Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tandem-mass-201702011/src/MSNumpress.cpp
Examining data/tandem-mass-201702011/src/MSNumpress.hpp
Examining data/tandem-mass-201702011/src/base64.h
Examining data/tandem-mass-201702011/src/expat.h
Examining data/tandem-mass-201702011/src/expat_external.h
Examining data/tandem-mass-201702011/src/expat_external_old.h
Examining data/tandem-mass-201702011/src/expat_old.h
Examining data/tandem-mass-201702011/src/loadmspectrum.h
Examining data/tandem-mass-201702011/src/masscalc.cpp
Examining data/tandem-mass-201702011/src/masscalc.h
Examining data/tandem-mass-201702011/src/mbiomlreport.cpp
Examining data/tandem-mass-201702011/src/mbiomlreport.h
Examining data/tandem-mass-201702011/src/mdomains.h
Examining data/tandem-mass-201702011/src/mpam.cpp
Examining data/tandem-mass-201702011/src/mpam.h
Examining data/tandem-mass-201702011/src/mplugin.cpp
Examining data/tandem-mass-201702011/src/mplugin.h
Examining data/tandem-mass-201702011/src/mpmods.cpp
Examining data/tandem-mass-201702011/src/mpmods.h
Examining data/tandem-mass-201702011/src/mprocess.cpp
Examining data/tandem-mass-201702011/src/mprocess.h
Examining data/tandem-mass-201702011/src/mrefine.cpp
Examining data/tandem-mass-201702011/src/mrefine.h
Examining data/tandem-mass-201702011/src/mreport.cpp
Examining data/tandem-mass-201702011/src/mreport.h
Examining data/tandem-mass-201702011/src/mscore.cpp
Examining data/tandem-mass-201702011/src/mscore.h
Examining data/tandem-mass-201702011/src/mscore_tandem.cpp
Examining data/tandem-mass-201702011/src/mscore_tandem.h
Examining data/tandem-mass-201702011/src/mscorepam.h
Examining data/tandem-mass-201702011/src/mscorestate.h
Examining data/tandem-mass-201702011/src/msemistate.h
Examining data/tandem-mass-201702011/src/msequence.h
Examining data/tandem-mass-201702011/src/msequencecollection.cpp
Examining data/tandem-mass-201702011/src/msequencecollection.h
Examining data/tandem-mass-201702011/src/msequenceserver.h
Examining data/tandem-mass-201702011/src/msequtilities.cpp
Examining data/tandem-mass-201702011/src/msequtilities.h
Examining data/tandem-mass-201702011/src/mspectrum.h
Examining data/tandem-mass-201702011/src/mspectrumcondition.cpp
Examining data/tandem-mass-201702011/src/mspectrumcondition.h
Examining data/tandem-mass-201702011/src/mtermmods.cpp
Examining data/tandem-mass-201702011/src/mtermmods.h
Examining data/tandem-mass-201702011/src/mxxcleavage.cpp
Examining data/tandem-mass-201702011/src/mxxcleavage.h
Examining data/tandem-mass-201702011/src/mzid_report.cpp
Examining data/tandem-mass-201702011/src/mzid_report.h
Examining data/tandem-mass-201702011/src/p3.cpp
Examining data/tandem-mass-201702011/src/p3mprocess.cpp
Examining data/tandem-mass-201702011/src/p3mprocess.h
Examining data/tandem-mass-201702011/src/p3msequenceserver.h
Examining data/tandem-mass-201702011/src/resource.h
Examining data/tandem-mass-201702011/src/saxbiomlhandler.cpp
Examining data/tandem-mass-201702011/src/saxbiomlhandler.h
Examining data/tandem-mass-201702011/src/saxgamlhandler.cpp
Examining data/tandem-mass-201702011/src/saxgamlhandler.h
Examining data/tandem-mass-201702011/src/saxmodhandler.cpp
Examining data/tandem-mass-201702011/src/saxmodhandler.h
Examining data/tandem-mass-201702011/src/saxmzdatahandler.cpp
Examining data/tandem-mass-201702011/src/saxmzdatahandler.h
Examining data/tandem-mass-201702011/src/saxmzmlhandler.cpp
Examining data/tandem-mass-201702011/src/saxmzmlhandler.h
Examining data/tandem-mass-201702011/src/saxmzxmlhandler.cpp
Examining data/tandem-mass-201702011/src/saxmzxmlhandler.h
Examining data/tandem-mass-201702011/src/saxsaphandler.cpp
Examining data/tandem-mass-201702011/src/saxsaphandler.h
Examining data/tandem-mass-201702011/src/saxtandeminputhandler.cpp
Examining data/tandem-mass-201702011/src/saxtandeminputhandler.h
Examining data/tandem-mass-201702011/src/saxtaxhandler.cpp
Examining data/tandem-mass-201702011/src/saxtaxhandler.h
Examining data/tandem-mass-201702011/src/stdafx.cpp
Examining data/tandem-mass-201702011/src/stdafx.h
Examining data/tandem-mass-201702011/src/tandem.cpp
Examining data/tandem-mass-201702011/src/xmlparameter.cpp
Examining data/tandem-mass-201702011/src/xmlparameter.h
Examining data/tandem-mass-201702011/src/xmltaxonomy.cpp
Examining data/tandem-mass-201702011/src/xmltaxonomy.h
Examining data/tandem-mass-201702011/src/base64.cpp
Examining data/tandem-mass-201702011/src/saxhandler.h
Examining data/tandem-mass-201702011/src/mhistogram.h
Examining data/tandem-mass-201702011/src/mcleave.h
Examining data/tandem-mass-201702011/src/mmotif.h
Examining data/tandem-mass-201702011/src/msequenceserver.cpp
Examining data/tandem-mass-201702011/src/p3msequenceserver.cpp
Examining data/tandem-mass-201702011/src/loadmspectrum.cpp
Examining data/tandem-mass-201702011/src/saxhandler.cpp
FINAL RESULTS:
data/tandem-mass-201702011/src/mcleave.h:165:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pNCleave,rhs.m_pNCleave);
data/tandem-mass-201702011/src/mcleave.h:166:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pCCleave,rhs.m_pCCleave);
data/tandem-mass-201702011/src/mmotif.h:185:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pValue,_p);
data/tandem-mass-201702011/src/mmotif.h:249:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pMotif,rhs.m_pMotif);
data/tandem-mass-201702011/src/mprocess.cpp:1790:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pOut,"%s",strValue.c_str());
data/tandem-mass-201702011/src/mprocess.cpp:3642:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pSeq,_s.m_strSeq.c_str());
data/tandem-mass-201702011/src/mreport.cpp:772:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pLine," annotation=\"%s\"",(itMod->second).c_str());
data/tandem-mass-201702011/src/mscore.cpp:873:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pSeq + lOldLength,_s + lOldLength);
data/tandem-mass-201702011/src/mscore.cpp:1368:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pSeq,m_Pam.m_pSeqTrue);
data/tandem-mass-201702011/src/mscore.cpp:1378:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pSeq,m_Pam.m_pSeqTrue);
data/tandem-mass-201702011/src/mscore.cpp:2167:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pSeq,m_psPermute.m_pSeq);
data/tandem-mass-201702011/src/mscorepam.h:182:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pSeqTrue,_p);
data/tandem-mass-201702011/src/mscorepam.h:295:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pSeqTrue,_p);
data/tandem-mass-201702011/src/mscorepam.h:336:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pSeqTrue,_p);
data/tandem-mass-201702011/src/mscorestate.h:217:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pSeqS,_p);
data/tandem-mass-201702011/src/msequenceserver.cpp:326:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m_pLine,strTemp.c_str());
data/tandem-mass-201702011/src/msequtilities.cpp:646:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pString,_s.m_strSeq.c_str());
data/tandem-mass-201702011/src/msequtilities.cpp:694:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pOut,strValue.c_str());
data/tandem-mass-201702011/src/msequtilities.cpp:704:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pOut,strValue.c_str());
data/tandem-mass-201702011/src/saxhandler.cpp:313:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pLine,m_strData.c_str());
data/tandem-mass-201702011/src/tandem.cpp:231:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pS,argv[1]);
data/tandem-mass-201702011/src/mreport.cpp:939:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/tandem-mass-201702011/src/MSNumpress.cpp:244:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char halfBytes[10];
data/tandem-mass-201702011/src/MSNumpress.cpp:539:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char halfBytes[10];
data/tandem-mass-201702011/src/base64.cpp:20:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ingrp[3];
data/tandem-mass-201702011/src/loadmspectrum.cpp:162:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool loadgaml::open(string &_s)
data/tandem-mass-201702011/src/loadmspectrum.cpp:214:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:258:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool loadmzdata::open(string &_s)
data/tandem-mass-201702011/src/loadmspectrum.cpp:311:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:350:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool loadmzxml::open(string &_s)
data/tandem-mass-201702011/src/loadmspectrum.cpp:402:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:531:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool loadmatrix::open(string &_s)
data/tandem-mass-201702011/src/loadmspectrum.cpp:541:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:557:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:584:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:600:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:609:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:726:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool loadpkl::open(string &_s)
data/tandem-mass-201702011/src/loadmspectrum.cpp:736:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:757:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:796:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:812:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:830:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:932:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool loaddta::open(string &_s)
data/tandem-mass-201702011/src/loadmspectrum.cpp:942:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:963:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:991:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:1007:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:1022:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:1139:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool loadcmn::open(string &_s)
data/tandem-mass-201702011/src/loadmspectrum.cpp:1150:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_pFile = fopen(m_strPath.c_str(),"rb");
data/tandem-mass-201702011/src/loadmspectrum.cpp:1178:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(_s);
data/tandem-mass-201702011/src/loadmspectrum.cpp:1200:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool loadmzml::open(string &_s)
data/tandem-mass-201702011/src/loadmspectrum.cpp:1247:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.h:156:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(string &_s) {return true; } // attaches the data file to m_ifIn and checks formats
data/tandem-mass-201702011/src/loadmspectrum.h:159:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ifIn.open(m_strPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.h:226:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(string &_s);
data/tandem-mass-201702011/src/loadmspectrum.h:254:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(string &_s);
data/tandem-mass-201702011/src/loadmspectrum.h:270:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(string &_s);
data/tandem-mass-201702011/src/loadmspectrum.h:287:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(string &_s);
data/tandem-mass-201702011/src/loadmspectrum.h:312:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(string &_s);
data/tandem-mass-201702011/src/loadmspectrum.h:334:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(string &_s);
data/tandem-mass-201702011/src/loadmspectrum.h:355:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(string &_s);
data/tandem-mass-201702011/src/loadmspectrum.h:373:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(string &_s);
data/tandem-mass-201702011/src/masscalc.cpp:173:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(pchCount);
data/tandem-mass-201702011/src/mbiomlreport.cpp:159:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofOut.open(m_strPath.c_str());
data/tandem-mass-201702011/src/mcleave.h:146:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(m_pNCleave,"KR");
data/tandem-mass-201702011/src/mcleave.h:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_pNCleave[32]; // residues that are valid cleavage sites (or invalid if m_bN = false)
data/tandem-mass-201702011/src/mcleave.h:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_pCCleave[32]; // residues that are valid cleavage sites (or invalid if m_bC = false)
data/tandem-mass-201702011/src/mhistogram.h:298:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pListNew, m_pList, m_lLength * sizeof(int));
data/tandem-mass-201702011/src/mhistogram.h:501:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pList, rhs.m_pList, size);
data/tandem-mass-201702011/src/mmotif.h:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_pMotif[32];
data/tandem-mass-201702011/src/mmotif.h:342:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned long c = (unsigned long)atoi(pStart+a);
data/tandem-mass-201702011/src/mpam.cpp:194:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_pProcess->m_tMissedCleaves = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mpmods.cpp:194:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_pProcess->m_tMissedCleaves = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mpmods.cpp:197:55: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (m_pProcess->m_xmlValues.get(strKey, strValue) && atoi(strValue.c_str()) >= 0) {
data/tandem-mass-201702011/src/mpmods.cpp:198:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tRefineMaxSites = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mpmods.cpp:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pLine[16];
data/tandem-mass-201702011/src/mpmods.cpp:202:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%i", (int)tRefineMaxSites);
data/tandem-mass-201702011/src/mpmods.cpp:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pValue[8];
data/tandem-mass-201702011/src/mpmods.cpp:271:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pValue," %i",(int)lPMCount);
data/tandem-mass-201702011/src/mpmods.cpp:309:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pValue," %i",(int)lPMCount);
data/tandem-mass-201702011/src/mprocess.cpp:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pLine[256];
data/tandem-mass-201702011/src/mprocess.cpp:806:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.1lf",dValue);
data/tandem-mass-201702011/src/mprocess.cpp:1339:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"residue, modification mass %i",(int)a);
data/tandem-mass-201702011/src/mprocess.cpp:1344:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"residue, modification mass %i",(int)a);
data/tandem-mass-201702011/src/mprocess.cpp:1570:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v[16];
data/tandem-mass-201702011/src/mprocess.cpp:1571:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
strValue = sprintf(v, "%.1lf",dErrorValue);
data/tandem-mass-201702011/src/mprocess.cpp:1636:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(strValue.c_str()) > 0) {
data/tandem-mass-201702011/src/mprocess.cpp:1637:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_lStartMax = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mprocess.cpp:1701:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_lIonCount = (unsigned long)atoi(strValue.c_str()) - 1;
data/tandem-mass-201702011/src/mprocess.cpp:1704:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_tMissedCleaves = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mprocess.cpp:1710:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size_t tBatch = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mprocess.cpp:1765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pLine[32];
data/tandem-mass-201702011/src/mprocess.cpp:1782:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pOut,"Spectrum-to-sequence matching process in progress");
data/tandem-mass-201702011/src/mprocess.cpp:2124:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%.1lf", dEnd);
data/tandem-mass-201702011/src/mprocess.cpp:2128:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%.1lf", dStart);
data/tandem-mass-201702011/src/mprocess.cpp:2132:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%i", iDiscards);
data/tandem-mass-201702011/src/mprocess.cpp:2136:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%i", iMax);
data/tandem-mass-201702011/src/mprocess.cpp:2140:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%i", iLimit);
data/tandem-mass-201702011/src/mprocess.cpp:2313:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%.4lf", dEnd);
data/tandem-mass-201702011/src/mprocess.cpp:2317:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%.4lf", dStart);
data/tandem-mass-201702011/src/mprocess.cpp:2321:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%i", iDiscards);
data/tandem-mass-201702011/src/mprocess.cpp:2325:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%i", iMax);
data/tandem-mass-201702011/src/mprocess.cpp:2329:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine, "%i", iLimit);
data/tandem-mass-201702011/src/mprocess.cpp:2520:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%i",(int)m_viQuality[a]);
data/tandem-mass-201702011/src/mprocess.cpp:2529:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.2lf",m_dSearchTime);
data/tandem-mass-201702011/src/mprocess.cpp:2533:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.4lf",m_dSearchTime/(double)m_tSpectraTotal);
data/tandem-mass-201702011/src/mprocess.cpp:2537:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.2lf",m_svrSequences.get_time());
data/tandem-mass-201702011/src/mprocess.cpp:2541:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%lu",(unsigned long)m_tSpectraTotal);
data/tandem-mass-201702011/src/mprocess.cpp:2545:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%lu",(unsigned long)m_tProteinCount);
data/tandem-mass-201702011/src/mprocess.cpp:2551:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%lu",(unsigned long)m_tDuplicates);
data/tandem-mass-201702011/src/mprocess.cpp:2555:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%lu",(unsigned long)m_tDuplicateIds);
data/tandem-mass-201702011/src/mprocess.cpp:2561:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%lu",(unsigned long)m_tPeptideCount);
data/tandem-mass-201702011/src/mprocess.cpp:2566:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"list path, sequence source #%i",(int)(tSeq+1));
data/tandem-mass-201702011/src/mprocess.cpp:2571:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"list path, sequence source description #%i",(int)(tSeq+1));
data/tandem-mass-201702011/src/mprocess.cpp:2580:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"list path, saps source #%i",(int)(tSeq+1));
data/tandem-mass-201702011/src/mprocess.cpp:2588:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"list path, mods source #%i",(int)(tSeq+1));
data/tandem-mass-201702011/src/mprocess.cpp:2596:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%u",(unsigned int)m_tRefineModels);
data/tandem-mass-201702011/src/mprocess.cpp:2601:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%u",(unsigned int)(m_tRefineInput));
data/tandem-mass-201702011/src/mprocess.cpp:2606:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%u",(unsigned int)(m_tRefinePartial));
data/tandem-mass-201702011/src/mprocess.cpp:2611:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%u",(unsigned int)(m_tRefineUnanticipated));
data/tandem-mass-201702011/src/mprocess.cpp:2616:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%u",(unsigned int)(m_tRefineNterminal));
data/tandem-mass-201702011/src/mprocess.cpp:2621:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%u",(unsigned int)(m_tRefineCterminal));
data/tandem-mass-201702011/src/mprocess.cpp:2626:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%u",(unsigned int)(m_tRefinePam));
data/tandem-mass-201702011/src/mprocess.cpp:2631:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.4lf",m_dRefineTime/(double)m_vSpectra.size());
data/tandem-mass-201702011/src/mprocess.cpp:2639:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.2lf",(double)m_tContrasted/((double)m_vSpectra.size()+(double)m_tContrasted));
data/tandem-mass-201702011/src/mprocess.cpp:2697:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(strValue.c_str()) > 0)
data/tandem-mass-201702011/src/mprocess.cpp:2698:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lHistogramColumns = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mprocess.cpp:2826:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(strValue.c_str()) > 0)
data/tandem-mass-201702011/src/mprocess.cpp:2827:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lHistogramColumns = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mprocess.cpp:2993:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%u",(unsigned int)m_tValid);
data/tandem-mass-201702011/src/mprocess.cpp:2997:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%u",(unsigned int)m_tUnique);
data/tandem-mass-201702011/src/mprocess.cpp:3002:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%i",(int)m_lReversed);
data/tandem-mass-201702011/src/mprocess.cpp:3012:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%u",(unsigned int)lE);
data/tandem-mass-201702011/src/mprocess.cpp:3047:5: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(strValue.c_str()) > 0)
data/tandem-mass-201702011/src/mprocess.cpp:3048:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
lHistogramColumns = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mprocess.cpp:4147:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned long lThreads = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mprocess.cpp:4159:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_prcLog.open(strValue);
data/tandem-mass-201702011/src/mprocess.cpp:4177:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pStream = fopen(strValue.c_str(),"r");
data/tandem-mass-201702011/src/mprocess.cpp:4222:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifTest.open(strValue.c_str());
data/tandem-mass-201702011/src/mprocess.cpp:4227:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifTest.open(strValue.c_str());
data/tandem-mass-201702011/src/mprocess.cpp:4250:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(ldCmn.open(strValue)) {
data/tandem-mass-201702011/src/mprocess.cpp:4275:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(ldGaml.open(strV)) {
data/tandem-mass-201702011/src/mprocess.cpp:4306:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(ldGaml.open(strValue)) {
data/tandem-mass-201702011/src/mprocess.cpp:4320:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(ldMatrix.open(strValue)) {
data/tandem-mass-201702011/src/mprocess.cpp:4352:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(ldPkl.open(strValue)) {
data/tandem-mass-201702011/src/mprocess.cpp:4389:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(ldMzxml.open(strValue)) {
data/tandem-mass-201702011/src/mprocess.cpp:4404:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(ldMzml.open(strValue)) {
data/tandem-mass-201702011/src/mprocess.cpp:4414:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(ldMzdata.open(strValue)) {
data/tandem-mass-201702011/src/mprocess.cpp:4429:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!ldSpec.open(strValue)) {
data/tandem-mass-201702011/src/mprocess.cpp:4497:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pFile = fopen(strValue.c_str(),"r");
data/tandem-mass-201702011/src/mprocess.cpp:4569:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(ldCmn.open(strValue)) {
data/tandem-mass-201702011/src/mprocess.cpp:4973:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifTest.open(xmlTax.m_vstrPaths[a].c_str());
data/tandem-mass-201702011/src/mprocess.cpp:5054:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifTest.open(xmlTax.m_vstrPaths[a].c_str());
data/tandem-mass-201702011/src/mprocess.cpp:5095:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pFile = fopen(strValue.c_str(),"wb");
data/tandem-mass-201702011/src/mprocess.cpp:5135:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *pFile = fopen(strValue.c_str(),"rb");
data/tandem-mass-201702011/src/mprocess.h:231:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(string &_s) {
data/tandem-mass-201702011/src/mprocess.h:232:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofLog.open(_s.c_str());
data/tandem-mass-201702011/src/mprocess.h:245:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pLine[256];
data/tandem-mass-201702011/src/mrefine.cpp:198:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"refine, modification mass %i",b);
data/tandem-mass-201702011/src/mrefine.cpp:203:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"refine, modification mass %i",b);
data/tandem-mass-201702011/src/mrefine.cpp:315:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_pProcess->m_lStartMax = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mreport.cpp:236:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.6lf",_s.m_dMH);
data/tandem-mass-201702011/src/mreport.cpp:241:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.2lf",log10(_s.m_vdStats[0]));
data/tandem-mass-201702011/src/mreport.cpp:249:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.6lf",_s.m_dMH);
data/tandem-mass-201702011/src/mreport.cpp:253:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.1e",_s.m_dExpect);
data/tandem-mass-201702011/src/mreport.cpp:259:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.2lf",log10(_s.m_vdStats[0]));
data/tandem-mass-201702011/src/mreport.cpp:654:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"\t<aa type=\"%c\" mass=\"%.6lf\" />\n",cAa,_p.m_pdAaMass[cAa]);
data/tandem-mass-201702011/src/mreport.cpp:658:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"\t<molecule type=\"NH3\" mass=\"%.6lf\" />\n",_p.m_dAmmonia);
data/tandem-mass-201702011/src/mreport.cpp:660:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"\t<molecule type=\"H2O\" mass=\"%.6lf\" />\n",_p.m_dWater);
data/tandem-mass-201702011/src/mreport.cpp:718:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.0f",_s.m_vMI[a].m_fI);
data/tandem-mass-201702011/src/mreport.cpp:757:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.1lf",_s.m_vseqBest[a].m_dExpect);
data/tandem-mass-201702011/src/mreport.cpp:759:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pLine,"-5999.0");
data/tandem-mass-201702011/src/mreport.cpp:768:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"sumI=\"%.2lf\" ",log10(_s.m_vseqBest[a].m_fIntensity));
data/tandem-mass-201702011/src/mreport.cpp:811:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.1e",_s.m_hHyper.expect(m_Score.hconvert(_s.m_vseqBest[a].m_vDomains[b].m_fHyper)));
data/tandem-mass-201702011/src/mreport.cpp:817:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.3lf",_s.m_vseqBest[a].m_vDomains[b].m_dMH);
data/tandem-mass-201702011/src/mreport.cpp:820:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.4lf",_s.m_vseqBest[a].m_vDomains[b].m_dMH);
data/tandem-mass-201702011/src/mreport.cpp:824:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.3lf",dDelta);
data/tandem-mass-201702011/src/mreport.cpp:827:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.4lf",dDelta);
data/tandem-mass-201702011/src/mreport.cpp:851:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.5lf",_s.m_vseqBest[a].m_vDomains[b].m_vAa[c].m_dMod);
data/tandem-mass-201702011/src/mreport.cpp:860:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.5lf",_s.m_vseqBest[a].m_vDomains[b].m_vAa[c].m_dPrompt);
data/tandem-mass-201702011/src/mreport.cpp:930:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pLine[256];
data/tandem-mass-201702011/src/mreport.cpp:940:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%i.t",rand());
data/tandem-mass-201702011/src/mreport.cpp:945:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofOut.open(strPath.c_str());
data/tandem-mass-201702011/src/mscore.cpp:1174:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"%.1f",hconvert(_hyper));
data/tandem-mass-201702011/src/mscore.cpp:1193:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq, m_State.m_pSeqS, m_lSeqLength);
data/tandem-mass-201702011/src/mscore.cpp:1436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq,m_Sap.m_pSeqTrue,m_lSeqLength);
data/tandem-mass-201702011/src/mscore.cpp:1448:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq,m_Sap.m_pSeqTrue,m_lSeqLength);
data/tandem-mass-201702011/src/mscore.cpp:1570:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq,m_State.m_pSeqS,m_lSeqLength);
data/tandem-mass-201702011/src/mscore.cpp:1576:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq,m_State.m_pSeqS,m_lSeqLength);
data/tandem-mass-201702011/src/mscore.cpp:1650:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq, m_State.m_pSeqS, m_lSeqLength);
data/tandem-mass-201702011/src/mscore.cpp:1674:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq, m_State.m_pSeqS, m_lSeqLength);
data/tandem-mass-201702011/src/mscore.cpp:1942:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq,_s,_l+1);
data/tandem-mass-201702011/src/mscore.cpp:2145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_psPermute.m_pSeq,m_pSeq,m_lSeqLength+1);
data/tandem-mass-201702011/src/mscore.cpp:2153:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq,m_psPermute.m_pSeq, m_lSeqLength + 1);
data/tandem-mass-201702011/src/mscore.cpp:2162:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq,strTemp.c_str(), m_lSeqLength + 1);
data/tandem-mass-201702011/src/mscore.cpp:2170:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_psPermute.m_pPerm + 1,m_pSeq,m_lSeqLength);
data/tandem-mass-201702011/src/mscore.cpp:2173:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_pSeq,m_psPermute.m_pPerm,m_lSeqLength);
data/tandem-mass-201702011/src/mscorepam.h:150:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(m_pAa,"ACDEFGHKLMNPQRSTVWY");
data/tandem-mass-201702011/src/msequenceserver.cpp:238:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifTest.open(xmlTax.m_vstrPaths[a].c_str());
data/tandem-mass-201702011/src/msequenceserver.cpp:519:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cl[4];
data/tandem-mass-201702011/src/msequenceserver.cpp:524:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cl[4];
data/tandem-mass-201702011/src/msequenceserver.cpp:643:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_pInput = fopen(m_strPath.c_str(),"rb");
data/tandem-mass-201702011/src/msequenceserver.cpp:666:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_pInput = fopen(m_strPath.c_str(),"r");
data/tandem-mass-201702011/src/msequtilities.cpp:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cValue[128];
data/tandem-mass-201702011/src/msequtilities.cpp:442:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iDepth = atoi(cValue);
data/tandem-mass-201702011/src/msequtilities.cpp:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cValue[128];
data/tandem-mass-201702011/src/msequtilities.cpp:569:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iDepth = atoi(cValue);
data/tandem-mass-201702011/src/msequtilities.cpp:981:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifIn.open(_p.c_str());
data/tandem-mass-201702011/src/mspectrumcondition.cpp:493:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_tMaxPeaks = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mspectrumcondition.cpp:498:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_lMinSize = atoi(strValue.c_str());
data/tandem-mass-201702011/src/mzid_report.cpp:178:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofOut.open(m_strPath.c_str());
data/tandem-mass-201702011/src/mzid_report.cpp:366:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iScan = atoi(strScan.c_str());
data/tandem-mass-201702011/src/mzid_report.cpp:378:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%i_%i_%i", (int)_vs[a].m_tId,(int)(b+1),(int)(c+1));
data/tandem-mass-201702011/src/mzid_report.cpp:408:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.4lf",dProton + (_vs[a].m_vseqBest[vtB[x]].m_vDomains[vtC[x]].m_dMH - dProton)/(double)(_vs[a].m_fZ));
data/tandem-mass-201702011/src/mzid_report.cpp:410:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.4lf",dProton + (_vs[a].m_dMH - dProton)/(double)(_vs[a].m_fZ));
data/tandem-mass-201702011/src/mzid_report.cpp:417:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%i_%i_%i",(int)_vs[a].m_tId,(int)(b+1),(int)(c+1));
data/tandem-mass-201702011/src/mzid_report.cpp:429:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.1e",_vs[a].m_hHyper.expect(m_Score.hconvert(_vs[a].m_vseqBest[0].m_vDomains[0].m_fHyper)));
data/tandem-mass-201702011/src/mzid_report.cpp:634:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%i_%i_%i",(int)_vs[a].m_tId, (int)(b+1), (int)(c+1));
data/tandem-mass-201702011/src/mzid_report.cpp:714:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"<Peptide id=\"Pep_");
data/tandem-mass-201702011/src/mzid_report.cpp:716:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%i_%i_%i",(int)_vs[a].m_tId,(int)(b+1),(int)(c+1));
data/tandem-mass-201702011/src/mzid_report.cpp:719:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"\">\n");
data/tandem-mass-201702011/src/mzid_report.cpp:728:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%.4lf",_vs[a].m_vseqBest[b].m_vDomains[c].m_vAa[d].m_dMod);
data/tandem-mass-201702011/src/mzid_report.cpp:733:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"%i",_vs[a].m_vseqBest[b].m_vDomains[c].m_vAa[d].m_lPos - _vs[a].m_vseqBest[b].m_vDomains[c].m_lS+1);
data/tandem-mass-201702011/src/p3msequenceserver.cpp:174:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifTest.open(strTest.c_str());
data/tandem-mass-201702011/src/p3msequenceserver.cpp:209:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_pInput = fopen(m_strPath.c_str(),"rb");
data/tandem-mass-201702011/src/p3msequenceserver.cpp:254:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifTest.open(xmlTax.m_vstrPaths[a].c_str());
data/tandem-mass-201702011/src/saxbiomlhandler.cpp:168:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_seqCurrent.m_tUid = (size_t)atoi(strValue.c_str());
data/tandem-mass-201702011/src/saxgamlhandler.cpp:180:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_tId = atoi(getAttrValue("id", attr));
data/tandem-mass-201702011/src/saxgamlhandler.cpp:182:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_precursorCharge = atoi(getAttrValue("z", attr));
data/tandem-mass-201702011/src/saxgamlhandler.cpp:195:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_peaksCount = atoi(getAttrValue("numvalues", attr));
data/tandem-mass-201702011/src/saxhandler.cpp:202:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* pfIn = fopen(m_strFileName.data(), "r");
data/tandem-mass-201702011/src/saxhandler.cpp:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8192];
data/tandem-mass-201702011/src/saxhandler.cpp:411:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* pDecoded = (char *) new char[size];
data/tandem-mass-201702011/src/saxhandler.cpp:469:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* pDecoded = (char *) new char[size];
data/tandem-mass-201702011/src/saxhandler.cpp:656:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/tandem-mass-201702011/src/saxhandler.cpp:657:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", m_scanNum);
data/tandem-mass-201702011/src/saxhandler.cpp:660:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", (int)m_specCurrent.m_fZ);
data/tandem-mass-201702011/src/saxmzdatahandler.cpp:54:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_scanNum = atoi(getAttrValue("id", attr));
data/tandem-mass-201702011/src/saxmzdatahandler.cpp:66:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if( (m_cidLevel = atoi(getAttrValue("msLevel", attr))) == 2 )
data/tandem-mass-201702011/src/saxmzdatahandler.cpp:82:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_precursorCharge = atoi(value);
data/tandem-mass-201702011/src/saxmzdatahandler.cpp:94:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_precursorCharge = atoi(value);
data/tandem-mass-201702011/src/saxmzdatahandler.cpp:100:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_precursorCharge = atoi(value);
data/tandem-mass-201702011/src/saxmzdatahandler.cpp:119:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_peaksCount = atoi(getAttrValue("length", attr));
data/tandem-mass-201702011/src/saxmzmlhandler.cpp:65:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_scanNum = atoi(getAttrValue("index", attr));
data/tandem-mass-201702011/src/saxmzmlhandler.cpp:72:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int iLevel = atoi(getAttrValue("msLevel", attr));
data/tandem-mass-201702011/src/saxmzmlhandler.cpp:76:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_peaksCount = atoi(getAttrValue("defaultArrayLength", attr));
data/tandem-mass-201702011/src/saxmzmlhandler.cpp:129:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(getAttrValue("arrayLength", attr)) > 0) {
data/tandem-mass-201702011/src/saxmzmlhandler.cpp:130:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_peaksCount = atoi(getAttrValue("arrayLength", attr));
data/tandem-mass-201702011/src/saxmzmlhandler.cpp:172:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_precursorCharge = atoi(value);
data/tandem-mass-201702011/src/saxmzmlhandler.cpp:180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pLine[256];
data/tandem-mass-201702011/src/saxmzmlhandler.cpp:181:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"PT%.3lfS",60.0*atof(value));
data/tandem-mass-201702011/src/saxmzmlhandler.cpp:190:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pLine[256];
data/tandem-mass-201702011/src/saxmzmlhandler.cpp:191:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pLine,"INT%.3e",atof(value));
data/tandem-mass-201702011/src/saxmzxmlhandler.cpp:40:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((m_cidLevel = atoi(getAttrValue("msLevel", attr))) == 2)
data/tandem-mass-201702011/src/saxmzxmlhandler.cpp:46:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_scanNum = atoi(getAttrValue("num", attr));
data/tandem-mass-201702011/src/saxmzxmlhandler.cpp:52:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_peaksCount = atoi(getAttrValue("peaksCount", attr));
data/tandem-mass-201702011/src/saxmzxmlhandler.cpp:71:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_precursorCharge = atoi(getAttrValue("precursorCharge", attr));
data/tandem-mass-201702011/src/saxsaphandler.cpp:167:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m_pairItem.first = atoi(strValue.c_str());
data/tandem-mass-201702011/src/saxtandeminputhandler.cpp:181:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifXml.open(m_strXmlPath.c_str());
data/tandem-mass-201702011/src/loadmspectrum.cpp:552:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pLine) == 255) {
data/tandem-mass-201702011/src/loadmspectrum.cpp:696:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(pValue != nullptr && strlen(pValue) > 2) {
data/tandem-mass-201702011/src/loadmspectrum.cpp:747:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pLine) == 255) {
data/tandem-mass-201702011/src/loadmspectrum.cpp:822:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pLine) == 255) {
data/tandem-mass-201702011/src/loadmspectrum.cpp:887:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(pValue != nullptr && strlen(pValue) > 2) {
data/tandem-mass-201702011/src/loadmspectrum.cpp:952:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pLine) == 255) {
data/tandem-mass-201702011/src/loadmspectrum.cpp:1017:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pLine) == 255) {
data/tandem-mass-201702011/src/mcleave.h:147:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(m_pCCleave,"P");
data/tandem-mass-201702011/src/mmotif.h:168:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(_p) == 0) {
data/tandem-mass-201702011/src/mmotif.h:171:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(m_pMotif,"");
data/tandem-mass-201702011/src/mmotif.h:181:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(m_pMotif,"X");
data/tandem-mass-201702011/src/mmotif.h:184:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *pValue = new char[strlen(_p)+1];
data/tandem-mass-201702011/src/mmotif.h:281:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(_p) == 0) {
data/tandem-mass-201702011/src/mmotif.h:297:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tEnd = strlen(pStart);
data/tandem-mass-201702011/src/mprocess.cpp:1793:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
long lOutLimit = (long)strlen(pOut);
data/tandem-mass-201702011/src/mprocess.cpp:2774:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tPos += strlen("|source=");
data/tandem-mass-201702011/src/mprocess.cpp:2952:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tPos += strlen("|source=");
data/tandem-mass-201702011/src/mprocess.cpp:3125:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tPos += strlen("|source=");
data/tandem-mass-201702011/src/mprocess.cpp:4224:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pValue) == 1023) {
data/tandem-mass-201702011/src/mprocess.cpp:4231:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pValue) == 1023 && !strchr(pValue,'<')) {
data/tandem-mass-201702011/src/mscore.cpp:1010:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cRes = m_pSeq[strlen(m_pSeq) - 1];
data/tandem-mass-201702011/src/mscore.cpp:1013:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aaValue.m_lPos = (unsigned int)(_a + strlen(m_pSeq) - 1);
data/tandem-mass-201702011/src/mscorepam.h:151:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_tAaTotal = strlen(m_pAa);
data/tandem-mass-201702011/src/mscorepam.h:184:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_tLength = strlen(_p);
data/tandem-mass-201702011/src/mscorepam.h:297:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_tLength = strlen(_p);
data/tandem-mass-201702011/src/mscorepam.h:338:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_tLength = strlen(_p);
data/tandem-mass-201702011/src/msequenceserver.cpp:310:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pValue += strlen(pValue);
data/tandem-mass-201702011/src/msequenceserver.cpp:321:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(m_lSize - strlen(m_pLine) < 1024) {
data/tandem-mass-201702011/src/msequenceserver.cpp:327:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pValue = m_pLine + strlen(m_pLine);
data/tandem-mass-201702011/src/msequenceserver.cpp:346:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pEol = pValue + strlen(pValue) - 1;
data/tandem-mass-201702011/src/msequenceserver.cpp:588:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pEol = pLine + strlen(pLine) - 1;
data/tandem-mass-201702011/src/msequenceserver.cpp:659:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pV) > 0) {
data/tandem-mass-201702011/src/msequenceserver.cpp:698:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pEol = m_pLine + strlen(m_pLine) - 1;
data/tandem-mass-201702011/src/mzid_report.cpp:533:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(pMass,"");
data/tandem-mass-201702011/src/saxmzdatahandler.cpp:120:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(getAttrValue("endian", attr)) > 0) {
data/tandem-mass-201702011/src/saxmzdatahandler.cpp:123:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(getAttrValue("precision", attr)) > 0) {
data/tandem-mass-201702011/src/saxmzdatahandler.cpp:131:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(getAttrValue("endian", attr)) > 0) {
data/tandem-mass-201702011/src/saxmzdatahandler.cpp:134:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(getAttrValue("precision", attr)) > 0) {
data/tandem-mass-201702011/src/saxmzxmlhandler.cpp:61:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(pcompressionType) != 0 && !strstr(pcompressionType,"none")) {
ANALYSIS SUMMARY:
Hits = 300
Lines analyzed = 35182 in approximately 1.44 seconds (24435 lines/second)
Physical Source Lines of Code (SLOC) = 19165
Hits@level = [0] 32 [1] 39 [2] 239 [3] 1 [4] 21 [5] 0
Hits@level+ = [0+] 332 [1+] 300 [2+] 261 [3+] 22 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 17.3232 [1+] 15.6535 [2+] 13.6186 [3+] 1.14793 [4+] 1.09575 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.