IUPAC-InChI · JanCBrammer · Feb 12, 2026 · Jan 31, 2026 · Jan 31, 2026 · Jan 31, 2026
diff --git a/INCHI-1-DOC/CHANGELOG.md b/INCHI-1-DOC/CHANGELOG.md
@@ -1,5 +1,16 @@
 # Change log
 
+## v1.07.5 2026-02-04
+
+### Fixed
+
+- 127 `Coverity Scan` high and medium impact bugs fixed or addressed
+- GHI #189: Exception in libinchi.dll when converting some specific polymer structure
+- GHI #165, #164, #161, #160, PR #163, #162 -- initial `Coverity Scan` detections
+- `.rc` files to `CMake` build system for metadata
+- PR #138: stack buffer overflow in `CleanOrigCoord`
+- Several _Google oss-fuzz_ issues
+
 ## v1.07.4 2025-07-03
 
 ### Features
@@ -33,7 +44,7 @@
 
 - GHI #71: 32-bit InChI version requiring ibgcc_s_dw2-1.dll on Windows 32-bit platforms (thanks to Norwid Behrnd) a few bugs in the code have been detected and fixed libgcc_s_dw2-1.dll added to INCHI-1-BIN folders
 - GHI #70: Update license -- Copyright (c) 2024 IUPAC and InChI Trust instead of Copyright (c) 2024 InChI Project
-- GHI #67: GetStructFromInchi() now working in v1.07.2 (thanks to Greg Landrum) all variable initializations checked and fixed which caused this issue essential part of InChI tests from now on as all bugs reported by Paul Thiessen/Evan Bolton had the same origin 
+- GHI #67: GetStructFromInchi() now working in v1.07.2 (thanks to Greg Landrum) all variable initializations checked and fixed which caused this issue essential part of InChI tests from now on as all bugs reported by Paul Thiessen/Evan Bolton had the same origin
 - GHI #65:changing descriptions in default output for tautomerisms (thanks to Norwid Behrnd)
 - GHI #58 and #59: 7 bug fixes detected by AFL++ fuzzer (thanks to @skorpion89)
 - GHI #43: add changes to new version (thanks to Burt Leland) several very important bug fixes related to /InChI2InChI /FixedH /RecMet options
@@ -78,7 +89,7 @@
 - 33 buffer overflow issues due to use of large array dimensions
 - 157 security bugs related to improper `NULL` pointer dereferencing which might cause crashes or exits
 - 71 memory leaks
-- 530 potential applications of optional [bounds checking functions](/README.md#BCF)  
+- 530 potential applications of optional [bounds checking functions](/README.md#BCF)
 
 Additionally, 29 potential security issues have been marked for further revision.
 

diff --git a/INCHI-1-DOC/CHANGELOG.pdf b/INCHI-1-DOC/CHANGELOG.pdf
diff --git a/INCHI-1-DOC/FAQ/doc/inchi-faq.doc b/INCHI-1-DOC/FAQ/doc/inchi-faq.doc
diff --git a/INCHI-1-DOC/FAQ/doc/inchi-faq.docx b/INCHI-1-DOC/FAQ/doc/inchi-faq.docx
diff --git a/INCHI-1-DOC/FAQ/html/inchi-faq.html b/INCHI-1-DOC/FAQ/html/inchi-faq.html
@@ -143,7 +143,7 @@ <h1><acronym title="IUPAC International Chemical Identifier">InChI</acronym> FAQ
             <li>6.1. <a href="#6.1">How does InChI represent compounds with mobile H atoms (tautomerism, for example)?</a></li>
             <li>6.2. <a href="#6.2">Why is there a Fixed-H layer if tautomeric groups are shown in the main  layer?</a></li>
             <li>6.3. <a href="#6.3">Can InChI contain multiple mobile H groups in the hydrogen layer?</a></li>
-            <li>6.4. <a href="#6.4">If it seems that InChI does not recognize tatomerism in my molecule, what is the reason and how may this be corrected (if at all)?</a></li>            
+            <li>6.4. <a href="#6.4">If it seems that InChI does not recognize tautomerism in my molecule, what is the reason and how may this be corrected (if at all)?</a></li>
         </ol>
     </li>
     <!-- 7 -->
@@ -153,8 +153,8 @@ <h1><acronym title="IUPAC International Chemical Identifier">InChI</acronym> FAQ
             <li>7.2. <a href="#7.2">What is the InChI definition of a salt?</a></li>
             <li>7.3. <a href="#7.3">How does InChI represent organometallic compounds?</a></li>
             <li>7.4. <a href="#7.4">What is the difference between the salt and metal disconnection?</a></li>
-            <li>7.5. <a href="#7.5">Can a metal-reconnected layer (/r) consist of more than one entity?</a></li>            
-        </ol>        
+            <li>7.5. <a href="#7.5">Can a metal-reconnected layer (/r) consist of more than one entity?</a></li>
+        </ol>
     </li>
     <!-- 8 -->
     <li><a class="parent" href="#8">Stereochemistry</a>
@@ -178,23 +178,23 @@ <h1><acronym title="IUPAC International Chemical Identifier">InChI</acronym> FAQ
             <li>9.3. <a href="#9.3">Why may isotopic shift +0 appear in InChI?</a></li>
             <li>9.4. <a href="#9.4">Does InChI recognize the one-letter symbols of deuterium and tritium?</a></li>
             <li>9.5. <a href="#9.5">What is the ordering of D and T in the isotopic layer?</a></li>
-            <li>9.6. <a href="#9.6">Can InChI represent nuclear isomers?</a></li>            
-        </ol>        
+            <li>9.6. <a href="#9.6">Can InChI represent nuclear isomers?</a></li>
+        </ol>
     </li>
     <!-- 10 -->
     <li><a class="parent" href="#10">Charge, Protons and Radicals</a>
         <ol class="toc">
             <li>10.1. <a href="#10.1">How does InChI manage charge?</a></li>
             <li>10.2. <a href="#10.2">What does the /p layer mean?</a></li>
             <li>10.3. <a href="#10.3">Can InChI represent radicals?</a></li>
-            <li>10.4. <a href="#10.4">Can InChI represent different spin states?</a></li>            
+            <li>10.4. <a href="#10.4">Can InChI represent different spin states?</a></li>
         </ol>
     </li>
     <!-- 11 -->
     <li><a class="parent" href="#11">Other</a>
         <ol class="toc">
             <li>11.1. <a href="#11.1">What is the 'Auxiliary Information' (AuxInfo) in the InChI output?</a></li>
-            <li>11.2. <a href="#11.2">How may I see which original atom numbers correspond to InChI numbers?</a></li>            
+            <li>11.2. <a href="#11.2">How may I see which original atom numbers correspond to InChI numbers?</a></li>
         </ol>
     </li>
     <!-- 12 -->
@@ -204,7 +204,7 @@ <h1><acronym title="IUPAC International Chemical Identifier">InChI</acronym> FAQ
             <li>12.2. <a href="#12.2">Can I compare structures by looking at specific layers from their InChIs?</a></li>
             <li>12.3. <a href="#12.3">If two InChIs are the same, do they refer to the same compound?</a></li>
             <li>12.4. <a href="#12.4">If two InChIs are different, do they refer to different compounds?</a></li>
-            <li>12.5. <a href="#12.5">How can I compare similar compounds?</a></li>            
+            <li>12.5. <a href="#12.5">How can I compare similar compounds?</a></li>
         </ol>
     </li>
     <!-- 13 -->
@@ -219,7 +219,7 @@ <h1><acronym title="IUPAC International Chemical Identifier">InChI</acronym> FAQ
             <li>13.7. <a href="#13.7">Are there known InChIKey collision(s)?</a></li>
             <li>13.8. <a href="#13.8">Why does InChIKey use only 26 capital letters?</a></li>
             <li>13.9. <a href="#13.9">What is the hash function used internally for InChIKey?</a></li>
-            <li>13.10. <a href="#13.10">What if I need a longer InChI hash?</a></li>            
+            <li>13.10. <a href="#13.10">What if I need a longer InChI hash?</a></li>
         </ol>
     </li>
     <!-- 14 -->
@@ -238,7 +238,7 @@ <h1><acronym title="IUPAC International Chemical Identifier">InChI</acronym> FAQ
             <li>14.11. <a href="#14.11">Why then does the inchi-1 executable of the InChI Software generate InChI for atomic silver if the input MOL file contains just a silver atom?</a></li>
             <li>14.12. <a href="#14.12">Why does the InChI for lithium hydride lack an Li-H connection?</a></li>
             <li>14.13. <a href="#14.13">I generated Non-standard InChI for lithium hydride with RecMet option; why does it still lack Li-H connection?</a></li>
-            <li>14.14. <a href="#14.14">Why is "/s" absent in the isotopic-stereo sub-layer in the example below?</a></li>            
+            <li>14.14. <a href="#14.14">Why is "/s" absent in the isotopic-stereo sub-layer in the example below?</a></li>
         </ol>
     </li>
     <!-- 15 -->
@@ -268,7 +268,7 @@ <h1><acronym title="IUPAC International Chemical Identifier">InChI</acronym> FAQ
             <li>15.22. <a href="#15.22">What does the SUU option do?</a></li>
             <li>15.23. <a href="#15.23">What does the RecMet option do?</a></li>
             <li>15.24. <a href="#15.24">What does the FixedH option do?</a></li>
-            <li>15.25. <a href="#15.25">What does the SaveOpt option do?</a></li>            
+            <li>15.25. <a href="#15.25">What does the SaveOpt option do?</a></li>
         </ol>
     </li>
     <!-- 16 -->
@@ -282,7 +282,7 @@ <h1><acronym title="IUPAC International Chemical Identifier">InChI</acronym> FAQ
             <li>16.6. <a href="#16.6">Does InChI require all atoms including hydrogens in the input?</a></li>
             <li>16.7. <a href="#16.7">What are the problems if I can't find out about this?</a></li>
             <li>16.8. <a href="#16.8">Can the InChI Software fix these problems automatically?</a></li>
-            <li>16.9. <a href="#16.9">Can I regenerate the structure from InChI?</a></li>            
+            <li>16.9. <a href="#16.9">Can I regenerate the structure from InChI?</a></li>
         </ol>
     </li>
 </ol>
@@ -531,7 +531,7 @@ <h3><a name="2.14">2.14. Can search engines use InChIs?</a></h3>
         <p>Both InChI and InChIKey strings can be used in a web-based query that has high recall and precision.</p>
         <p>InChIKey may be more suited for Web searching as it includes no "special symbols" (like slash, plus, etc., which break the query into separate search items), just capital English letters and hyphens ("minus" characters).</p>
     </blockquote>
-    <!-- 2.14 Block End -->  
+    <!-- 2.14 Block End -->
 </blockquote>
 <!-- 2 Block End -->
 <!-- 2 End -->
@@ -549,7 +549,7 @@ <h3><a name="3.1">3.1. Is InChI free?</a></h3>
     <!-- 3.2 Block Start -->
     <blockquote>
         <h3><a name="3.2">3.2. Is InChI open?</a></h3>
-        <p>It is intended that the source code is freely re-usable and a license has been developed to reflect that.  Since the InChI source code has a normative role (i.e. it acts as the final arbiter of the correctness) it is not freely modifiable, although it is open to anybody to view and build an InChI binary.</p>
+        <p>It is intended that the source code is freely reusable under the MIT License.</p>
     </blockquote>
     <!-- 3.2 Block End -->
     <!-- 3.3 Block Start -->
@@ -558,6 +558,7 @@ <h3><a name="3.3">3.3. What is the InChI Licence?</a></h3>
         <p>Up to Fall 2011, InChI software was published under the GNU Lesser General Public Licence, LGPL version 2.1.</p>
         <p>Since the release 1.04 of the InChI software of Fall 2011, it has been replaced with the more permissive IUPAC/InChI-Trust Licence for the International Chemical Identifier (InChI) Software version 1.04, September 2011 ("IUPAC/InChITrust InChI Licence No. 1.0").</p>
         <p>The text of the IUPAC/InChI-Trust Licence may be found here<br><a href="http://www.inchi-trust.org/sites/default/files/inchi-1.04/IUPAC_InChI_Trust_Licence_11_Oct_2011.pdf">PDF format</a> / <a href="http://www.inchi-trust.org/sites/default/files/inchi-1.04/IUPAC_InChI_Trust_Licence_11_Oct_2011.doc">DOC format</a><br>(it is also included in the distribution package as the file LICENCE).</p>
+        <p>Since release 1.07 thee InChI software is released under the <a href=https://opensource.org/license/mit>MIT License</a>.</p>
     </blockquote>
     <!-- 3.3 Block End -->
     <!-- 3.4 Block Start -->
@@ -635,7 +636,7 @@ <h3><a name="4.3">4.3. Specifically, what are InChI layers?</a></h3>
         </ol>
         <p><em>Note:</em> The Fixed-H layer is optional (absent in Standard InChI) and can be selected by using the <a href="#15.24">FixedH</a> option of the InChI Software. The Reconnected layer is also optional (absent in Standard InChI) and can be selected by using the <a href="#15.23">RecMet</a> option.</p>
         <div class="center">
-            <img src="images/04_3-1.png" width="785" height="566" alt="">            
+            <img src="images/04_3-1.png" width="785" height="566" alt="">
         </div>
         <p>While the InChI is divided up into different layers to describe different types of structural information, each of these layers is also split into sub-layers to allow full description of each part of the structure (note: there is no sub-sub-layering).</p>
         <p>For instance, the Main layer can be split up into three sub-layers:</p>
@@ -1880,9 +1881,9 @@ <h3><a name="15.16">15.16. What are the 'stereo interpretation' options?</a></h3
         <p>These are several options which modify the interpretation of input stereochemical data. In principle, they would be considered related to structure perception. However, as the Standard InChI, by definition, requires the use of absolute stereo (or no stereo at all), these 'stereo interpretation' options assume generation of Non-standard InChI.</p>
         <p>The stereo interpretation options are:</p>
         <ul>
-            <li><a href="#15.21">SRel</a></li>            
-            <li><a href="#15.21">SRac</a></li>            
-            <li><a href="#15.21">SUCF</a></li>            
+            <li><a href="#15.21">SRel</a></li>
+            <li><a href="#15.21">SRac</a></li>
+            <li><a href="#15.21">SUCF</a></li>
         </ul>
     </blockquote>
     <!-- 15.16 Block End -->
@@ -1892,7 +1893,7 @@ <h3><a name="15.17">15.17. What are the 'InChI creation' options?</a></h3>
         <p>The 'InChI creation' options affect what the InChI algorithm does, not just the structure perception. They modify the defaults specified for Standard InChI and significantly affect the result (e.g., additional InChI layers may appear). Using any of the creation options</p>
         <ul>
             <li><a href="#15.22">SUU</a></li>
-            <li><a href="#8.6">SLUUD</a></li>            
+            <li><a href="#8.6">SLUUD</a></li>
             <li><a href="#15.23">RecMet</a></li>
             <li><a href="#15.24">FixedH</a></li>
             <li><a href="#6.4">KET</a></li>
@@ -2041,9 +2042,9 @@ <h3><a name="16.4">16.4. Does the InChI Software recognize 'atomic stereo' descr
     <blockquote>
         <h3><a name="16.5">16.5. Does the InChI Software ignore stereochemistry if a coordinate-less ("<font size="+2">0</font>D") input file in MOL/SDF format is used?</a></h3>
         <p>Yes.</p>
-        <p>In principle, it would try to recognize tetrahedral stereo expressed through wedge bonds. However, no way exists 
-        to recognize stereochemistry of double bonds in the absence of atomic coordinates, using MOL format. 
-        Therefore, all the stereochemistry is deliberately ignored, as a matter of decision. (Otherwise one would get different 
+        <p>In principle, it would try to recognize tetrahedral stereo expressed through wedge bonds. However, no way exists
+        to recognize stereochemistry of double bonds in the absence of atomic coordinates, using MOL format.
+        Therefore, all the stereochemistry is deliberately ignored, as a matter of decision. (Otherwise one would get different
         InChI stereo layers for <font size="+1">3</font>D and <font size="+1">0</font>D structures of the same compound.) However, the InChI API library accepts input atom and bond parities, which may be derived by the calling software from, for example, SMILES.</p>
     </blockquote>
     <!-- 16.5 Block End -->

diff --git a/INCHI-1-DOC/misc/announce.txt → ...I-1-DOC/misc/announce-v105-prerelease.txt b/INCHI-1-DOC/misc/announce.txt → ...I-1-DOC/misc/announce-v105-prerelease.txt
diff --git a/INCHI-1-SRC/INCHI_API/demos/inchi_main/src/aux2atom.h b/INCHI-1-SRC/INCHI_API/demos/inchi_main/src/aux2atom.h
@@ -1490,7 +1490,7 @@ int INChITo_Atom( INCHI_IOSTREAM *inp_molfile, MOL_COORD **szCoord,
             /* cleanup */
         if (num_atoms == INCHI_INP_ERROR_RET || num_atoms == INCHI_INP_FATAL_RET)
         {
-            if (atom_stereo0D) /* djb-rwth: fixing coverity CID #500395 */
+            if (atom_stereo0D) /* djb-rwth: fixing coverity ID #500395 */
             {
                 if (stereo0D && *stereo0D == atom_stereo0D)
                 {
@@ -1501,13 +1501,13 @@ int INChITo_Atom( INCHI_IOSTREAM *inp_molfile, MOL_COORD **szCoord,
             }
 
 #if ( defined(TARGET_API_LIB) || defined(TARGET_EXE_USING_API) )
-            if (atom) /* djb-rwth: fixing coverity CID #499615 */
+            if (atom) /* djb-rwth: fixing coverity ID #499615 */
             {
                 inchi_free(atom);
                 atom = NULL;
             }
 
-            if (pszCoord) /* djb-rwth: fixing coverity CID #500397 */
+            if (pszCoord) /* djb-rwth: fixing coverity ID #500397 */
             {
                 inchi_free(pszCoord);
                 pszCoord = NULL;
@@ -2730,7 +2730,7 @@ int INChITo_Atom( INCHI_IOSTREAM *inp_molfile, MOL_COORD **szCoord,
             /* cleanup */
         if (num_atoms == INCHI_INP_ERROR_RET || num_atoms == INCHI_INP_FATAL_RET)
         {
-            if (atom_stereo0D) /* djb-rwth: fixing coverity CID #500395 */
+            if (atom_stereo0D) /* djb-rwth: fixing coverity ID #500395 */
             {
                 if (stereo0D && *stereo0D == atom_stereo0D)
                 {
@@ -2740,13 +2740,13 @@ int INChITo_Atom( INCHI_IOSTREAM *inp_molfile, MOL_COORD **szCoord,
                 FreeInchi_Stereo0D(&atom_stereo0D);
             }
 
-            if (atom) /* djb-rwth: fixing coverity CID #499615 */
+            if (atom) /* djb-rwth: fixing coverity ID #499615 */
             {
                 inchi_free(atom);
                 atom = NULL;
             }
 
-            if (pszCoord) /* djb-rwth: fixing coverity CID #500397 */
+            if (pszCoord) /* djb-rwth: fixing coverity ID #500397 */
             {
                 inchi_free(pszCoord);
                 pszCoord = NULL;

diff --git a/INCHI-1-SRC/INCHI_API/libinchi/src/inchi_dll_a2.c b/INCHI-1-SRC/INCHI_API/libinchi/src/inchi_dll_a2.c
@@ -2557,7 +2557,7 @@ int FillOutINChIReducedWarn( INChI *pINChI,
             /*  Num(H), Num(-) */
             for (j = 0; j < INCHI_T_NUM_MOVABLE; j++) /* djb-rwth: removing redundant code */
                 pINChI->nTautomer[len++] = t_group->num[j];
-            for (j = T_NUM_NO_ISOTOPIC; j < INCHI_T_NUM_MOVABLE; j++) /* djb-rwth: redundant code as the loop is never executed -- discussion required */ /* djb-rwth: ui_rr */
+            for (j = T_NUM_NO_ISOTOPIC; j < INCHI_T_NUM_MOVABLE; j++) /* djb-rwth: redundant code as the loop is never executed -- discussion required */ /* djb-rwth: unresolved issue -- revision required */
                 pINChI->nTautomer[len++] = 0; /* should not happen */
             /* tautomeric group endpoint canonical numbers, pre-sorted in ascending order */
             for (j = (int) t_group->nFirstEndpointAtNoPos,

diff --git a/INCHI-1-SRC/INCHI_API/libinchi/src/inchi_dll_b.c b/INCHI-1-SRC/INCHI_API/libinchi/src/inchi_dll_b.c
@@ -1794,7 +1794,7 @@ int InchiToInchiAtom( INCHI_IOSTREAM *inp_file,
             /* cleanup */
         if (num_atoms == INCHI_INP_ERROR_RET || num_atoms == INCHI_INP_FATAL_RET)
         {
-            if (atom_stereo0D) /* djb-rwth: fixing coverity CID #500395 */
+            if (atom_stereo0D) /* djb-rwth: fixing coverity ID #500395 */
             {
                 if (stereo0D && *stereo0D == atom_stereo0D)
                 {
@@ -1804,13 +1804,13 @@ int InchiToInchiAtom( INCHI_IOSTREAM *inp_file,
                 FreeInchi_Stereo0D(&atom_stereo0D);
             }
 
-            if (atom) /* djb-rwth: fixing coverity CID #499615 */
+            if (atom) /* djb-rwth: fixing coverity ID #499615 */
             {
                 inchi_free(atom);
                 atom = NULL;
             }
 
-            if (pszCoord) /* djb-rwth: fixing coverity CID #500397 */
+            if (pszCoord) /* djb-rwth: fixing coverity ID #500397 */
             {
                 inchi_free(pszCoord);
                 pszCoord = NULL;

diff --git a/INCHI-1-SRC/INCHI_BASE/src/bcf_s.c b/INCHI-1-SRC/INCHI_BASE/src/bcf_s.c
@@ -387,7 +387,7 @@ static int dbl2int_g(double dblinp, int fwidth, int ndecpl, char* str)
 			}
 		}
 		else
-		{
+		{	/* djb-rwth: addressing coverity ID #499558 -- currently leaving this as it is still a part of GHI #100 */
 			intpl = (long long int)round(dblinp);
 			ret = sprintf(str, "%*lld", fw_real, intpl); /* djb-rwth: ignoring LLVM warning */
 			return ret;