Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tandem-mass-201702011/src/MSNumpress.cpp Examining data/tandem-mass-201702011/src/MSNumpress.hpp Examining data/tandem-mass-201702011/src/base64.h Examining data/tandem-mass-201702011/src/expat.h Examining data/tandem-mass-201702011/src/expat_external.h Examining data/tandem-mass-201702011/src/expat_external_old.h Examining data/tandem-mass-201702011/src/expat_old.h Examining data/tandem-mass-201702011/src/loadmspectrum.h Examining data/tandem-mass-201702011/src/masscalc.cpp Examining data/tandem-mass-201702011/src/masscalc.h Examining data/tandem-mass-201702011/src/mbiomlreport.cpp Examining data/tandem-mass-201702011/src/mbiomlreport.h Examining data/tandem-mass-201702011/src/mdomains.h Examining data/tandem-mass-201702011/src/mpam.cpp Examining data/tandem-mass-201702011/src/mpam.h Examining data/tandem-mass-201702011/src/mplugin.cpp Examining data/tandem-mass-201702011/src/mplugin.h Examining data/tandem-mass-201702011/src/mpmods.cpp Examining data/tandem-mass-201702011/src/mpmods.h Examining data/tandem-mass-201702011/src/mprocess.cpp Examining data/tandem-mass-201702011/src/mprocess.h Examining data/tandem-mass-201702011/src/mrefine.cpp Examining data/tandem-mass-201702011/src/mrefine.h Examining data/tandem-mass-201702011/src/mreport.cpp Examining data/tandem-mass-201702011/src/mreport.h Examining data/tandem-mass-201702011/src/mscore.cpp Examining data/tandem-mass-201702011/src/mscore.h Examining data/tandem-mass-201702011/src/mscore_tandem.cpp Examining data/tandem-mass-201702011/src/mscore_tandem.h Examining data/tandem-mass-201702011/src/mscorepam.h Examining data/tandem-mass-201702011/src/mscorestate.h Examining data/tandem-mass-201702011/src/msemistate.h Examining data/tandem-mass-201702011/src/msequence.h Examining data/tandem-mass-201702011/src/msequencecollection.cpp Examining data/tandem-mass-201702011/src/msequencecollection.h Examining data/tandem-mass-201702011/src/msequenceserver.h Examining data/tandem-mass-201702011/src/msequtilities.cpp Examining data/tandem-mass-201702011/src/msequtilities.h Examining data/tandem-mass-201702011/src/mspectrum.h Examining data/tandem-mass-201702011/src/mspectrumcondition.cpp Examining data/tandem-mass-201702011/src/mspectrumcondition.h Examining data/tandem-mass-201702011/src/mtermmods.cpp Examining data/tandem-mass-201702011/src/mtermmods.h Examining data/tandem-mass-201702011/src/mxxcleavage.cpp Examining data/tandem-mass-201702011/src/mxxcleavage.h Examining data/tandem-mass-201702011/src/mzid_report.cpp Examining data/tandem-mass-201702011/src/mzid_report.h Examining data/tandem-mass-201702011/src/p3.cpp Examining data/tandem-mass-201702011/src/p3mprocess.cpp Examining data/tandem-mass-201702011/src/p3mprocess.h Examining data/tandem-mass-201702011/src/p3msequenceserver.h Examining data/tandem-mass-201702011/src/resource.h Examining data/tandem-mass-201702011/src/saxbiomlhandler.cpp Examining data/tandem-mass-201702011/src/saxbiomlhandler.h Examining data/tandem-mass-201702011/src/saxgamlhandler.cpp Examining data/tandem-mass-201702011/src/saxgamlhandler.h Examining data/tandem-mass-201702011/src/saxmodhandler.cpp Examining data/tandem-mass-201702011/src/saxmodhandler.h Examining data/tandem-mass-201702011/src/saxmzdatahandler.cpp Examining data/tandem-mass-201702011/src/saxmzdatahandler.h Examining data/tandem-mass-201702011/src/saxmzmlhandler.cpp Examining data/tandem-mass-201702011/src/saxmzmlhandler.h Examining data/tandem-mass-201702011/src/saxmzxmlhandler.cpp Examining data/tandem-mass-201702011/src/saxmzxmlhandler.h Examining data/tandem-mass-201702011/src/saxsaphandler.cpp Examining data/tandem-mass-201702011/src/saxsaphandler.h Examining data/tandem-mass-201702011/src/saxtandeminputhandler.cpp Examining data/tandem-mass-201702011/src/saxtandeminputhandler.h Examining data/tandem-mass-201702011/src/saxtaxhandler.cpp Examining data/tandem-mass-201702011/src/saxtaxhandler.h Examining data/tandem-mass-201702011/src/stdafx.cpp Examining data/tandem-mass-201702011/src/stdafx.h Examining data/tandem-mass-201702011/src/tandem.cpp Examining data/tandem-mass-201702011/src/xmlparameter.cpp Examining data/tandem-mass-201702011/src/xmlparameter.h Examining data/tandem-mass-201702011/src/xmltaxonomy.cpp Examining data/tandem-mass-201702011/src/xmltaxonomy.h Examining data/tandem-mass-201702011/src/base64.cpp Examining data/tandem-mass-201702011/src/saxhandler.h Examining data/tandem-mass-201702011/src/mhistogram.h Examining data/tandem-mass-201702011/src/mcleave.h Examining data/tandem-mass-201702011/src/mmotif.h Examining data/tandem-mass-201702011/src/msequenceserver.cpp Examining data/tandem-mass-201702011/src/p3msequenceserver.cpp Examining data/tandem-mass-201702011/src/loadmspectrum.cpp Examining data/tandem-mass-201702011/src/saxhandler.cpp FINAL RESULTS: data/tandem-mass-201702011/src/mcleave.h:165:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pNCleave,rhs.m_pNCleave); data/tandem-mass-201702011/src/mcleave.h:166:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pCCleave,rhs.m_pCCleave); data/tandem-mass-201702011/src/mmotif.h:185:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pValue,_p); data/tandem-mass-201702011/src/mmotif.h:249:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pMotif,rhs.m_pMotif); data/tandem-mass-201702011/src/mprocess.cpp:1790:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pOut,"%s",strValue.c_str()); data/tandem-mass-201702011/src/mprocess.cpp:3642:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pSeq,_s.m_strSeq.c_str()); data/tandem-mass-201702011/src/mreport.cpp:772:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(pLine," annotation=\"%s\"",(itMod->second).c_str()); data/tandem-mass-201702011/src/mscore.cpp:873:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pSeq + lOldLength,_s + lOldLength); data/tandem-mass-201702011/src/mscore.cpp:1368:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pSeq,m_Pam.m_pSeqTrue); data/tandem-mass-201702011/src/mscore.cpp:1378:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pSeq,m_Pam.m_pSeqTrue); data/tandem-mass-201702011/src/mscore.cpp:2167:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pSeq,m_psPermute.m_pSeq); data/tandem-mass-201702011/src/mscorepam.h:182:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pSeqTrue,_p); data/tandem-mass-201702011/src/mscorepam.h:295:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pSeqTrue,_p); data/tandem-mass-201702011/src/mscorepam.h:336:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pSeqTrue,_p); data/tandem-mass-201702011/src/mscorestate.h:217:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pSeqS,_p); data/tandem-mass-201702011/src/msequenceserver.cpp:326:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(m_pLine,strTemp.c_str()); data/tandem-mass-201702011/src/msequtilities.cpp:646:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pString,_s.m_strSeq.c_str()); data/tandem-mass-201702011/src/msequtilities.cpp:694:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pOut,strValue.c_str()); data/tandem-mass-201702011/src/msequtilities.cpp:704:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pOut,strValue.c_str()); data/tandem-mass-201702011/src/saxhandler.cpp:313:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pLine,m_strData.c_str()); data/tandem-mass-201702011/src/tandem.cpp:231:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pS,argv[1]); data/tandem-mass-201702011/src/mreport.cpp:939:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/tandem-mass-201702011/src/MSNumpress.cpp:244:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char halfBytes[10]; data/tandem-mass-201702011/src/MSNumpress.cpp:539:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char halfBytes[10]; data/tandem-mass-201702011/src/base64.cpp:20:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ingrp[3]; data/tandem-mass-201702011/src/loadmspectrum.cpp:162:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool loadgaml::open(string &_s) data/tandem-mass-201702011/src/loadmspectrum.cpp:214:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:258:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool loadmzdata::open(string &_s) data/tandem-mass-201702011/src/loadmspectrum.cpp:311:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:350:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool loadmzxml::open(string &_s) data/tandem-mass-201702011/src/loadmspectrum.cpp:402:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:531:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool loadmatrix::open(string &_s) data/tandem-mass-201702011/src/loadmspectrum.cpp:541:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:557:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:584:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:600:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:609:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:726:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool loadpkl::open(string &_s) data/tandem-mass-201702011/src/loadmspectrum.cpp:736:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:757:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:796:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:812:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:830:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:932:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool loaddta::open(string &_s) data/tandem-mass-201702011/src/loadmspectrum.cpp:942:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:963:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:991:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:1007:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:1022:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:1139:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool loadcmn::open(string &_s) data/tandem-mass-201702011/src/loadmspectrum.cpp:1150:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_pFile = fopen(m_strPath.c_str(),"rb"); data/tandem-mass-201702011/src/loadmspectrum.cpp:1178:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(_s); data/tandem-mass-201702011/src/loadmspectrum.cpp:1200:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool loadmzml::open(string &_s) data/tandem-mass-201702011/src/loadmspectrum.cpp:1247:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.h:156:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(string &_s) {return true; } // attaches the data file to m_ifIn and checks formats data/tandem-mass-201702011/src/loadmspectrum.h:159:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ifIn.open(m_strPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.h:226:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(string &_s); data/tandem-mass-201702011/src/loadmspectrum.h:254:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(string &_s); data/tandem-mass-201702011/src/loadmspectrum.h:270:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(string &_s); data/tandem-mass-201702011/src/loadmspectrum.h:287:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(string &_s); data/tandem-mass-201702011/src/loadmspectrum.h:312:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(string &_s); data/tandem-mass-201702011/src/loadmspectrum.h:334:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(string &_s); data/tandem-mass-201702011/src/loadmspectrum.h:355:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(string &_s); data/tandem-mass-201702011/src/loadmspectrum.h:373:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(string &_s); data/tandem-mass-201702011/src/masscalc.cpp:173:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). count = atoi(pchCount); data/tandem-mass-201702011/src/mbiomlreport.cpp:159:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ofOut.open(m_strPath.c_str()); data/tandem-mass-201702011/src/mcleave.h:146:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(m_pNCleave,"KR"); data/tandem-mass-201702011/src/mcleave.h:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_pNCleave[32]; // residues that are valid cleavage sites (or invalid if m_bN = false) data/tandem-mass-201702011/src/mcleave.h:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_pCCleave[32]; // residues that are valid cleavage sites (or invalid if m_bC = false) data/tandem-mass-201702011/src/mhistogram.h:298:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pListNew, m_pList, m_lLength * sizeof(int)); data/tandem-mass-201702011/src/mhistogram.h:501:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pList, rhs.m_pList, size); data/tandem-mass-201702011/src/mmotif.h:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_pMotif[32]; data/tandem-mass-201702011/src/mmotif.h:342:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned long c = (unsigned long)atoi(pStart+a); data/tandem-mass-201702011/src/mpam.cpp:194:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_pProcess->m_tMissedCleaves = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mpmods.cpp:194:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_pProcess->m_tMissedCleaves = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mpmods.cpp:197:55: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (m_pProcess->m_xmlValues.get(strKey, strValue) && atoi(strValue.c_str()) >= 0) { data/tandem-mass-201702011/src/mpmods.cpp:198:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tRefineMaxSites = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mpmods.cpp:201:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pLine[16]; data/tandem-mass-201702011/src/mpmods.cpp:202:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%i", (int)tRefineMaxSites); data/tandem-mass-201702011/src/mpmods.cpp:270:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pValue[8]; data/tandem-mass-201702011/src/mpmods.cpp:271:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pValue," %i",(int)lPMCount); data/tandem-mass-201702011/src/mpmods.cpp:309:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pValue," %i",(int)lPMCount); data/tandem-mass-201702011/src/mprocess.cpp:242:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pLine[256]; data/tandem-mass-201702011/src/mprocess.cpp:806:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.1lf",dValue); data/tandem-mass-201702011/src/mprocess.cpp:1339:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"residue, modification mass %i",(int)a); data/tandem-mass-201702011/src/mprocess.cpp:1344:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"residue, modification mass %i",(int)a); data/tandem-mass-201702011/src/mprocess.cpp:1570:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char v[16]; data/tandem-mass-201702011/src/mprocess.cpp:1571:14: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. strValue = sprintf(v, "%.1lf",dErrorValue); data/tandem-mass-201702011/src/mprocess.cpp:1636:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(strValue.c_str()) > 0) { data/tandem-mass-201702011/src/mprocess.cpp:1637:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_lStartMax = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mprocess.cpp:1701:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_lIonCount = (unsigned long)atoi(strValue.c_str()) - 1; data/tandem-mass-201702011/src/mprocess.cpp:1704:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_tMissedCleaves = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mprocess.cpp:1710:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size_t tBatch = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mprocess.cpp:1765:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pLine[32]; data/tandem-mass-201702011/src/mprocess.cpp:1782:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pOut,"Spectrum-to-sequence matching process in progress"); data/tandem-mass-201702011/src/mprocess.cpp:2124:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%.1lf", dEnd); data/tandem-mass-201702011/src/mprocess.cpp:2128:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%.1lf", dStart); data/tandem-mass-201702011/src/mprocess.cpp:2132:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%i", iDiscards); data/tandem-mass-201702011/src/mprocess.cpp:2136:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%i", iMax); data/tandem-mass-201702011/src/mprocess.cpp:2140:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%i", iLimit); data/tandem-mass-201702011/src/mprocess.cpp:2313:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%.4lf", dEnd); data/tandem-mass-201702011/src/mprocess.cpp:2317:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%.4lf", dStart); data/tandem-mass-201702011/src/mprocess.cpp:2321:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%i", iDiscards); data/tandem-mass-201702011/src/mprocess.cpp:2325:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%i", iMax); data/tandem-mass-201702011/src/mprocess.cpp:2329:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine, "%i", iLimit); data/tandem-mass-201702011/src/mprocess.cpp:2520:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%i",(int)m_viQuality[a]); data/tandem-mass-201702011/src/mprocess.cpp:2529:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.2lf",m_dSearchTime); data/tandem-mass-201702011/src/mprocess.cpp:2533:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.4lf",m_dSearchTime/(double)m_tSpectraTotal); data/tandem-mass-201702011/src/mprocess.cpp:2537:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.2lf",m_svrSequences.get_time()); data/tandem-mass-201702011/src/mprocess.cpp:2541:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%lu",(unsigned long)m_tSpectraTotal); data/tandem-mass-201702011/src/mprocess.cpp:2545:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%lu",(unsigned long)m_tProteinCount); data/tandem-mass-201702011/src/mprocess.cpp:2551:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%lu",(unsigned long)m_tDuplicates); data/tandem-mass-201702011/src/mprocess.cpp:2555:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%lu",(unsigned long)m_tDuplicateIds); data/tandem-mass-201702011/src/mprocess.cpp:2561:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%lu",(unsigned long)m_tPeptideCount); data/tandem-mass-201702011/src/mprocess.cpp:2566:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"list path, sequence source #%i",(int)(tSeq+1)); data/tandem-mass-201702011/src/mprocess.cpp:2571:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"list path, sequence source description #%i",(int)(tSeq+1)); data/tandem-mass-201702011/src/mprocess.cpp:2580:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"list path, saps source #%i",(int)(tSeq+1)); data/tandem-mass-201702011/src/mprocess.cpp:2588:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"list path, mods source #%i",(int)(tSeq+1)); data/tandem-mass-201702011/src/mprocess.cpp:2596:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%u",(unsigned int)m_tRefineModels); data/tandem-mass-201702011/src/mprocess.cpp:2601:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%u",(unsigned int)(m_tRefineInput)); data/tandem-mass-201702011/src/mprocess.cpp:2606:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%u",(unsigned int)(m_tRefinePartial)); data/tandem-mass-201702011/src/mprocess.cpp:2611:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%u",(unsigned int)(m_tRefineUnanticipated)); data/tandem-mass-201702011/src/mprocess.cpp:2616:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%u",(unsigned int)(m_tRefineNterminal)); data/tandem-mass-201702011/src/mprocess.cpp:2621:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%u",(unsigned int)(m_tRefineCterminal)); data/tandem-mass-201702011/src/mprocess.cpp:2626:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%u",(unsigned int)(m_tRefinePam)); data/tandem-mass-201702011/src/mprocess.cpp:2631:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.4lf",m_dRefineTime/(double)m_vSpectra.size()); data/tandem-mass-201702011/src/mprocess.cpp:2639:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.2lf",(double)m_tContrasted/((double)m_vSpectra.size()+(double)m_tContrasted)); data/tandem-mass-201702011/src/mprocess.cpp:2697:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(strValue.c_str()) > 0) data/tandem-mass-201702011/src/mprocess.cpp:2698:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lHistogramColumns = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mprocess.cpp:2826:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(strValue.c_str()) > 0) data/tandem-mass-201702011/src/mprocess.cpp:2827:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lHistogramColumns = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mprocess.cpp:2993:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%u",(unsigned int)m_tValid); data/tandem-mass-201702011/src/mprocess.cpp:2997:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%u",(unsigned int)m_tUnique); data/tandem-mass-201702011/src/mprocess.cpp:3002:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%i",(int)m_lReversed); data/tandem-mass-201702011/src/mprocess.cpp:3012:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%u",(unsigned int)lE); data/tandem-mass-201702011/src/mprocess.cpp:3047:5: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(strValue.c_str()) > 0) data/tandem-mass-201702011/src/mprocess.cpp:3048:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lHistogramColumns = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mprocess.cpp:4147:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned long lThreads = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mprocess.cpp:4159:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_prcLog.open(strValue); data/tandem-mass-201702011/src/mprocess.cpp:4177:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pStream = fopen(strValue.c_str(),"r"); data/tandem-mass-201702011/src/mprocess.cpp:4222:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifTest.open(strValue.c_str()); data/tandem-mass-201702011/src/mprocess.cpp:4227:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifTest.open(strValue.c_str()); data/tandem-mass-201702011/src/mprocess.cpp:4250:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(ldCmn.open(strValue)) { data/tandem-mass-201702011/src/mprocess.cpp:4275:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(ldGaml.open(strV)) { data/tandem-mass-201702011/src/mprocess.cpp:4306:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(ldGaml.open(strValue)) { data/tandem-mass-201702011/src/mprocess.cpp:4320:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(ldMatrix.open(strValue)) { data/tandem-mass-201702011/src/mprocess.cpp:4352:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(ldPkl.open(strValue)) { data/tandem-mass-201702011/src/mprocess.cpp:4389:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(ldMzxml.open(strValue)) { data/tandem-mass-201702011/src/mprocess.cpp:4404:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(ldMzml.open(strValue)) { data/tandem-mass-201702011/src/mprocess.cpp:4414:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(ldMzdata.open(strValue)) { data/tandem-mass-201702011/src/mprocess.cpp:4429:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!ldSpec.open(strValue)) { data/tandem-mass-201702011/src/mprocess.cpp:4497:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *pFile = fopen(strValue.c_str(),"r"); data/tandem-mass-201702011/src/mprocess.cpp:4569:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(ldCmn.open(strValue)) { data/tandem-mass-201702011/src/mprocess.cpp:4973:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifTest.open(xmlTax.m_vstrPaths[a].c_str()); data/tandem-mass-201702011/src/mprocess.cpp:5054:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifTest.open(xmlTax.m_vstrPaths[a].c_str()); data/tandem-mass-201702011/src/mprocess.cpp:5095:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *pFile = fopen(strValue.c_str(),"wb"); data/tandem-mass-201702011/src/mprocess.cpp:5135:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *pFile = fopen(strValue.c_str(),"rb"); data/tandem-mass-201702011/src/mprocess.h:231:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(string &_s) { data/tandem-mass-201702011/src/mprocess.h:232:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ofLog.open(_s.c_str()); data/tandem-mass-201702011/src/mprocess.h:245:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pLine[256]; data/tandem-mass-201702011/src/mrefine.cpp:198:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"refine, modification mass %i",b); data/tandem-mass-201702011/src/mrefine.cpp:203:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"refine, modification mass %i",b); data/tandem-mass-201702011/src/mrefine.cpp:315:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_pProcess->m_lStartMax = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mreport.cpp:236:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.6lf",_s.m_dMH); data/tandem-mass-201702011/src/mreport.cpp:241:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.2lf",log10(_s.m_vdStats[0])); data/tandem-mass-201702011/src/mreport.cpp:249:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.6lf",_s.m_dMH); data/tandem-mass-201702011/src/mreport.cpp:253:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.1e",_s.m_dExpect); data/tandem-mass-201702011/src/mreport.cpp:259:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.2lf",log10(_s.m_vdStats[0])); data/tandem-mass-201702011/src/mreport.cpp:654:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"\t<aa type=\"%c\" mass=\"%.6lf\" />\n",cAa,_p.m_pdAaMass[cAa]); data/tandem-mass-201702011/src/mreport.cpp:658:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"\t<molecule type=\"NH3\" mass=\"%.6lf\" />\n",_p.m_dAmmonia); data/tandem-mass-201702011/src/mreport.cpp:660:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"\t<molecule type=\"H2O\" mass=\"%.6lf\" />\n",_p.m_dWater); data/tandem-mass-201702011/src/mreport.cpp:718:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.0f",_s.m_vMI[a].m_fI); data/tandem-mass-201702011/src/mreport.cpp:757:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.1lf",_s.m_vseqBest[a].m_dExpect); data/tandem-mass-201702011/src/mreport.cpp:759:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pLine,"-5999.0"); data/tandem-mass-201702011/src/mreport.cpp:768:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"sumI=\"%.2lf\" ",log10(_s.m_vseqBest[a].m_fIntensity)); data/tandem-mass-201702011/src/mreport.cpp:811:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.1e",_s.m_hHyper.expect(m_Score.hconvert(_s.m_vseqBest[a].m_vDomains[b].m_fHyper))); data/tandem-mass-201702011/src/mreport.cpp:817:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.3lf",_s.m_vseqBest[a].m_vDomains[b].m_dMH); data/tandem-mass-201702011/src/mreport.cpp:820:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.4lf",_s.m_vseqBest[a].m_vDomains[b].m_dMH); data/tandem-mass-201702011/src/mreport.cpp:824:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.3lf",dDelta); data/tandem-mass-201702011/src/mreport.cpp:827:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.4lf",dDelta); data/tandem-mass-201702011/src/mreport.cpp:851:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.5lf",_s.m_vseqBest[a].m_vDomains[b].m_vAa[c].m_dMod); data/tandem-mass-201702011/src/mreport.cpp:860:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.5lf",_s.m_vseqBest[a].m_vDomains[b].m_vAa[c].m_dPrompt); data/tandem-mass-201702011/src/mreport.cpp:930:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pLine[256]; data/tandem-mass-201702011/src/mreport.cpp:940:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%i.t",rand()); data/tandem-mass-201702011/src/mreport.cpp:945:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ofOut.open(strPath.c_str()); data/tandem-mass-201702011/src/mscore.cpp:1174:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"%.1f",hconvert(_hyper)); data/tandem-mass-201702011/src/mscore.cpp:1193:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq, m_State.m_pSeqS, m_lSeqLength); data/tandem-mass-201702011/src/mscore.cpp:1436:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq,m_Sap.m_pSeqTrue,m_lSeqLength); data/tandem-mass-201702011/src/mscore.cpp:1448:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq,m_Sap.m_pSeqTrue,m_lSeqLength); data/tandem-mass-201702011/src/mscore.cpp:1570:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq,m_State.m_pSeqS,m_lSeqLength); data/tandem-mass-201702011/src/mscore.cpp:1576:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq,m_State.m_pSeqS,m_lSeqLength); data/tandem-mass-201702011/src/mscore.cpp:1650:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq, m_State.m_pSeqS, m_lSeqLength); data/tandem-mass-201702011/src/mscore.cpp:1674:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq, m_State.m_pSeqS, m_lSeqLength); data/tandem-mass-201702011/src/mscore.cpp:1942:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq,_s,_l+1); data/tandem-mass-201702011/src/mscore.cpp:2145:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_psPermute.m_pSeq,m_pSeq,m_lSeqLength+1); data/tandem-mass-201702011/src/mscore.cpp:2153:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq,m_psPermute.m_pSeq, m_lSeqLength + 1); data/tandem-mass-201702011/src/mscore.cpp:2162:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq,strTemp.c_str(), m_lSeqLength + 1); data/tandem-mass-201702011/src/mscore.cpp:2170:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_psPermute.m_pPerm + 1,m_pSeq,m_lSeqLength); data/tandem-mass-201702011/src/mscore.cpp:2173:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_pSeq,m_psPermute.m_pPerm,m_lSeqLength); data/tandem-mass-201702011/src/mscorepam.h:150:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(m_pAa,"ACDEFGHKLMNPQRSTVWY"); data/tandem-mass-201702011/src/msequenceserver.cpp:238:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifTest.open(xmlTax.m_vstrPaths[a].c_str()); data/tandem-mass-201702011/src/msequenceserver.cpp:519:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cl[4]; data/tandem-mass-201702011/src/msequenceserver.cpp:524:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cl[4]; data/tandem-mass-201702011/src/msequenceserver.cpp:643:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_pInput = fopen(m_strPath.c_str(),"rb"); data/tandem-mass-201702011/src/msequenceserver.cpp:666:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_pInput = fopen(m_strPath.c_str(),"r"); data/tandem-mass-201702011/src/msequtilities.cpp:418:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cValue[128]; data/tandem-mass-201702011/src/msequtilities.cpp:442:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iDepth = atoi(cValue); data/tandem-mass-201702011/src/msequtilities.cpp:546:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cValue[128]; data/tandem-mass-201702011/src/msequtilities.cpp:569:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iDepth = atoi(cValue); data/tandem-mass-201702011/src/msequtilities.cpp:981:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifIn.open(_p.c_str()); data/tandem-mass-201702011/src/mspectrumcondition.cpp:493:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_tMaxPeaks = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mspectrumcondition.cpp:498:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_lMinSize = atoi(strValue.c_str()); data/tandem-mass-201702011/src/mzid_report.cpp:178:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_ofOut.open(m_strPath.c_str()); data/tandem-mass-201702011/src/mzid_report.cpp:366:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iScan = atoi(strScan.c_str()); data/tandem-mass-201702011/src/mzid_report.cpp:378:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%i_%i_%i", (int)_vs[a].m_tId,(int)(b+1),(int)(c+1)); data/tandem-mass-201702011/src/mzid_report.cpp:408:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.4lf",dProton + (_vs[a].m_vseqBest[vtB[x]].m_vDomains[vtC[x]].m_dMH - dProton)/(double)(_vs[a].m_fZ)); data/tandem-mass-201702011/src/mzid_report.cpp:410:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.4lf",dProton + (_vs[a].m_dMH - dProton)/(double)(_vs[a].m_fZ)); data/tandem-mass-201702011/src/mzid_report.cpp:417:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%i_%i_%i",(int)_vs[a].m_tId,(int)(b+1),(int)(c+1)); data/tandem-mass-201702011/src/mzid_report.cpp:429:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.1e",_vs[a].m_hHyper.expect(m_Score.hconvert(_vs[a].m_vseqBest[0].m_vDomains[0].m_fHyper))); data/tandem-mass-201702011/src/mzid_report.cpp:634:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%i_%i_%i",(int)_vs[a].m_tId, (int)(b+1), (int)(c+1)); data/tandem-mass-201702011/src/mzid_report.cpp:714:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"<Peptide id=\"Pep_"); data/tandem-mass-201702011/src/mzid_report.cpp:716:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%i_%i_%i",(int)_vs[a].m_tId,(int)(b+1),(int)(c+1)); data/tandem-mass-201702011/src/mzid_report.cpp:719:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"\">\n"); data/tandem-mass-201702011/src/mzid_report.cpp:728:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%.4lf",_vs[a].m_vseqBest[b].m_vDomains[c].m_vAa[d].m_dMod); data/tandem-mass-201702011/src/mzid_report.cpp:733:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"%i",_vs[a].m_vseqBest[b].m_vDomains[c].m_vAa[d].m_lPos - _vs[a].m_vseqBest[b].m_vDomains[c].m_lS+1); data/tandem-mass-201702011/src/p3msequenceserver.cpp:174:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifTest.open(strTest.c_str()); data/tandem-mass-201702011/src/p3msequenceserver.cpp:209:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_pInput = fopen(m_strPath.c_str(),"rb"); data/tandem-mass-201702011/src/p3msequenceserver.cpp:254:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifTest.open(xmlTax.m_vstrPaths[a].c_str()); data/tandem-mass-201702011/src/saxbiomlhandler.cpp:168:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_seqCurrent.m_tUid = (size_t)atoi(strValue.c_str()); data/tandem-mass-201702011/src/saxgamlhandler.cpp:180:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_tId = atoi(getAttrValue("id", attr)); data/tandem-mass-201702011/src/saxgamlhandler.cpp:182:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_precursorCharge = atoi(getAttrValue("z", attr)); data/tandem-mass-201702011/src/saxgamlhandler.cpp:195:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_peaksCount = atoi(getAttrValue("numvalues", attr)); data/tandem-mass-201702011/src/saxhandler.cpp:202:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* pfIn = fopen(m_strFileName.data(), "r"); data/tandem-mass-201702011/src/saxhandler.cpp:208:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8192]; data/tandem-mass-201702011/src/saxhandler.cpp:411:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char* pDecoded = (char *) new char[size]; data/tandem-mass-201702011/src/saxhandler.cpp:469:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char* pDecoded = (char *) new char[size]; data/tandem-mass-201702011/src/saxhandler.cpp:656:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/tandem-mass-201702011/src/saxhandler.cpp:657:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d", m_scanNum); data/tandem-mass-201702011/src/saxhandler.cpp:660:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d", (int)m_specCurrent.m_fZ); data/tandem-mass-201702011/src/saxmzdatahandler.cpp:54:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_scanNum = atoi(getAttrValue("id", attr)); data/tandem-mass-201702011/src/saxmzdatahandler.cpp:66:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if( (m_cidLevel = atoi(getAttrValue("msLevel", attr))) == 2 ) data/tandem-mass-201702011/src/saxmzdatahandler.cpp:82:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_precursorCharge = atoi(value); data/tandem-mass-201702011/src/saxmzdatahandler.cpp:94:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_precursorCharge = atoi(value); data/tandem-mass-201702011/src/saxmzdatahandler.cpp:100:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_precursorCharge = atoi(value); data/tandem-mass-201702011/src/saxmzdatahandler.cpp:119:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_peaksCount = atoi(getAttrValue("length", attr)); data/tandem-mass-201702011/src/saxmzmlhandler.cpp:65:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_scanNum = atoi(getAttrValue("index", attr)); data/tandem-mass-201702011/src/saxmzmlhandler.cpp:72:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int iLevel = atoi(getAttrValue("msLevel", attr)); data/tandem-mass-201702011/src/saxmzmlhandler.cpp:76:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_peaksCount = atoi(getAttrValue("defaultArrayLength", attr)); data/tandem-mass-201702011/src/saxmzmlhandler.cpp:129:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(atoi(getAttrValue("arrayLength", attr)) > 0) { data/tandem-mass-201702011/src/saxmzmlhandler.cpp:130:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_peaksCount = atoi(getAttrValue("arrayLength", attr)); data/tandem-mass-201702011/src/saxmzmlhandler.cpp:172:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_precursorCharge = atoi(value); data/tandem-mass-201702011/src/saxmzmlhandler.cpp:180:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pLine[256]; data/tandem-mass-201702011/src/saxmzmlhandler.cpp:181:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"PT%.3lfS",60.0*atof(value)); data/tandem-mass-201702011/src/saxmzmlhandler.cpp:190:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pLine[256]; data/tandem-mass-201702011/src/saxmzmlhandler.cpp:191:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pLine,"INT%.3e",atof(value)); data/tandem-mass-201702011/src/saxmzxmlhandler.cpp:40:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if((m_cidLevel = atoi(getAttrValue("msLevel", attr))) == 2) data/tandem-mass-201702011/src/saxmzxmlhandler.cpp:46:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_scanNum = atoi(getAttrValue("num", attr)); data/tandem-mass-201702011/src/saxmzxmlhandler.cpp:52:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_peaksCount = atoi(getAttrValue("peaksCount", attr)); data/tandem-mass-201702011/src/saxmzxmlhandler.cpp:71:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_precursorCharge = atoi(getAttrValue("precursorCharge", attr)); data/tandem-mass-201702011/src/saxsaphandler.cpp:167:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). m_pairItem.first = atoi(strValue.c_str()); data/tandem-mass-201702011/src/saxtandeminputhandler.cpp:181:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifXml.open(m_strXmlPath.c_str()); data/tandem-mass-201702011/src/loadmspectrum.cpp:552:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pLine) == 255) { data/tandem-mass-201702011/src/loadmspectrum.cpp:696:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(pValue != nullptr && strlen(pValue) > 2) { data/tandem-mass-201702011/src/loadmspectrum.cpp:747:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pLine) == 255) { data/tandem-mass-201702011/src/loadmspectrum.cpp:822:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pLine) == 255) { data/tandem-mass-201702011/src/loadmspectrum.cpp:887:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(pValue != nullptr && strlen(pValue) > 2) { data/tandem-mass-201702011/src/loadmspectrum.cpp:952:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pLine) == 255) { data/tandem-mass-201702011/src/loadmspectrum.cpp:1017:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pLine) == 255) { data/tandem-mass-201702011/src/mcleave.h:147:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(m_pCCleave,"P"); data/tandem-mass-201702011/src/mmotif.h:168:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(_p) == 0) { data/tandem-mass-201702011/src/mmotif.h:171:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(m_pMotif,""); data/tandem-mass-201702011/src/mmotif.h:181:4: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(m_pMotif,"X"); data/tandem-mass-201702011/src/mmotif.h:184:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *pValue = new char[strlen(_p)+1]; data/tandem-mass-201702011/src/mmotif.h:281:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(_p) == 0) { data/tandem-mass-201702011/src/mmotif.h:297:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t tEnd = strlen(pStart); data/tandem-mass-201702011/src/mprocess.cpp:1793:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long lOutLimit = (long)strlen(pOut); data/tandem-mass-201702011/src/mprocess.cpp:2774:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tPos += strlen("|source="); data/tandem-mass-201702011/src/mprocess.cpp:2952:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tPos += strlen("|source="); data/tandem-mass-201702011/src/mprocess.cpp:3125:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tPos += strlen("|source="); data/tandem-mass-201702011/src/mprocess.cpp:4224:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pValue) == 1023) { data/tandem-mass-201702011/src/mprocess.cpp:4231:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pValue) == 1023 && !strchr(pValue,'<')) { data/tandem-mass-201702011/src/mscore.cpp:1010:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cRes = m_pSeq[strlen(m_pSeq) - 1]; data/tandem-mass-201702011/src/mscore.cpp:1013:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). aaValue.m_lPos = (unsigned int)(_a + strlen(m_pSeq) - 1); data/tandem-mass-201702011/src/mscorepam.h:151:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_tAaTotal = strlen(m_pAa); data/tandem-mass-201702011/src/mscorepam.h:184:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_tLength = strlen(_p); data/tandem-mass-201702011/src/mscorepam.h:297:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_tLength = strlen(_p); data/tandem-mass-201702011/src/mscorepam.h:338:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). m_tLength = strlen(_p); data/tandem-mass-201702011/src/msequenceserver.cpp:310:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pValue += strlen(pValue); data/tandem-mass-201702011/src/msequenceserver.cpp:321:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(m_lSize - strlen(m_pLine) < 1024) { data/tandem-mass-201702011/src/msequenceserver.cpp:327:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pValue = m_pLine + strlen(m_pLine); data/tandem-mass-201702011/src/msequenceserver.cpp:346:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pEol = pValue + strlen(pValue) - 1; data/tandem-mass-201702011/src/msequenceserver.cpp:588:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pEol = pLine + strlen(pLine) - 1; data/tandem-mass-201702011/src/msequenceserver.cpp:659:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pV) > 0) { data/tandem-mass-201702011/src/msequenceserver.cpp:698:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pEol = m_pLine + strlen(m_pLine) - 1; data/tandem-mass-201702011/src/mzid_report.cpp:533:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(pMass,""); data/tandem-mass-201702011/src/saxmzdatahandler.cpp:120:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(getAttrValue("endian", attr)) > 0) { data/tandem-mass-201702011/src/saxmzdatahandler.cpp:123:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(getAttrValue("precision", attr)) > 0) { data/tandem-mass-201702011/src/saxmzdatahandler.cpp:131:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(getAttrValue("endian", attr)) > 0) { data/tandem-mass-201702011/src/saxmzdatahandler.cpp:134:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(getAttrValue("precision", attr)) > 0) { data/tandem-mass-201702011/src/saxmzxmlhandler.cpp:61:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pcompressionType) != 0 && !strstr(pcompressionType,"none")) { ANALYSIS SUMMARY: Hits = 300 Lines analyzed = 35182 in approximately 1.44 seconds (24435 lines/second) Physical Source Lines of Code (SLOC) = 19165 Hits@level = [0] 32 [1] 39 [2] 239 [3] 1 [4] 21 [5] 0 Hits@level+ = [0+] 332 [1+] 300 [2+] 261 [3+] 22 [4+] 21 [5+] 0 Hits/KSLOC@level+ = [0+] 17.3232 [1+] 15.6535 [2+] 13.6186 [3+] 1.14793 [4+] 1.09575 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.