The following issues were found

caffe2/quantization/server/pybind.cc
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 368 Column: 14 CWE codes: 362 

                        unpacked_mat_ptr = unpacked_mat.data();
        }
        ofstream fout;
        fout.open(weights_out_file);
        if (!fout) {
          LOG(WARNING) << "Can't open output file to dump fp16 weights "
                       << weights_out_file;
          return;
        }

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 411 Column: 14 CWE codes: 362 

                      packed_tensor->unpack(unpacked_int8_data.data());

        ofstream fout;
        fout.open(weights_out_file);
        if (!fout) {
          LOG(WARNING) << "Can't open output file to dump int8 weights "
                       << weights_out_file;
          return;
        }

Reported by FlawFinder.

torch/csrc/jit/tensorexpr/mem_dependency_checker.h
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 121 Column: 56 CWE codes: 120 20 

              
  // Establishes a dependency or dependent relationship with another access.
  void addDependency(const std::shared_ptr<AccessInfo>& write);
  void addDependent(const std::shared_ptr<AccessInfo>& read);

  // helper for checking dependencies.
  bool hasDependency(const std::shared_ptr<AccessInfo>& info) const;

  // Returns the set of all nodes that are direct (immediate) dependencies of

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 344 Column: 16 CWE codes: 120 20 

                  auto aReads = getAllReadsWithin(A);
    auto bWrites = getAllWritesWithin(B);

    for (auto& read : aReads) {
      for (auto& depPair : read->dependencies()) {
        if (bWrites.count(depPair.second) != 0) {
          return true;
        }
      }

Reported by FlawFinder.

torch/distributed/elastic/utils/__init__.py
2 issues
Unable to import '__init__.api'
Error

Line: 9 Column: 1 

              # This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.

from .api import get_env_variable_or_raise, get_socket_with_port, macros  # noqa: F401

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              #!/usr/bin/env python3

# Copyright (c) Facebook, Inc. and its affiliates.
# All rights reserved.
#
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.

from .api import get_env_variable_or_raise, get_socket_with_port, macros  # noqa: F401

Reported by Pylint.

torch/csrc/jit/tensorexpr/eval.cpp
2 issues
Uninitialized variable: cond_v
Error

Line: 601 CWE codes: 908 

                      throw unsupported_dtype();
    }

    if (cond_v) {
      v->true_value()->accept(this);
    } else {
      v->false_value()->accept(this);
    }
  }

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 1004 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              #define TYPE_CASE(Type, Name)                 \
  case ScalarType::Name: {                    \
    Type typed_data;                          \
    memcpy(&typed_data, data, sizeof(Type));  \
    impl_->bindVar(bufArg.var(), typed_data); \
    break;                                    \
  }
    AT_FORALL_SCALAR_TYPES_AND2(Bool, Half, TYPE_CASE);
#undef TYPE_CASE

Reported by FlawFinder.

tools/setup_helpers/gen.py
2 issues
Missing module docstring
Error

Line: 1 Column: 1 

              # Little stub file to get BUILD.bazel to play along

import os.path
import sys

root = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
sys.path.insert(0, root)

import tools.codegen.gen

Reported by Pylint.

Import "import tools.codegen.gen" should be placed at the top of the module
Error

Line: 9 Column: 1 

              root = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
sys.path.insert(0, root)

import tools.codegen.gen

tools.codegen.gen.main()

Reported by Pylint.

torch/distributed/elastic/utils/data/cycling_iterator.py
2 issues
Missing module docstring
Error

Line: 1 Column: 1 

              #!/usr/bin/env python3

# Copyright (c) Facebook, Inc. and its affiliates.
# All rights reserved.
#
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.

Reported by Pylint.

Unnecessary "else" after "return"
Error

Line: 38 Column: 13 

                      try:
            return next(self._iter)
        except StopIteration as eod:  # eod == end of data
            if self._epoch < self._n - 1:
                self._epoch += 1
                self._iter = self._generator_fn(self._epoch)
                return self.__next__()
            else:
                raise eod

Reported by Pylint.

torch/distributed/elastic/utils/store.py
2 issues
Missing module docstring
Error

Line: 1 Column: 1 

              #!/usr/bin/env python3

# Copyright (c) Facebook, Inc. and its affiliates.
# All rights reserved.
#
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.

from datetime import timedelta

Reported by Pylint.

Too many arguments (6/5)
Error

Line: 36 Column: 1 

                  return data_arr


def synchronize(
    store,
    data: bytes,
    rank: int,
    world_size: int,
    key_prefix: str,

Reported by Pylint.

tools/lldb/deploy_debugger.py
2 issues
Unable to import 'lldb'
Error

Line: 1 Column: 1 

              import lldb  # type: ignore[import]
# load into lldb instance with:
#   command script import tools/lldb/deploy_debugger.py

target = lldb.debugger.GetSelectedTarget()
bp = target.BreakpointCreateByRegex("__deploy_register_code")
bp.SetScriptCallbackBody("""\
process = frame.thread.GetProcess()
target = process.target

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              import lldb  # type: ignore[import]
# load into lldb instance with:
#   command script import tools/lldb/deploy_debugger.py

target = lldb.debugger.GetSelectedTarget()
bp = target.BreakpointCreateByRegex("__deploy_register_code")
bp.SetScriptCallbackBody("""\
process = frame.thread.GetProcess()
target = process.target

Reported by Pylint.

torch/csrc/jit/serialization/pickler.cpp
2 issues
setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 666 Column: 8 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                // Check __setstate__ if the method exists
  //   __setstate__ is expected to be (self, T) -> None
  auto setstate = cls->findMethod("__setstate__");
  if (!setstate) {
    return false;
  }
  auto set_schema = setstate->getSchema();

  TORCH_CHECK(

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 321 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                if (string.size() <= kSmallStr &&
      bufferPos_ + string.size() <= buffer_.size()) {
    // Small string that fits: buffer the data.
    memcpy(buffer_.data() + bufferPos_, string.data(), string.size());
    bufferPos_ += string.size();
  } else {
    // Otherwise, first flush, then write directly.
    flush();
    writer_(string.data(), string.size());

Reported by FlawFinder.

torch/csrc/jit/serialization/pickle.cpp
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 143 Column: 14 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      len = std::min(size - bytes_read, len);
        // Copy len bytes into buffer
        const char* start = data + bytes_read;
        std::memcpy(buffer, start, len);
        bytes_read += len;
        return len;
      },
      std::move(type_resolver),
      tensor_table);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 85 Column: 10 CWE codes: 120 20 

                  return data_.size();
  }

  size_t read(uint64_t pos, void* buf, size_t n, const char* what)
      const override {
    std::copy(
        data_.data() + pos,
        data_.data() + pos + n,
        reinterpret_cast<char*>(buf));

Reported by FlawFinder.