Codekhana

tools/linter/flake8_hook.py

2 issues

Unable to import 'flake8.main'

Error

Line: 5 Column: 1

              
import sys

from flake8.main import git  # type: ignore[import]

if __name__ == '__main__':
    sys.exit(
        git.hook(
            strict=True,

Reported by Pylint.

Missing module docstring

Error

Line: 1 Column: 1

              #!/usr/bin/env python3

import sys

from flake8.main import git  # type: ignore[import]

if __name__ == '__main__':
    sys.exit(
        git.hook(

Reported by Pylint.

torch/csrc/jit/serialization/import_read.cpp

2 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 30 Column: 10 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                  len = std::min(pickle_size - bytes_read, len);
    // Copy len bytes into buffer
    const char* start = data + bytes_read;
    std::memcpy(buffer, start, len);
    bytes_read += len;
    return len;
  };

  std::string tensor_dir_path =

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops

Security

Line: 60 Column: 8 CWE codes: 120 20

                std::array<uint8_t, 2> first_short{};
  static constexpr uint8_t first_slot = 0x80;
  static constexpr uint8_t second_slot = 0x02;
  rai->read(
      /*pos=*/0,
      /*buf=*/&first_short,
      /*n=*/2,
      /*what=*/"checking archive");

Reported by FlawFinder.

third_party/miniz-2.0.8/miniz.h

2 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 961 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
    /* Filename. If string ends in '/' it's a subdirectory entry. */
    /* Guaranteed to be zero terminated, may be truncated to fit. */
    char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE];

    /* Comment field. */
    /* Guaranteed to be zero terminated, may be truncated to fit. */
    char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE];

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 965 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
    /* Comment field. */
    /* Guaranteed to be zero terminated, may be truncated to fit. */
    char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE];

} mz_zip_archive_file_stat;

typedef size_t (*mz_file_read_func)(void *pOpaque, mz_uint64 file_ofs, void *pBuf, size_t n);
typedef size_t (*mz_file_write_func)(void *pOpaque, mz_uint64 file_ofs, const void *pBuf, size_t n);

Reported by FlawFinder.

torch/csrc/jit/passes/utils/check_alias_annotation.cpp

2 issues

equal - Function does not check the second iterator for over-read conditions

Security

Line: 66 Column: 27 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

              
bool deepEquals(const IValue& lhs, const IValue& rhs) {
  if (lhs.isTensor() && rhs.isTensor()) {
    return lhs.toTensor().equal(rhs.toTensor());
  }

  if (lhs.isTensorList() && rhs.isTensorList()) {
    const auto a = lhs.toTensorList();
    const auto b = rhs.toTensorList();

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions

Security

Line: 76 Column: 17 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                    return false;
    }
    for (auto i = decltype(a.size()){0}; i < a.size(); ++i) {
      if (!a[i].equal(b[i])) {
        return false;
      }
    }
    return true;
  }

Reported by FlawFinder.

torch/csrc/jit/passes/tensorexpr_fuser.cpp

2 issues

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once

Security

Line: 268 Column: 42 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

              }

bool tensorExprFuserEnabled() {
  static const char* enable_c_str = std::getenv("PYTORCH_TENSOREXPR");
  if (!enable_c_str) {
    return texpr_fuser_enabled_;
  }
  if (std::string(enable_c_str) == "0") {
    return false;

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once

Security

Line: 1249 Column: 31 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

                // 'PYTORCH_TENSOREXPR_DONT_FUSE="clamp:mul:add"' disables fusion on
  // aten::clamp, aten::mul and aten::add.
  void parseTENotFuseOption() {
    const char* option = std::getenv("PYTORCH_TENSOREXPR_DONT_FUSE");
    std::stringstream in_ss;
    if (option) {
      in_ss << option;
    }

Reported by FlawFinder.

torch/csrc/jit/mobile/import_data.cpp

2 issues

setstate - This function is not sufficiently random for security-related functions such as key and nonce creation

Security

Line: 115 Column: 9 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values

                    }
      return nullptr;
    };
    if (setstate) {
      auto obj = c10::ivalue::Object::create(type, 0);
      Stack stack({obj, input});
      setstate->run(stack);
      return obj;
    } else if (auto custom_class_type = find_custom_class_with_setstate()) {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 79 Column: 10 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                  len = std::min(pickle_size - bytes_read, len);
    // Copy len bytes into buffer
    const char* start = data + bytes_read;
    std::memcpy(buffer, start, len);
    bytes_read += len;
    return len;
  };

  static const c10::QualifiedName torchPrefix = "__torch__";

Reported by FlawFinder.

torch/csrc/jit/mobile/backport.cpp

2 issues

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 58 Column: 15 CWE codes: 362

                  const int64_t to_version) {
  std::ifstream file_stream;
  std::unique_ptr<IStreamAdapter> istream_adapter;
  file_stream.open(input_filename, std::ifstream::in | std::ifstream::binary);
  if (!file_stream) {
    AT_ERROR("open file failed, file path: ", input_filename);
  }
  istream_adapter = std::make_unique<IStreamAdapter>(&file_stream);

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 79 Column: 15 CWE codes: 362

                  const int64_t to_version) {
  std::ifstream file_stream;
  std::unique_ptr<IStreamAdapter> istream_adapter;
  file_stream.open(input_filename, std::ifstream::in | std::ifstream::binary);
  if (!file_stream) {
    AT_ERROR("open file failed, file path: ", input_filename);
  }
  istream_adapter = std::make_unique<IStreamAdapter>(&file_stream);

Reported by FlawFinder.

torch/distributed/pipeline/sync/skip/init.py

2 issues

Unable to import '__init__.namespace'

Error

Line: 8 Column: 1

              # This source code is licensed under the BSD license found in the
# LICENSE file in the root directory of this source tree.
"""Supports efficiency with skip connections."""
from .namespace import Namespace
from .skippable import pop, skippable, stash, verify_skippables

__all__ = ["skippable", "stash", "pop", "verify_skippables", "Namespace"]

Reported by Pylint.

Unable to import '__init__.skippable'

Error

Line: 9 Column: 1

              # LICENSE file in the root directory of this source tree.
"""Supports efficiency with skip connections."""
from .namespace import Namespace
from .skippable import pop, skippable, stash, verify_skippables

__all__ = ["skippable", "stash", "pop", "verify_skippables", "Namespace"]

Reported by Pylint.

torch/csrc/jit/ir/node_hashing.cpp

2 issues

equal - Function does not check the second iterator for over-read conditions

Security

Line: 26 Column: 57 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                if (lhs.is_mkldnn() || rhs.is_mkldnn()) {
    return false;
  }
  return lhs.options().type_equal(rhs.options()) && lhs.equal(rhs);
}

bool typeListEqual(
    const std::vector<TypePtr>& lhs,
    const std::vector<TypePtr>& rhs) {

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions

Security

Line: 258 Column: 13 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                auto rhs_inputs = rhs->inputs();
  if (lhs_inputs.size() != rhs_inputs.size())
    return false;
  if (!std::equal(lhs_inputs.begin(), lhs_inputs.end(), rhs_inputs.begin()))
    return false;

  if (!attributesEqualCSE(lhs, rhs))
    return false;

Reported by FlawFinder.

torch/csrc/jit/frontend/edit_distance.cpp

2 issues

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)

Security

Line: 16 Column: 14 CWE codes: 126

                  const char* word1,
    const char* word2,
    size_t maxEditDistance) {
  size_t m = strlen(word1);
  size_t n = strlen(word2);

  const unsigned small_buffer_size = 64;
  // NOLINTNEXTLINE(cppcoreguidelines-avoid-c-arrays,modernize-avoid-c-arrays)
  unsigned small_buffer[small_buffer_size];

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)

Security

Line: 17 Column: 14 CWE codes: 126

                  const char* word2,
    size_t maxEditDistance) {
  size_t m = strlen(word1);
  size_t n = strlen(word2);

  const unsigned small_buffer_size = 64;
  // NOLINTNEXTLINE(cppcoreguidelines-avoid-c-arrays,modernize-avoid-c-arrays)
  unsigned small_buffer[small_buffer_size];
  // NOLINTNEXTLINE(cppcoreguidelines-avoid-c-arrays,modernize-avoid-c-arrays)

Reported by FlawFinder.

Modal title

The following issues were found

tools/linter/flake8_hook.py

2 issues

torch/csrc/jit/serialization/import_read.cpp

2 issues

third_party/miniz-2.0.8/miniz.h

2 issues

torch/csrc/jit/passes/utils/check_alias_annotation.cpp

2 issues

torch/csrc/jit/passes/tensorexpr_fuser.cpp

2 issues

torch/csrc/jit/mobile/import_data.cpp

2 issues

torch/csrc/jit/mobile/backport.cpp

2 issues

torch/distributed/pipeline/sync/skip/__init__.py

2 issues

torch/csrc/jit/ir/node_hashing.cpp

2 issues

torch/csrc/jit/frontend/edit_distance.cpp

2 issues

torch/distributed/pipeline/sync/skip/init.py