(strlen(file->file_name) + strlen(lock_file_name) + 1, char);
+
+  size_t str_size = strlen(file->file_name) + strlen(lock_file_name) + 1;
+  char* file_name = CALLOC(str_size, char);
 
   if (file_name == NULL) {
     return TREXIO_ALLOCATION_FAILED;
   }
  
-  strcpy (file_name, file->file_name);
+  strncpy (file_name, file->file_name, str_size);
   strcat (file_name, lock_file_name);
 
   f->lock_file = open(file_name,O_WRONLY|O_CREAT|O_TRUNC, 0644);
@@ -259,16 +260,15 @@ $group$_t* trexio_text_read_$group$(trexio_text_t* file) {
 
  /* Build the file name */
   const char* $group$_file_name = "/$group$.txt";
-  char * file_name = (char*)
-    calloc( strlen(file->parent.file_name) + strlen($group$_file_name) + 1,
-            sizeof(char));
+  size_t str_size = strlen(file->parent.file_name) + strlen($group$_file_name) + 1;
+  char * file_name = CALLOC(str_size, char);
 
   if (file_name == NULL) {
     FREE($group$);
     return NULL;
   }
 
-  strcpy (file_name, file->parent.file_name);
+  strncpy (file_name, file->parent.file_name, str_size);
   strcat (file_name, $group$_file_name);
 
  /* If the file exists, read it */
@@ -280,7 +280,7 @@ $group$_t* trexio_text_read_$group$(trexio_text_t* file) {
     size_t sz = ftell(f);
     fseek(f, 0L, SEEK_SET);
 
-    char* buffer = CALLOC(sz,char);
+    char* buffer = CALLOC(sz, char);
     if (buffer == NULL) {
       FREE(file_name);
       fclose(f);
@@ -370,7 +370,7 @@ $group$_t* trexio_text_read_$group$(trexio_text_t* file) {
     // START REPEAT GROUP_DSET   
      
  /* Allocate arrays */
-    $group$->$group_dset$ = ($group_dset_dtype$*) calloc(size_$group_dset$, sizeof($group_dset_dtype$));
+    $group$->$group_dset$ = CALLOC(size_$group_dset$, $group_dset_dtype$);
     assert (!($group$->$group_dset$ == NULL));
     if ($group$->$group_dset$ == NULL) {
       FREE(buffer);
@@ -632,7 +632,7 @@ trexio_exit_code trexio_text_write_$group_dset$(const trexio_t* file, const $gro
     dim_size *= dims[i];
   }
 
-  $group$->$group_dset$ = ($group_dset_dtype$*) calloc(dim_size, sizeof($group_dset_dtype$));
+  $group$->$group_dset$ = CALLOC(dim_size, $group_dset_dtype$);
 
   for (uint64_t i=0 ; i<dim_size ; i++) {
     $group$->$group_dset$[i] = $group_dset$[i];
@@ -668,11 +668,11 @@ rdm_t* trexio_text_read_rdm(trexio_text_t* file) {
 
  /* Try to open the file. If the file does not exist, return */
   const char* rdm_file_name = "/rdm.txt";
-  char * file_name = (char*)
-    calloc( strlen(file->parent.file_name) + strlen(rdm_file_name) + 1,
-            sizeof(char));
+  size_t str_size = strlen(file->parent.file_name) + strlen(rdm_file_name) + 1;
+  char * file_name = CALLOC(str_size, char);
+
   assert (file_name != NULL);
-  strcpy (file_name, file->parent.file_name);
+  strncpy (file_name, file->parent.file_name, str_size);
   strcat (file_name, rdm_file_name);
 
  /* If the file exists, read it */
@@ -683,7 +683,7 @@ rdm_t* trexio_text_read_rdm(trexio_text_t* file) {
     fseek(f, 0L, SEEK_END);
     size_t sz = ftell(f);
     fseek(f, 0L, SEEK_SET);
-    char* buffer = CALLOC(sz,char);
+    char* buffer = CALLOC(sz, char);
     
  /* Read the dimensioning variables */
     int rc;
@@ -695,7 +695,7 @@ rdm_t* trexio_text_read_rdm(trexio_text_t* file) {
     assert (rc == 1);
     
  /* Allocate arrays */
-    rdm->one_e = (double*) calloc(rdm->dim_one_e, sizeof(double));
+    rdm->one_e = CALLOC(rdm->dim_one_e, double);
     assert (rdm->one_e != NULL);
     
  /* Read one_e */
@@ -715,8 +715,9 @@ rdm_t* trexio_text_read_rdm(trexio_text_t* file) {
     
     rc = fscanf(f, "%s", buffer);
     assert (rc == 1);
-    rdm->two_e_file_name = CALLOC (strlen(buffer),char);
-    strcpy(rdm->two_e_file_name, buffer);
+    size_t str_size = strlen(buffer);
+    rdm->two_e_file_name = CALLOC(str_size,char);
+    strncpy(rdm->two_e_file_name, buffer, str_size);
     
     FREE(buffer);
     fclose(f);