Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libmstoolkit-82/include/MSReader.h
Examining data/libmstoolkit-82/include/MSObject.h
Examining data/libmstoolkit-82/include/MSNumpress.hpp
Examining data/libmstoolkit-82/include/RAWReader.h
Examining data/libmstoolkit-82/include/MSToolkitTypes.h
Examining data/libmstoolkit-82/include/mzParser.h
Examining data/libmstoolkit-82/include/Spectrum.h
Examining data/libmstoolkit-82/include/mzMLWriter.h
Examining data/libmstoolkit-82/include/pepXMLWriter.h
Examining data/libmstoolkit-82/src/mzParser/Czran.cpp
Examining data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp
Examining data/libmstoolkit-82/src/mzParser/MSNumpress.cpp
Examining data/libmstoolkit-82/src/mzParser/saxhandler.cpp
Examining data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp
Examining data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp
Examining data/libmstoolkit-82/src/mzParser/BasicChromatogram.cpp
Examining data/libmstoolkit-82/src/mzParser/PWIZface.cpp
Examining data/libmstoolkit-82/src/mzParser/RAMPface.cpp
Examining data/libmstoolkit-82/src/mzParser/mz5handler.cpp
Examining data/libmstoolkit-82/src/mzParser/mzMLReader.cpp
Examining data/libmstoolkit-82/src/mzParser/mzParser.cpp
Examining data/libmstoolkit-82/src/mzParser/mzpMz5Config.cpp
Examining data/libmstoolkit-82/src/mzParser/mzpMz5Structs.cpp
Examining data/libmstoolkit-82/src/mzParser/mzp_base64.cpp
Examining data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp
Examining data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp
Examining data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp
Examining data/libmstoolkit-82/src/MSToolkit/MSObject.cpp
Examining data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp
Examining data/libmstoolkit-82/src/MSToolkit/MSReader.cpp
Examining data/libmstoolkit-82/MSSingleScan/MSSingleScan.cpp
FINAL RESULTS:
data/libmstoolkit-82/src/MSToolkit/MSObject.cpp:43:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for(i=0;i<16;i++) strcpy(header.header[i],m.header.header[i]);
data/libmstoolkit-82/src/MSToolkit/MSObject.cpp:57:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for(i=0;i<16;i++) strcpy(header.header[i],m.header.header[i]);
data/libmstoolkit-82/src/MSToolkit/MSObject.cpp:71:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header.header[i],c);
data/libmstoolkit-82/src/MSToolkit/MSObject.cpp:82:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(header.header[i],&s[0]);
data/libmstoolkit-82/src/MSToolkit/MSObject.cpp:108:24: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
for(int i=0;i<16;i++) strcpy(header.header[i],h.header[i]);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:263:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,&sInstrument[0]);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:291:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,&sManufacturer[0]);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:408:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, strMGF+7);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:737:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(headerIndex<16) strcpy(header.header[headerIndex++],tok);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1072:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(zSql,"insert into msRun(filename, sha1Sum, creationTime, extractor,extractorVersion, instrumentType) values('%s','%s','%s','%s','%s','%s')",
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1179:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(zSql, "insert into msScan(runID,startScanNumber,endScanNumber,level,precursorMZ, precursorCharge,retentionTime,fragmentationType,peakCount) "
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1556:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(actMethod,reinterpret_cast<const char*>(sqlite3_column_text(pStmt,10)));
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:2180:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext,c);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:2211:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext,c);
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:157:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cStr,chFilter);
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:276:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,rawInstrument);
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:284:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,rawManufacturer);
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:443:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rawCurrentFile,c);
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:657:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rawUserFilter,c);
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:112:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rawFilter,s.rawFilter);
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:113:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nativeID,s.nativeID);
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:165:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rawFilter,s.rawFilter);
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:166:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nativeID,s.nativeID);
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:403:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c,nativeID);
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:413:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c,rawFilter);
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:415:27: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(!bLock && chp!=NULL) strcpy(chp,chp+5);
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:510:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(nativeID,c);
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:515:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
else strcpy(rawFilter,c);
data/libmstoolkit-82/src/mzParser/BasicChromatogram.cpp:25:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idString,c.idString);
data/libmstoolkit-82/src/mzParser/BasicChromatogram.cpp:41:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idString,c.idString);
data/libmstoolkit-82/src/mzParser/BasicChromatogram.cpp:63:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,idString);
data/libmstoolkit-82/src/mzParser/BasicChromatogram.cpp:72:50: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
void BasicChromatogram::setIDString(char* str) { strcpy(idString,str); }
data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp:72:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idString,s.idString);
data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp:73:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filterLine,s.filterLine);
data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp:113:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filterLine,s.filterLine);
data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp:114:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(idString,s.idString);
data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp:189:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,filterLine);
data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp:194:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str,idString);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:27:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file,fname);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:30:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(preExt,ext);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:31:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext,tok);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:124:65: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pFI->mzML->getInstrument()->at(0).analyzer.size()>1) strcpy(r->analyzer,&pFI->mzML->getInstrument()->at(0).analyzer[0]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:125:65: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pFI->mzML->getInstrument()->at(0).detector.size()>1) strcpy(r->detector,&pFI->mzML->getInstrument()->at(0).detector[0]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:126:67: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pFI->mzML->getInstrument()->at(0).ionization.size()>1) strcpy(r->ionisation,&pFI->mzML->getInstrument()->at(0).ionization[0]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:127:69: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pFI->mzML->getInstrument()->at(0).manufacturer.size()>1) strcpy(r->manufacturer,&pFI->mzML->getInstrument()->at(0).manufacturer[0]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:128:62: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pFI->mzML->getInstrument()->at(0).model.size()>1) strcpy(r->model,&pFI->mzML->getInstrument()->at(0).model[0]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:134:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pFI->mzXML->getInstrument().analyzer.size()>1) strcpy(r->analyzer,&pFI->mzXML->getInstrument().analyzer[0]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:135:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pFI->mzXML->getInstrument().detector.size()>1) strcpy(r->detector,&pFI->mzXML->getInstrument().detector[0]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:136:59: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pFI->mzXML->getInstrument().ionization.size()>1) strcpy(r->ionisation,&pFI->mzXML->getInstrument().ionization[0]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:137:61: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pFI->mzXML->getInstrument().manufacturer.size()>1) strcpy(r->manufacturer,&pFI->mzXML->getInstrument().manufacturer[0]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:138:54: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(pFI->mzXML->getInstrument().model.size()>1) strcpy(r->model,&pFI->mzXML->getInstrument().model[0]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:190:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(base,basename);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:197:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,dir_in);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:199:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf,base);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:201:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf,base);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:312:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext,result);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:316:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(preExt,result2);
data/libmstoolkit-82/src/mzParser/mzParser.cpp:243:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file,fname);
data/libmstoolkit-82/src/mzParser/mzParser.cpp:246:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(preExt,ext);
data/libmstoolkit-82/src/mzParser/mzParser.cpp:247:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext,tok);
data/libmstoolkit-82/src/mzParser/mzpMz5Structs.cpp:116:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (value) strcpy(this->value, value);
data/libmstoolkit-82/src/mzParser/mzpMz5Structs.cpp:146:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(name) strcpy(this->name,name);
data/libmstoolkit-82/src/mzParser/mzpMz5Structs.cpp:147:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(this->prefix,prefix);
data/libmstoolkit-82/MSSingleScan/MSSingleScan.cpp:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nativeID[256];
data/libmstoolkit-82/MSSingleScan/MSSingleScan.cpp:46:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
r.readFile(argv[2],s,atoi(argv[1]));
data/libmstoolkit-82/MSSingleScan/MSSingleScan.cpp:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNativeID[128];
data/libmstoolkit-82/include/MSReader.h:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strMGF[1024];
data/libmstoolkit-82/include/MSToolkitTypes.h:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[16][128];
data/libmstoolkit-82/include/RAWReader.h:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawCurrentFile[256];
data/libmstoolkit-82/include/RAWReader.h:88:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawInstrument[256];
data/libmstoolkit-82/include/RAWReader.h:89:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawManufacturer[256];
data/libmstoolkit-82/include/RAWReader.h:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawUserFilter[256];
data/libmstoolkit-82/include/Spectrum.h:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nativeID[256]; //spectrumNativeID in mzML files
data/libmstoolkit-82/include/Spectrum.h:171:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawFilter[256]; //RAW file header line
data/libmstoolkit-82/include/mzParser.h:325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filterLine[128];
data/libmstoolkit-82/include/mzParser.h:327:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idString[128];
data/libmstoolkit-82/include/mzParser.h:378:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idString[128];
data/libmstoolkit-82/include/mzParser.h:402:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char window[WINSIZE]; // preceding 32K of uncompressed data
data/libmstoolkit-82/include/mzParser.h:464:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char* fileName);
data/libmstoolkit-82/include/mzParser.h:795:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[USRNL];
data/libmstoolkit-82/include/mzParser.h:796:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[USRVL];
data/libmstoolkit-82/include/mzParser.h:797:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[USRTL];
data/libmstoolkit-82/include/mzParser.h:811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[CVL];
data/libmstoolkit-82/include/mzParser.h:1333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char activationMethod[SCANTYPE_LENGTH];
data/libmstoolkit-82/include/mzParser.h:1334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char additionalPrecursors[PRECURSORARRAY_LENGTH];
data/libmstoolkit-82/include/mzParser.h:1335:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filterLine[CHARGEARRAY_LENGTH];
data/libmstoolkit-82/include/mzParser.h:1336:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idString[CHARGEARRAY_LENGTH];
data/libmstoolkit-82/include/mzParser.h:1337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char possibleCharges[SCANTYPE_LENGTH];
data/libmstoolkit-82/include/mzParser.h:1338:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scanType[SCANTYPE_LENGTH];
data/libmstoolkit-82/include/mzParser.h:1358:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char manufacturer[INSTRUMENT_LENGTH];
data/libmstoolkit-82/include/mzParser.h:1359:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[INSTRUMENT_LENGTH];
data/libmstoolkit-82/include/mzParser.h:1360:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ionisation[INSTRUMENT_LENGTH];
data/libmstoolkit-82/include/mzParser.h:1361:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char analyzer[INSTRUMENT_LENGTH];
data/libmstoolkit-82/include/mzParser.h:1362:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char detector[INSTRUMENT_LENGTH];
data/libmstoolkit-82/include/pepXMLWriter.h:499:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strTabs[128];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:69:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (text)fileOut = fopen(c, "at");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:70:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fileOut = fopen(c, "ab");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:98:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileOut = fopen(c, "at");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:107:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileOut = fopen(c, "at");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:114:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileOut = fopen(c, "ab");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:121:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileOut = fopen(c, "ab");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:148:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (text) fileOut = fopen(c, "at");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:149:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fileOut = fopen(c, "ab");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:184:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileOut = fopen(c, "at");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:193:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileOut = fopen(c, "at");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:202:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileOut = fopen(c, "ab");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:211:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileOut = fopen(c, "ab");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:339:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(text) fileIn=fopen(c,"rt");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:340:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fileIn=fopen(c,"rb");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:375:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:376:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[6];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:418:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mgfGlobalCharge.push_back(atoi(num));
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:422:42: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mgfGlobalCharge.push_back(-atoi(num));
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:467:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ch = atoi(strMGF+7);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:471:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ch = -atoi(strMGF+7);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:476:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s.setScanNumber(atoi(strMGF+6));
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:504:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s.setScanNumber(atoi(tok));
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:505:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s.setScanNumber(atoi(tok),true);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:533:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ch=atoi(tok);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:564:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tstr[256];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:782:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ez.z=atoi(tok);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:809:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s.setScanNumber(atoi(tok));
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:811:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s.setScanNumber(atoi(tok),true);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:844:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
z.z=atoi(tok);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:897:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(text) fileOut=fopen(c,"wt");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:898:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fileOut=fopen(c,"wb");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1025:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zSql[8192];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1027:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zSql, "create table msRun(id INTEGER primary key autoincrement not null,"
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1034:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zSql,"create table msScan(id INTEGER primary key autoincrement not null,"
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1040:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zSql, "create table msScanData(scanID INTEGER, peakMZ BLOB, peakIntensity BLOB)");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1044:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zSql,"create table MS2FileScanCharge(id INTEGER primary key autoincrement not null,"
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zSql[8192];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1194:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zSql, "select MAX(id) from msScan");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1203:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastScanID=atoi(result[1]);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1214:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zSql, "insert into msScanData values(%d, ?, ?)",
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1250:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zSql, "insert into MS2FileScanCharge(scanID, charge, mass) values(%d, %d, %f)",
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1265:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zSql, "insert into MS2FileScanCharge(scanID, charge, mass) values (%d, %d, %f)",
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1426:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zSql[1024];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1427:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(zSql, "select MAX(id),MAX(startScanNumber) from msScan");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1436:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastIndex = atoi(result[2]);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1437:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lastScanNumber=atoi(result[3]);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zSql[2048];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1459:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zSql, "select id from msScan where startScanNumber=%d", scNum);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1468:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curIndex = atoi(result[1]);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1477:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zSql, "select * from msScan, msScanData where startScanNumber=%d "
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1491:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zSql, "select * from msScan, msScanData where id=%d "
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1519:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actMethod[1024];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zSql[8192];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1591:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zSql, "select charge, mass from MS2FileScanCharge where scanID=%d", scanID);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1930:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[64];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1942:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"%.*f",iIntensityPrecision,s.at(j).intensity);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1970:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t,"%.*f",iIntensityPrecision,s.at(j).intensity);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:2173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[32];
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:2174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:37:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rawInstrument,"unknown");
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:38:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(rawManufacturer,"Thermo Scientific");
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cStr[256];
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:238:3: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, 0, str, sl, bs, sl);
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:258:3: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, 0, str, sl, bs, sl);
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chFilter[256];
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curFilter[256];
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:364:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR pth[MAX_PATH];
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:429:7: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP,0,c,-1,(LPWSTR)pth,MAX_PATH);
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:561:3: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP,0,"",sl,testStr,sl);
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:118:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr = fopen(fn,"wt");
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:522:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:550:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:592:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:601:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (bPre) sprintf(tmp, "%.4lf", c.getPreMZ());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:602:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(tmp, "%.4lf", c.getProdMZ());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:605:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (bPre) sprintf(tmp, "%.4lf", c.getPreOffsetLower());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:606:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(tmp, "%.4lf", c.getProdOffsetLower());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:609:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (bPre) sprintf(tmp, "%.4lf", c.getPreOffsetUpper());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:610:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(tmp, "%.4lf", c.getProdOffsetUpper());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:629:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"%.2lf",s.getMZ());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:713:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:719:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"%f",s.getRTime());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:746:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:752:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%.8lf", s.getScanWindowLower());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:756:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%.8lf", s.getScanWindowUpper());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:777:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:783:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%.8lf", c.getPreMZ());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:786:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%d", c.getCharge());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:799:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:804:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(s.getMonoMZ()>0) sprintf(tmp,"%.12lf",s.getMonoMZ());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:805:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(tmp, "%.2lf", s.getMZ());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:809:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"%d",s.atZ(0).z);
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:814:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"%d",s.atZ(i).z);
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:844:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:850:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"scan=%d",s.getScanNumber());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:856:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"%d",s.getMsLevel());
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:859:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"%.12lf",s[0].mz);
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:862:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp,"%.12lf",s[s.size()-1].mz);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:52:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fptr=fopen(fn,"wt");
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[80];
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:134:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str,"%d",enzyme->maxNumInternalCleavages);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:137:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d",enzyme->minNumTermini);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:183:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nStr[32];
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:186:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%d",s.position);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:189:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%.6lf",s.mass);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nStr[64];
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:208:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr," mod_nterm_mass=\"%.4lf\"",s.mod_nterm_mass);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:212:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr," mod_cterm_mass=\"%.4lf\"",s.mod_cterm_mass);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nStr[32];
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:250:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%d",s.num_tot_proteins);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:253:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%.6lf",s.calc_neutral_pep_mass);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:256:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%.6lf",s.massdiff);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nStr[32];
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:294:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%d",s.a->hit_rank);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:309:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%d",s.a->num_tot_proteins);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:312:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(bCross) sprintf(nStr,"%.6lf",s.a->calc_neutral_xl_mass);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:313:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(nStr,"%.6lf",s.a->calc_neutral_pep_mass);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:316:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(bCross) sprintf(nStr,"%.6lf",s.a->xl_massdiff);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:317:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else sprintf(nStr,"%.6lf",s.a->massdiff);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:340:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%.6lf",s.mass);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:380:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nStr[32];
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:385:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%d",s.start_scan);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:388:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%d",s.end_scan);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:391:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%.6lf",s.precursor_neutral_mass);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:394:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%d",s.assumed_charge);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:397:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%d",spQueryIndex++);
data/libmstoolkit-82/src/MSToolkit/pepXMLWriter.cpp:401:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nStr,"%.1lf",s.retention_time_sec);
data/libmstoolkit-82/src/mzParser/Czran.cpp:115:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(next->window, window + WINSIZE - left, left);
data/libmstoolkit-82/src/mzParser/Czran.cpp:117:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(next->window + left, window, WINSIZE - left);
data/libmstoolkit-82/src/mzParser/Czran.cpp:141:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[READCHUNK];
data/libmstoolkit-82/src/mzParser/Czran.cpp:142:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char window[WINSIZE];
data/libmstoolkit-82/src/mzParser/Czran.cpp:246:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char input[READCHUNK];
data/libmstoolkit-82/src/mzParser/Czran.cpp:336:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,lastBuffer,lastBufferLen);
data/libmstoolkit-82/src/mzParser/Czran.cpp:350:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,buffer+(offset-bufferOffset),len);
data/libmstoolkit-82/src/mzParser/Czran.cpp:364:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,buffer+(offset-bufferOffset),seg);
data/libmstoolkit-82/src/mzParser/Czran.cpp:372:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+seg,buffer,ret);
data/libmstoolkit-82/src/mzParser/Czran.cpp:375:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+seg,buffer,len);
data/libmstoolkit-82/src/mzParser/Czran.cpp:384:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastBuffer,buf,ret);
data/libmstoolkit-82/src/mzParser/MSNumpress.cpp:243:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char halfBytes[10];
data/libmstoolkit-82/src/mzParser/MSNumpress.cpp:540:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char halfBytes[10];
data/libmstoolkit-82/src/mzParser/PWIZface.cpp:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[128];
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:14:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:15:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[256];
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preExt[256];
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:66:38: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
for(i=0;i<possibleCharges;i++) memcpy(&possibleChargeArray[i],&scanHeader->possibleCharges[i*4],sizeof(int));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:73:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mz,&scanHeader->additionalPrecursors[j+=8],sizeof(double));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:74:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, &scanHeader->additionalPrecursors[j += 8], sizeof(double)); //selectionWindowLower
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:75:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&d, &scanHeader->additionalPrecursors[j += 8], sizeof(double)); //selectionWindowUpper
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:76:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&monoMZ,&scanHeader->additionalPrecursors[j+=8],sizeof(double));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:77:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&intensity,&scanHeader->additionalPrecursors[j+=8],sizeof(double));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:78:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&charge,&scanHeader->additionalPrecursors[j+=4],sizeof(int));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:79:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&possibleCharges,&scanHeader->additionalPrecursors[j+=4],sizeof(int));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:83:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
for(k=0;k<possibleCharges;k++) memcpy(&possibleChargeArray[k],&scanHeader->additionalPrecursors[j+=4],sizeof(int));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:113:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(r->analyzer,"UNKNOWN");
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:114:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(r->detector,"UNKNOWN");
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:115:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(r->ionisation,"UNKNOWN");
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:116:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(r->manufacturer,"UNKNOWN");
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:117:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(r->model,"UNKNOWN");
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[512];
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:205:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0: strcat(buf,".mzML"); break;
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:206:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 1: strcat(buf,".mzXML"); break;
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:207:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 2: strcat(buf,".mzML.gz"); break;
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:208:18: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 3: strcat(buf,".mzXML.gz"); break;
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:209:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 4: strcat(buf,".mz5"); break;
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:213:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(buf,"r");
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[256];
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preExt[256];
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:501:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scanHeader->possibleCharges[k*4],&p.possibleCharges->at(k),sizeof(int));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:512:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (p.isoMZ == 0) memcpy(&scanHeader->additionalPrecursors[j += 8], &p.mz, sizeof(double));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:513:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else memcpy(&scanHeader->additionalPrecursors[j+=8],&p.isoMZ,sizeof(double));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:515:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scanHeader->additionalPrecursors[j+=8],&d, sizeof(double));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:517:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scanHeader->additionalPrecursors[j+=8],&d, sizeof(double));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:518:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scanHeader->additionalPrecursors[j+=8],&p.monoMZ,sizeof(double));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:519:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scanHeader->additionalPrecursors[j+=8],&p.intensity,sizeof(double));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:520:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scanHeader->additionalPrecursors[j+=4],&p.charge,sizeof(int));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:522:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scanHeader->additionalPrecursors[j+=4],&k,sizeof(int));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:524:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&scanHeader->additionalPrecursors[j+=k*4],&p.possibleCharges->at(k),sizeof(int));
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:533:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 1: strcpy(scanHeader->activationMethod,"CID"); break;
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:534:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 2: strcpy(scanHeader->activationMethod,"HCD"); break;
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:535:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 3: strcpy(scanHeader->activationMethod,"ETD"); break;
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:536:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 4: strcpy(scanHeader->activationMethod,"ETD+SA"); break;
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:537:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 5: strcpy(scanHeader->activationMethod,"ECD"); break;
data/libmstoolkit-82/src/mzParser/mz5handler.cpp:115:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setPrecursorCharge(atoi(cvParams_[index].value));
data/libmstoolkit-82/src/mzParser/mz5handler.cpp:136:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setMSLevel(atoi(cvParams_[index].value));
data/libmstoolkit-82/src/mzParser/mz5handler.cpp:339:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curIndex.scanNum=atoi(strstr(&curIndex.idRef[0],"scan=")+5);
data/libmstoolkit-82/src/mzParser/mz5handler.cpp:341:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curIndex.scanNum=atoi(strstr(&curIndex.idRef[0],"scanId=")+7);
data/libmstoolkit-82/src/mzParser/mz5handler.cpp:343:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curIndex.scanNum=atoi(strstr(&curIndex.idRef[0],"S")+1);
data/libmstoolkit-82/src/mzParser/mzMLReader.cpp:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/libmstoolkit-82/src/mzParser/mzMLReader.cpp:73:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num=(int)atoi(str);
data/libmstoolkit-82/src/mzParser/mzMLReader.cpp:92:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num=(int)atoi(str);
data/libmstoolkit-82/src/mzParser/mzParser.cpp:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/libmstoolkit-82/src/mzParser/mzParser.cpp:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[256];
data/libmstoolkit-82/src/mzParser/mzParser.cpp:238:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char preExt[256];
data/libmstoolkit-82/src/mzParser/mzp_base64.cpp:25:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ingrp[3];
data/libmstoolkit-82/src/mzParser/saxhandler.cpp:181:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool mzpSAXHandler::open(const char* fileName){
data/libmstoolkit-82/src/mzParser/saxhandler.cpp:183:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(m_bGZCompression) fptr=fopen(fileName,"rb");
data/libmstoolkit-82/src/mzParser/saxhandler.cpp:184:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else fptr=fopen(fileName,"r");
data/libmstoolkit-82/src/mzParser/saxhandler.cpp:229:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CHUNK]; //CHUNK=16384
data/libmstoolkit-82/src/mzParser/saxhandler.cpp:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[CHUNK]; //CHUNK=16384
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:106:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_encodedLen=atoi(&s[0]);
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:114:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_peaksCount = atoi(getAttrValue("defaultArrayLength", attr));
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:138:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curIndex.scanNum=atoi(strstr(&curIndex.idRef[0],"scan=")+5);
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:140:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curIndex.scanNum=atoi(strstr(&curIndex.idRef[0],"scanId=")+7);
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:142:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curIndex.scanNum=atoi(strstr(&curIndex.idRef[0],"S")+1);
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:157:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setPrecursorScanNum(atoi(strstr(&s[0],"scan=")+5));
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:159:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setPrecursorScanNum(atoi(strstr(&s[0],"scanId=")+7));
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:161:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setPrecursorScanNum(atoi(strstr(&s[0],"S")+1));
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:189:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setScanNum(atoi(strstr(&s[0],"scan=")+5));
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:191:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setScanNum(atoi(strstr(&s[0],"scanId=")+7));
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:193:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setScanNum(atoi(strstr(&s[0],"S")+1));
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:199:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_peaksCount = atoi(getAttrValue("defaultArrayLength", attr));
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:347:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_precursorIon.charge = atoi(value);
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:367:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[128];
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:404:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setMSLevel(atoi(value));
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:432:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_precursorIon.possibleCharges->push_back(atoi(value));
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:778:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:779:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk[CHUNK];
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:786:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f=fopen(&m_strFileName[0],"r");
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:804:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offset[64];
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:813:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!open(fileName)) return false;
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:85:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
curIndex.scanNum=atoi(getAttrValue("id", attr));
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:106:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(s.length()>0) m_compressLen = (uLong)atoi(&s[0]);
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:115:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(s.length()>0) m_precursorIon.charge=atoi(&s[0]);
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:121:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(s.length()>0) spec->setPrecursorScanNum(atoi(&s[0]));
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:143:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setScanNum(atoi(getAttrValue("num", attr)));
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:144:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spec->setMSLevel(atoi(getAttrValue("msLevel", attr)));
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:157:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_peaksCount = atoi(getAttrValue("peaksCount", attr));
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:425:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* pDecoded = (char *) new char[size];
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:470:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* pDecoded = (char *) new char[size];
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:547:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200];
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:548:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chunk[CHUNK];
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:555:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f=fopen(&m_strFileName[0],"r");
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offset[64];
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:581:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!open(fileName)) return false;
data/libmstoolkit-82/src/MSToolkit/MSObject.cpp:26:24: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
for(int i=0;i<16;i++) strcpy(header.header[i],"\0");
data/libmstoolkit-82/src/MSToolkit/MSObject.cpp:68:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(c)>127) return false;
data/libmstoolkit-82/src/MSToolkit/MSObject.cpp:100:24: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
for(int i=0;i<16;i++) strcpy(header.header[i],"\0");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:34:25: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
for(int i=0;i<16;i++) strcpy(header.header[i],"\0");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:343:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
for(i=0;i<16;i++) strcpy(header.header[i],"\0");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:360:22: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
for(i=0;i<16;i++) strcpy(header.header[i],"\0");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:411:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(tok);i++){
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:439:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(!feof(fileIn) && (strspn(strMGF, " \r\n\t") == strlen(strMGF)
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:454:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(isalpha(strMGF[0]) || strspn(strMGF, " \r\n\t") == strlen(strMGF)){
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:457:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strspn(strMGF, " \r\n\t") == strlen(strMGF)) {
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:462:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strMGF[strlen(strMGF)-1]='\0';
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:721:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch=fgetc(fileIn);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:736:10: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tok,"\n");
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1754:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(scanHeader.activationMethod)>1){
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1943:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k=(int)strlen(t);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:1971:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k=(int)strlen(t);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:2181:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(ext);i++) ext[i]=toupper(ext[i]);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:2207:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp,fn,i);
data/libmstoolkit-82/src/MSToolkit/MSReader.cpp:2212:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(ext);i++) ext[i]=toupper(ext[i]);
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:36:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rawCurrentFile,".");
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:39:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rawUserFilter,"");
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:165:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if(strlen(tok)>2 && tok[0]=='c' && tok[1]=='v'){
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:453:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(chFilter,"");
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:454:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(curFilter,"");
data/libmstoolkit-82/src/MSToolkit/RAWReader.cpp:467:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(rawUserFilter)>0){
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:54:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(rawFilter,"");
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:55:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(nativeID,"");
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:399:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(sz<(int)strlen(nativeID)) {
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:400:86: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cout << "Buffer too small to retrieve spectrumNativeID. " << sizeof(c) << " " << strlen(nativeID) << endl;
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:409:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(sz<(int)strlen(rawFilter)) {
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:410:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cout << "Buffer too small to retrieve RAW filter. " << sizeof(c) << " " << strlen(rawFilter) << endl;
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:509:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(c)>256) cout << "Error - spectrumNativeID filter larger than 256 characters." << endl;
data/libmstoolkit-82/src/MSToolkit/Spectrum.cpp:514:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(c)>256) cout << "Error - RAW filter larger than 256 characters." << endl;
data/libmstoolkit-82/src/MSToolkit/mzMLWriter.cpp:723:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp) > 1){
data/libmstoolkit-82/src/mzParser/BasicChromatogram.cpp:51:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(idString,"");
data/libmstoolkit-82/src/mzParser/BasicChromatogram.cpp:64:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int)strlen(str);
data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp:159:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filterLine,str,127);
data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp:164:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(idString,str,127);
data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp:190:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int)strlen(str);
data/libmstoolkit-82/src/mzParser/BasicSpectrum.cpp:195:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int)strlen(str);
data/libmstoolkit-82/src/mzParser/Czran.cpp:270:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = getc(in);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:20:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fname) < 4) {
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:25:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ext,"");
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:35:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(ext);i++) ext[i]=toupper(ext[i]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:36:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(preExt);i++) preExt[i]=toupper(preExt[i]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:181:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (int)(strlen(dir_in)+strlen(basename)+1) > inbuflen ){
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:181:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( (int)(strlen(dir_in)+strlen(basename)+1) > inbuflen ){
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:198:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf,"/");
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:224:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf,"");
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:313:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(ext);i++) ext[i]=toupper(ext[i]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:317:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(preExt);i++) preExt[i]=toupper(preExt[i]);
data/libmstoolkit-82/src/mzParser/RAMPface.cpp:538:14: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
default: strcpy(scanHeader->activationMethod,""); break;
data/libmstoolkit-82/src/mzParser/mz5handler.cpp:66:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dataset.read(&data[0], PredType::NATIVE_DOUBLE, memspace, dataspace);
data/libmstoolkit-82/src/mzParser/mz5handler.cpp:202:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds.read(ptr, dt);
data/libmstoolkit-82/src/mzParser/mz5handler.cpp:262:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds.read(fi, dt);
data/libmstoolkit-82/src/mzParser/mzParser.cpp:241:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ext,"");
data/libmstoolkit-82/src/mzParser/mzParser.cpp:251:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(ext);i++) ext[i]=toupper(ext[i]);
data/libmstoolkit-82/src/mzParser/mzParser.cpp:252:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(preExt);i++) preExt[i]=toupper(preExt[i]);
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:368:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str,value,127);
data/libmstoolkit-82/src/mzParser/saxmzmlhandler.cpp:806:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(offset,start+17,len);
data/libmstoolkit-82/src/mzParser/saxmzxmlhandler.cpp:574:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(offset,start+13,len);
ANALYSIS SUMMARY:
Hits = 392
Lines analyzed = 14499 in approximately 0.41 seconds (35138 lines/second)
Physical Source Lines of Code (SLOC) = 11108
Hits@level = [0] 218 [1] 61 [2] 268 [3] 0 [4] 63 [5] 0
Hits@level+ = [0+] 610 [1+] 392 [2+] 331 [3+] 63 [4+] 63 [5+] 0
Hits/KSLOC@level+ = [0+] 54.9154 [1+] 35.2899 [2+] 29.7983 [3+] 5.67159 [4+] 5.67159 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.