From c8c5007a5830d9095f14fca352b0c140e2411390 Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 16:56:56 +0100
Subject: [PATCH 01/12] Potential fix for code scanning alert no. 28: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/28

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 ssm/ssm_graph.cpp | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ssm/ssm_graph.cpp b/ssm/ssm_graph.cpp
index 1819f86..664cce6 100644
--- a/ssm/ssm_graph.cpp
+++ b/ssm/ssm_graph.cpp
@@ -314,11 +314,14 @@ PPVertex V1;
   if (nVertices>=nVAlloc)  {
     nV1 = nVertices + 20;
     V1  = new PVertex[nV1];
-    for (i=0;i<nVAlloc;i++)
+    for (i=0;i<nVertices;i++)
       V1[i] = V[i];
-    for (i=nVAlloc;i<nV1;i++)
+    for (i=nVertices;i<nV1;i++)
       V1[i] = NULL;
-    if (V)  delete[] V;
+    if (V)  {
+      delete[] V;
+      V = NULL;
+    }
     V       = V1;
     nVAlloc = nV1;
   }

From 710d7e185d45c90c702705caffb2a9f7fcc200af Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 17:00:08 +0100
Subject: [PATCH 02/12] Potential fix for code scanning alert no. 27: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/27

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 mmdb2/mmdb_root.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/mmdb2/mmdb_root.cpp b/mmdb2/mmdb_root.cpp
index 138896a..ae0745d 100644
--- a/mmdb2/mmdb_root.cpp
+++ b/mmdb2/mmdb_root.cpp
@@ -2040,7 +2040,10 @@ namespace mmdb  {
         Mdl[i] = model[i];
       for (i=nModels;i<nM;i++)
         Mdl[i] = NULL;
-      if (model) delete[] model;
+      if (model)  {
+        delete[] model;
+        model = NULL;
+      }
       model   = Mdl;
       nModels = nM;
       if (Transfer)  {
@@ -2049,6 +2052,8 @@ namespace mmdb  {
       }
     }
 
+    if (!model)
+      return Error_GeneralError1;
     if (!model[nM-1])
       model[nM-1] = newModel();
     model[nM-1]->SetMMDBManager ( PManager(this),nM );

From 4aa2d6d0d72348f0a60c96ad7e6424b42aa6852e Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 17:05:55 +0100
Subject: [PATCH 03/12] Potential fix for code scanning alert no. 25: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/25

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 pisalib/pisa_engine.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/pisalib/pisa_engine.cpp b/pisalib/pisa_engine.cpp
index 2330c2c..0d39af0 100644
--- a/pisalib/pisa_engine.cpp
+++ b/pisalib/pisa_engine.cpp
@@ -1883,14 +1883,16 @@ namespace pisa  {
     if (k<0)  {
 
       if (nMultSets>=nMultSetAlloc)  {
+        PMultimerSet *oldMultSet;
         nMultSetAlloc += 100;
         US = new PMultimerSet[nMultSetAlloc];
         for (i=0;i<nMultSets;i++)
           US[i] = multSet[i];
         for (i=nMultSets;i<nMultSetAlloc;i++)
           US[i] = NULL;
-        delete[] multSet;
-        multSet = US;
+        oldMultSet = multSet;
+        multSet    = US;
+        delete[] oldMultSet;
       }
 
       if (!multSet[nMultSets])  multSet[nMultSets] = new MultimerSet();

From 855e7cc967823a14bdc2d70f9864b6627c2e100d Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 20:50:08 +0100
Subject: [PATCH 04/12] Potential fix for code scanning alert no. 21: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/21

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 pisalib/pisa_asmstock.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pisalib/pisa_asmstock.cpp b/pisalib/pisa_asmstock.cpp
index 6a70726..5eaca28 100755
--- a/pisalib/pisa_asmstock.cpp
+++ b/pisalib/pisa_asmstock.cpp
@@ -100,7 +100,7 @@ namespace pisa  {
     if (t<0)
       return UnknownType;
 
-    if (t>nAssemblies)  {
+    if (t>=nAssemblies)  {
       n1 = t + 10;
       A1 = new PAssembly[n1];
       mmdb::GetVectorMemory ( c1,n1,0 );

From 3de15a6ec5ee0d47c42d81879d5b05c525a51747 Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 20:51:01 +0100
Subject: [PATCH 05/12] Potential fix for code scanning alert no. 20: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/20

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 pisalib/pisa_asmstock.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pisalib/pisa_asmstock.cpp b/pisalib/pisa_asmstock.cpp
index 5eaca28..3926609 100755
--- a/pisalib/pisa_asmstock.cpp
+++ b/pisalib/pisa_asmstock.cpp
@@ -117,6 +117,7 @@ namespace pisa  {
       mmdb::FreeVectorMemory ( count,0 );
       count = c1;
       nAssemblies = n1;
+      nAsmAlloc   = n1;
     }
 
     if (!A[t])  {

From e99f02a792b51c980bd6021219fcbfcc58d52f13 Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 20:51:30 +0100
Subject: [PATCH 06/12] Potential fix for code scanning alert no. 19: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/19

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 mmdb2/mmdb_xml_.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/mmdb2/mmdb_xml_.cpp b/mmdb2/mmdb_xml_.cpp
index 7a49997..22b998b 100644
--- a/mmdb2/mmdb_xml_.cpp
+++ b/mmdb2/mmdb_xml_.cpp
@@ -540,23 +540,24 @@ namespace mmdb  {
     }
 
     void  XMLObject::AddObject ( PXMLObject XMLObject, int lenInc )  {
-    PPXMLObject obj1;
+    PPXMLObject obj1, oldObject;
     int         i;
 
       if (!XMLObject)  return;
 
       if (nObjects>=nAlloc)  {
+        if (lenInc<=0)  lenInc = 1;
         nAlloc += lenInc;
         obj1 = new PXMLObject[nAlloc];
         for (i=0;i<nObjects;i++)
           obj1[i] = object[i];
         for (i=nObjects;i<nAlloc;i++)
           obj1[i] = NULL;
-        if (object)  delete[] object;
-        object = obj1;
+        oldObject = object;
+        object    = obj1;
+        if (oldObject)  delete[] oldObject;
       }
 
-      if (object[nObjects])  delete object[nObjects];
       object[nObjects] = XMLObject;
       XMLObject->SetParent ( this );
       nObjects++;

From ae66f099a91ca49b99f1914a568ba9f1766ad535 Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 20:53:25 +0100
Subject: [PATCH 07/12] Potential fix for code scanning alert no. 17: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/17

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 mmdb2/mmdb_math_graph.cpp | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/mmdb2/mmdb_math_graph.cpp b/mmdb2/mmdb_math_graph.cpp
index b927665..7729c86 100644
--- a/mmdb2/mmdb_math_graph.cpp
+++ b/mmdb2/mmdb_math_graph.cpp
@@ -490,16 +490,18 @@ namespace mmdb  {
     void  Graph::AddVertex ( PVertex V )  {
     int        i;
     PVertex * V1;
+    PVertex * oldVertex;
 
       if (nAllVertices>=nVAlloc)  {
-        nVAlloc += AllocPortion;
-        V1       = new PVertex[nVAlloc];
+        oldVertex = vertex;
+        nVAlloc  += AllocPortion;
+        V1        = new PVertex[nVAlloc];
         for (i=0;i<nAllVertices;i++)
-          V1[i] = vertex[i];
+          V1[i] = oldVertex[i];
         for (i=nAllVertices;i<nVAlloc;i++)
           V1[i] = NULL;
-        if (vertex)  delete[] vertex;
         vertex = V1;
+        if (oldVertex)  delete[] oldVertex;
       }
       if (vertex[nAllVertices])
         delete vertex[nAllVertices];

From 4978c114981b71f8263566b7c0a80c2f89897ef4 Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 20:56:10 +0100
Subject: [PATCH 08/12] Potential fix for code scanning alert no. 15: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/15

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 mmdb2/mmdb_math_graph.cpp | 2 --
 1 file changed, 2 deletions(-)

diff --git a/mmdb2/mmdb_math_graph.cpp b/mmdb2/mmdb_math_graph.cpp
index 7729c86..131c0ba 100644
--- a/mmdb2/mmdb_math_graph.cpp
+++ b/mmdb2/mmdb_math_graph.cpp
@@ -598,8 +598,6 @@ namespace mmdb  {
         if (edge)  delete[] edge;
         edge = G1;
       }
-      if (edge[nAllEdges])
-        delete edge[nAllEdges];
       edge[nAllEdges] = G;
       nAllEdges++;
       nEdges = nAllEdges;

From 0730b0ace117428932b865ec3e267f4943d3d2c7 Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 20:57:43 +0100
Subject: [PATCH 09/12] Potential fix for code scanning alert no. 13: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/13

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 mmdb2/mmdb_math_graph.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/mmdb2/mmdb_math_graph.cpp b/mmdb2/mmdb_math_graph.cpp
index 131c0ba..de28623 100644
--- a/mmdb2/mmdb_math_graph.cpp
+++ b/mmdb2/mmdb_math_graph.cpp
@@ -2216,7 +2216,10 @@ namespace mmdb  {
             M1[i] = Match[i];
           for (i=nMatches;i<nMAlloc;i++)
             M1[i] = NULL;
-          if (Match)  delete[] Match;
+          if (Match)  {
+            delete[] Match;
+            Match = NULL;
+          }
           Match = M1;
         } else
           nMatches--;

From 00af927278fc8b43d0a8efdd778267df1503ca53 Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 20:58:15 +0100
Subject: [PATCH 10/12] Potential fix for code scanning alert no. 12: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/12

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 mmdb2/mmdb_io_file.cpp | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/mmdb2/mmdb_io_file.cpp b/mmdb2/mmdb_io_file.cpp
index 3928eba..4e93e91 100644
--- a/mmdb2/mmdb_io_file.cpp
+++ b/mmdb2/mmdb_io_file.cpp
@@ -1090,17 +1090,27 @@ namespace mmdb  {
 
         Cnt = BufCnt + Count;
         if (Cnt>BufLen)  {
-          Cnt += BufInc;
-          IOB = new char[Cnt];
-          if (IOBuf)  {
-            memcpy ( IOB,IOBuf,BufCnt );
-            delete[] IOBuf;
+          long newLen = (long)Cnt + (long)BufInc;
+          pstr oldBuf = IOBuf;
+          IOB = new char[newLen];
+          if ((IOB==NULL) && (newLen>0))  {
+            IOSuccess = false;
+            return false;
           }
+          if ((oldBuf) && (BufCnt>0))
+            memcpy ( IOB,oldBuf,BufCnt );
           IOBuf  = IOB;
-          BufLen = Cnt;
+          BufLen = (word)newLen;
           ownBuf = true;
+          if (oldBuf)
+            delete[] oldBuf;
+        }
+        if ((Count>0) && (IOBuf==NULL))  {
+          IOSuccess = false;
+          return false;
         }
-        memcpy ( &(IOBuf[BufCnt]),Buffer,Count );
+        if (Count>0)
+          memcpy ( &(IOBuf[BufCnt]),Buffer,Count );
         BufCnt += Count;
         FLength = BufCnt;
         IOSuccess = true;

From 639e4706da84c4f3783f991dce454d6db271c4f4 Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 20:59:13 +0100
Subject: [PATCH 11/12] Potential fix for code scanning alert no. 11: Potential
 use after free

https://github.com/PDBe-KB/pisa/security/code-scanning/11

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 ccp4srs/ccp4srs_container.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ccp4srs/ccp4srs_container.h b/ccp4srs/ccp4srs_container.h
index f4faa22..8187829 100644
--- a/ccp4srs/ccp4srs_container.h
+++ b/ccp4srs/ccp4srs_container.h
@@ -62,6 +62,9 @@ namespace ccp4srs  {
         n_alloc   = 0;
       }
 
+      Container ( const Container & ) = delete;
+      Container & operator = ( const Container & ) = delete;
+
       virtual ~Container()  {
         empty();
       }

From ed133e96667ad522f680e90fd18cb4768b2d8efd Mon Sep 17 00:00:00 2001
From: Mihai Todor <todor@ebi.ac.uk>
Date: Thu, 11 Jun 2026 21:00:30 +0100
Subject: [PATCH 12/12] Potential fix for code scanning alert no. 29:
 Multiplication result converted to larger type

https://github.com/PDBe-KB/pisa/security/code-scanning/29

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 pisalib/chem_equilibrium.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pisalib/chem_equilibrium.cpp b/pisalib/chem_equilibrium.cpp
index 9ad0b6b..30c0e07 100755
--- a/pisalib/chem_equilibrium.cpp
+++ b/pisalib/chem_equilibrium.cpp
@@ -224,7 +224,7 @@ long double mass1,M,dmass1,dmass2;
 double      lnC1,lnC2;
 int         n;
 
-  M = totalMass*species[speciesNo]->alpha;
+  M = static_cast<long double>(totalMass) * species[speciesNo]->alpha;
 
   lnC1  = species[speciesNo]->lnC;
   lnC2  = lnC1;