Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/edtsurf-0.2009/ParsePDB.h Examining data/edtsurf-0.2009/ParsePDB.cpp Examining data/edtsurf-0.2009/ProteinSurface.cpp Examining data/edtsurf-0.2009/CommonPara.h Examining data/edtsurf-0.2009/ProteinSurface.h Examining data/edtsurf-0.2009/EDTSurf.cpp FINAL RESULTS: data/edtsurf-0.2009/EDTSurf.cpp:62:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(inname,argv[i+1]); data/edtsurf-0.2009/EDTSurf.cpp:77:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tpname,argv[i+1]); data/edtsurf-0.2009/EDTSurf.cpp:354:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s_atom.dep",tpname); data/edtsurf-0.2009/EDTSurf.cpp:363:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s_res.dep",tpname); data/edtsurf-0.2009/EDTSurf.cpp:400:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s-cav.pdb",tpname); data/edtsurf-0.2009/EDTSurf.cpp:408:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s.ply",tpname); data/edtsurf-0.2009/EDTSurf.cpp:413:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename,"%s.asa",tpname); data/edtsurf-0.2009/ParsePDB.cpp:1465:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(oldline,oneline); data/edtsurf-0.2009/ParsePDB.cpp:1519:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpname,tmpn); data/edtsurf-0.2009/ParsePDB.cpp:1525:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmpname,tmpn); data/edtsurf-0.2009/CommonPara.h:38:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char mycolor[19][4]={128,128,128,220, data/edtsurf-0.2009/CommonPara.h:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char detailtype[5]; // cg data/edtsurf-0.2009/CommonPara.h:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char residue[3]; // leu data/edtsurf-0.2009/CommonPara.h:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curratom[4],prevatom[4]; data/edtsurf-0.2009/CommonPara.h:106:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char initid[3],endid[3]; data/edtsurf-0.2009/CommonPara.h:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char initatom[4],endatom[4]; data/edtsurf-0.2009/CommonPara.h:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char initatom[4],endatom[4]; data/edtsurf-0.2009/CommonPara.h:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char initatom[4],endatom[4]; data/edtsurf-0.2009/CommonPara.h:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sitename[3]; data/edtsurf-0.2009/CommonPara.h:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char aminoid[4]; data/edtsurf-0.2009/CommonPara.h:143:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chainid[4]; data/edtsurf-0.2009/EDTSurf.cpp:19:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inname[200]; data/edtsurf-0.2009/EDTSurf.cpp:20:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tpname[200]; data/edtsurf-0.2009/EDTSurf.cpp:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[200]; data/edtsurf-0.2009/EDTSurf.cpp:52:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tpname,"out"); data/edtsurf-0.2009/EDTSurf.cpp:92:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tval=atoi(argv[i+1]); data/edtsurf-0.2009/EDTSurf.cpp:113:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tval=atoi(argv[i+1]); data/edtsurf-0.2009/EDTSurf.cpp:136:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tval=atoi(argv[i+1]); data/edtsurf-0.2009/EDTSurf.cpp:158:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int tval=atoi(argv[i+1]); data/edtsurf-0.2009/EDTSurf.cpp:356:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file=fopen(filename,"wt"); data/edtsurf-0.2009/EDTSurf.cpp:364:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file=fopen(filename,"wt"); data/edtsurf-0.2009/ParsePDB.cpp:265:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpstr[255]; data/edtsurf-0.2009/ParsePDB.cpp:271:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temnum[5]; data/edtsurf-0.2009/ParsePDB.cpp:293:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tempnum=atoi(temnum); data/edtsurf-0.2009/ParsePDB.cpp:305:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpstr,"ideal%d,actual%d,ideal%d,chain%d",tempnum,indexchain, data/edtsurf-0.2009/ParsePDB.cpp:311:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temami[3]; data/edtsurf-0.2009/ParsePDB.cpp:347:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temami[3]; data/edtsurf-0.2009/ParsePDB.cpp:383:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cid[2]; data/edtsurf-0.2009/ParsePDB.cpp:386:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int id=atoi(cid)-1; data/edtsurf-0.2009/ParsePDB.cpp:388:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temxyz[10],temtran[10]; data/edtsurf-0.2009/ParsePDB.cpp:410:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cid[2]; data/edtsurf-0.2009/ParsePDB.cpp:413:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int id=atoi(cid)-1; data/edtsurf-0.2009/ParsePDB.cpp:415:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temxyz[10],temtran[10]; data/edtsurf-0.2009/ParsePDB.cpp:437:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cid[2]; data/edtsurf-0.2009/ParsePDB.cpp:440:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int id=atoi(cid)-1; data/edtsurf-0.2009/ParsePDB.cpp:442:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temxyz[10],temtran[10]; data/edtsurf-0.2009/ParsePDB.cpp:474:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temami[3],temchainid,temamiindex[5],temclass[3]; data/edtsurf-0.2009/ParsePDB.cpp:489:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). amiindex=atoi(temamiindex); data/edtsurf-0.2009/ParsePDB.cpp:504:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). amiindex=atoi(temamiindex); data/edtsurf-0.2009/ParsePDB.cpp:512:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). helclass=atoi(temclass); data/edtsurf-0.2009/ParsePDB.cpp:514:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temlength[6]; data/edtsurf-0.2009/ParsePDB.cpp:520:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temleng=atoi(temlength); data/edtsurf-0.2009/ParsePDB.cpp:542:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temami[3],temchainid,temamiindex[5],temclass[3]; data/edtsurf-0.2009/ParsePDB.cpp:557:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). amiindex=atoi(temamiindex); data/edtsurf-0.2009/ParsePDB.cpp:572:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). amiindex=atoi(temamiindex); data/edtsurf-0.2009/ParsePDB.cpp:580:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sheclass=atoi(temclass); data/edtsurf-0.2009/ParsePDB.cpp:598:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). amiindex=atoi(temamiindex); data/edtsurf-0.2009/ParsePDB.cpp:617:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). amiindex=atoi(temamiindex); data/edtsurf-0.2009/ParsePDB.cpp:638:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temami[3],temchainid,temamiindex[5]; data/edtsurf-0.2009/ParsePDB.cpp:652:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). amiindex=atoi(temamiindex); data/edtsurf-0.2009/ParsePDB.cpp:667:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). amiindex=atoi(temamiindex); data/edtsurf-0.2009/ParsePDB.cpp:687:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temchainid,temamiindex[5]; data/edtsurf-0.2009/ParsePDB.cpp:704:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). amiindex=atoi(temamiindex); data/edtsurf-0.2009/ParsePDB.cpp:721:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). amiindex=atoi(temamiindex); data/edtsurf-0.2009/ParsePDB.cpp:743:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temnumc[5]; data/edtsurf-0.2009/ParsePDB.cpp:750:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temnumi=atoi(temnumc); data/edtsurf-0.2009/ParsePDB.cpp:758:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temnumi=atoi(temnumc); data/edtsurf-0.2009/ParsePDB.cpp:782:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temami[3],temseq[5]; data/edtsurf-0.2009/ParsePDB.cpp:795:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temseqi=atoi(temseq); data/edtsurf-0.2009/ParsePDB.cpp:813:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temseqi=atoi(temseq); data/edtsurf-0.2009/ParsePDB.cpp:838:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temami[3],temseq[5]; data/edtsurf-0.2009/ParsePDB.cpp:851:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temseqi=atoi(temseq); data/edtsurf-0.2009/ParsePDB.cpp:869:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temseqi=atoi(temseq); data/edtsurf-0.2009/ParsePDB.cpp:890:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temnumc[5],temami[3]; data/edtsurf-0.2009/ParsePDB.cpp:903:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temnumi=atoi(temnumc); data/edtsurf-0.2009/ParsePDB.cpp:917:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temnumi=atoi(temnumc); data/edtsurf-0.2009/ParsePDB.cpp:943:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temnumc[3]; data/edtsurf-0.2009/ParsePDB.cpp:950:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temnum=atoi(temnumc); data/edtsurf-0.2009/ParsePDB.cpp:952:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temami[3],temseq[5]; data/edtsurf-0.2009/ParsePDB.cpp:968:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). temseqi=atoi(temseq); data/edtsurf-0.2009/ParsePDB.cpp:980:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempnum[5]; data/edtsurf-0.2009/ParsePDB.cpp:987:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tempnumi=atoi(tempnum); data/edtsurf-0.2009/ParsePDB.cpp:1022:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempnum[6],tempami[3],tempindex[5],tempid; data/edtsurf-0.2009/ParsePDB.cpp:1031:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tempnumi=atoi(tempnum); data/edtsurf-0.2009/ParsePDB.cpp:1042:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). tempindexi=atoi(tempindex); data/edtsurf-0.2009/ParsePDB.cpp:1096:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempseq[6]; data/edtsurf-0.2009/ParsePDB.cpp:1104:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). proseq[numproseq].seqno=atoi(tempseq); data/edtsurf-0.2009/ParsePDB.cpp:1200:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempresnum[5]; data/edtsurf-0.2009/ParsePDB.cpp:1208:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). proseq[numproseq].resno =atoi(tempresnum); data/edtsurf-0.2009/ParsePDB.cpp:1355:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oneline[255]; data/edtsurf-0.2009/ParsePDB.cpp:1357:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). filein = fopen(pdbfile, "rt"); data/edtsurf-0.2009/ParsePDB.cpp:1459:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldline[255];oldline[0]='\0'; data/edtsurf-0.2009/ParsePDB.cpp:1495:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpname[20],tmpn[3]; data/edtsurf-0.2009/ParsePDB.cpp:1514:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpname,".pdb"); data/edtsurf-0.2009/ParsePDB.cpp:1518:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpn,"0%d",i); data/edtsurf-0.2009/ParsePDB.cpp:1520:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpname,".pdb"); data/edtsurf-0.2009/ParsePDB.cpp:1524:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmpn,"%d",i); data/edtsurf-0.2009/ParsePDB.cpp:1526:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tmpname,".pdb"); data/edtsurf-0.2009/ParsePDB.cpp:1528:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile=fopen(tmpname,"wr"); data/edtsurf-0.2009/ParsePDB.cpp:1533:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpatom[4]; data/edtsurf-0.2009/ParsePDB.h:24:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pdbname[5]; data/edtsurf-0.2009/ParsePDB.h:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char headidchain[maxnumchains];// id of chains data/edtsurf-0.2009/ParsePDB.h:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *aminoinchain[maxnumchains];// aminos in each chain data/edtsurf-0.2009/ProteinSurface.cpp:855:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arrin,arrout,vertnumber*sizeof(int)); data/edtsurf-0.2009/ProteinSurface.cpp:880:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chaincolor[256]; data/edtsurf-0.2009/ProteinSurface.cpp:887:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file=fopen(filename,"wt"); data/edtsurf-0.2009/ProteinSurface.cpp:1072:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (stream =fopen(filename,"w+t"))== NULL) data/edtsurf-0.2009/ProteinSurface.cpp:1308:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream =fopen(filename,"w+t"); data/edtsurf-0.2009/ProteinSurface.cpp:1330:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if( (stream =fopen(filename,"w+t"))== NULL) data/edtsurf-0.2009/ProteinSurface.h:20:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char vcmcoffset[8][3] = data/edtsurf-0.2009/ProteinSurface.h:284:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char a2fVertexOffset[8][3] = data/edtsurf-0.2009/ProteinSurface.h:290:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char a2iEdgeConnection[12][2] = data/edtsurf-0.2009/EDTSurf.cpp:224:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=strlen(inname); data/edtsurf-0.2009/EDTSurf.cpp:232:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tpname,inname,lpre+1); ANALYSIS SUMMARY: Hits = 114 Lines analyzed = 9062 in approximately 0.43 seconds (21162 lines/second) Physical Source Lines of Code (SLOC) = 7865 Hits@level = [0] 128 [1] 2 [2] 102 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 242 [1+] 114 [2+] 112 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 30.7692 [1+] 14.4946 [2+] 14.2403 [3+] 1.27146 [4+] 1.27146 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.