The following issues were found

torch/csrc/jit/codegen/fuser/compiler.cpp
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 73 Column: 29 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
int debugFuser() {
  if (debug_fusion < 0) {
    const char* debug_env = getenv("PYTORCH_FUSION_DEBUG");
    debug_fusion = debug_env ? atoi(debug_env) : 0;
  }
  return debug_fusion;
}

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 74 Column: 32 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              int debugFuser() {
  if (debug_fusion < 0) {
    const char* debug_env = getenv("PYTORCH_FUSION_DEBUG");
    debug_fusion = debug_env ? atoi(debug_env) : 0;
  }
  return debug_fusion;
}

// If the given node is used once by a chunk node, returns that node.

Reported by FlawFinder.

torch/csrc/jit/codegen/cuda/scheduler.cpp
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 269 Column: 27 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  }
  }

  const char* debug_env = getenv("PYTORCH_CUDA_FUSER_RED_SCHED_DEBUG");
  if (debug_env && atoi(debug_env)) {
    std::cout << "\n===== Reduction Parameters ========" << std::endl
              << "Inputs:" << std::endl
              << "\tRed Elems: " << red_elems << " Red Outputs: " << red_outputs
              << " Red On Fastest Dim? " << red_on_fastest_dim << std::endl

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 270 Column: 20 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

                }

  const char* debug_env = getenv("PYTORCH_CUDA_FUSER_RED_SCHED_DEBUG");
  if (debug_env && atoi(debug_env)) {
    std::cout << "\n===== Reduction Parameters ========" << std::endl
              << "Inputs:" << std::endl
              << "\tRed Elems: " << red_elems << " Red Outputs: " << red_outputs
              << " Red On Fastest Dim? " << red_on_fastest_dim << std::endl
              << "Reduction Characteristics:" << std::endl

Reported by FlawFinder.

torch/csrc/jit/codegen/cuda/manager.cpp
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 262 Column: 32 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                      std::make_move_iterator(outputs.end()));
  };

  const char* disable_fb_env = getenv("PYTORCH_CUDA_FUSER_DISABLE_FALLBACK");
  int disable_fb_flag = disable_fb_env ? atoi(disable_fb_env) : 0;
  if (disable_fb_flag) {
    execute_lambda();
  } else {
    try {

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 263 Column: 42 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

                };

  const char* disable_fb_env = getenv("PYTORCH_CUDA_FUSER_DISABLE_FALLBACK");
  int disable_fb_flag = disable_fb_env ? atoi(disable_fb_env) : 0;
  if (disable_fb_flag) {
    execute_lambda();
  } else {
    try {
      execute_lambda();

Reported by FlawFinder.

torch/csrc/jit/codegen/cuda/instrumentation.cpp
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 19 Column: 32 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              namespace inst {

Trace::Trace() {
  const char* trace_filename = getenv("PYTORCH_CUDA_FUSER_TRACE");
  if (trace_filename != nullptr) {
    log_file_ = fopen(trace_filename, "w");
    TORCH_CHECK(log_file_ != nullptr, "Can't open trace file");

    // Disable the file stream buffering, since it may result

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 21 Column: 17 CWE codes: 362 

              Trace::Trace() {
  const char* trace_filename = getenv("PYTORCH_CUDA_FUSER_TRACE");
  if (trace_filename != nullptr) {
    log_file_ = fopen(trace_filename, "w");
    TORCH_CHECK(log_file_ != nullptr, "Can't open trace file");

    // Disable the file stream buffering, since it may result
    // in torn writes in multi-threaded tracing
    setbuf(log_file_, nullptr);

Reported by FlawFinder.

torch/distributed/rpc/constants.py
2 issues
Unable to import 'torch._C._distributed_rpc'
Error

Line: 3 Column: 1 

              from datetime import timedelta

from torch._C._distributed_rpc import (
    _DEFAULT_INIT_METHOD,
    _DEFAULT_NUM_WORKER_THREADS,
    _DEFAULT_RPC_TIMEOUT_SEC,
    _UNSET_RPC_TIMEOUT,
)

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              from datetime import timedelta

from torch._C._distributed_rpc import (
    _DEFAULT_INIT_METHOD,
    _DEFAULT_NUM_WORKER_THREADS,
    _DEFAULT_RPC_TIMEOUT_SEC,
    _UNSET_RPC_TIMEOUT,
)

Reported by Pylint.

torch/csrc/generic/StorageMethods.cpp
2 issues
There is an unknown macro here somewhere. Configuration is required. If HANDLE_TH_ERRORS is a macro then please configure it.
Error

Line: 34 

              
static PyObject * THPStorage_(copy_)(PyObject *self, PyObject *args, PyObject *kwargs)
{
  HANDLE_TH_ERRORS
  return THPStorageCopyMethod(THWStorage_(copy_functions), self, args, kwargs);
  END_HANDLE_TH_ERRORS
}

static PyObject * THPStorage_(isPinned)(PyObject *_self, PyObject *noargs)

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 172 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                THWStorage* storage = THWStorage_(newWithSize)(count);

#if defined(TH_REAL_IS_BYTE) || defined(TH_REAL_IS_CHAR)
  memcpy(THWStorage_(data)(storage), src + offset, count);
#elif defined(TH_REAL_IS_BOOL)
  // Because of ASAN checks, that are failing in the THStorage.cpp whenever
  // we are trying to get a value which is not 0 or 1, we have to manually
  // convert original values to boolean ones.
  torch::utils::THP_decodeBoolBuffer(

Reported by FlawFinder.

torch/csrc/distributed/rpc/utils.cpp
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 441 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      return 0;
      }
      size_t toCopy = std::min(metaDataPos + n, metaData.second) - metaDataPos;
      memcpy(buf, metaData.first + metaDataPos, toCopy);
      metaDataPos += toCopy;
      return toCopy;
    };
    auto sectionReadFunc = [&](const std::string& ename) -> at::DataPtr {
      auto it = sections.find(ename);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 453 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                    const auto& idat = it->second;
      auto dptr = at::getCPUAllocator()->allocate(idat.second);
      if (idat.second != 0) {
        memcpy(dptr.get(), idat.first, idat.second);
      }
      return dptr;
    };

    // No need to pass typeResolver here, as it always processes string and

Reported by FlawFinder.

torch/csrc/distributed/rpc/tensorpipe_agent.cpp
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 172 Column: 28 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                static const std::string uvAddress = []() {
    tensorpipe::Error error;
    std::string result;
    char* ifnameEnv = std::getenv(kSocketIfnameEnvVar.c_str());
    if (ifnameEnv != nullptr) {
      std::tie(error, result) =
          tensorpipe::transport::uv::lookupAddrForIface(ifnameEnv);
      if (error) {
        LOG(WARNING) << "Failed to look up the IP address for interface "

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 550 Column: 11 CWE codes: 120 20 

                  std::tie(tpAllocation, tpBuffers) =
        tensorpipeAllocate(tpDescriptor, streams);

    pipe->read(
        std::move(tpAllocation),
        [tpDescriptor{std::move(tpDescriptor)},
         tpBuffers{
             std::make_shared<TensorpipeReadBuffers>(std::move(tpBuffers))},
         fn{std::move(fn)},

Reported by FlawFinder.

torch/csrc/distributed/c10d/ProcessGroupNCCL.cpp
2 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 476 Column: 37 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  workCleanupThread_ = std::thread(&ProcessGroupNCCL::workCleanupLoop, this);
  }

  const char* ncclDebugLevel = std::getenv("NCCL_DEBUG");

  if (!ncclDebugLevel) {
    ncclDebugLevel = "UNSET";
  }

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 808 Column: 10 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                } else {
    auto vec = store_->get(storeKey);
    TORCH_CHECK(vec.size() == NCCL_UNIQUE_ID_BYTES);
    std::memcpy(ncclID, vec.data(), vec.size());
  }
}

std::vector<std::shared_ptr<NCCLComm>>& ProcessGroupNCCL::getNCCLComm(
    const std::string& devicesKey,

Reported by FlawFinder.

torch/csrc/deploy/remove_dt_needed.cpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 30 Column: 13 CWE codes: 362 

                  return 1;
  }
  const char* filename = argv[1];
  int fd_ = open(filename, O_RDWR);
  CHECK(fd_ != -1, "failed to open {}: {}", filename, strerror(errno));
  struct stat s = {0};
  if (-1 == fstat(fd_, &s)) {
    close(fd_); // destructors don't run during exceptions
    ERROR("failed to stat {}: {}", filename, strerror(errno));

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 74 Column: 15 CWE codes: 362 

                auto nwritten = w - dynamic;
  memset(w, 0, sizeof(Elf64_Dyn) * (entries.size() - nwritten));

  FILE* dst = fopen(argv[2], "w");
  CHECK(dst != nullptr, "{}: {}", argv[2], strerror(errno));
  fwrite(mem, n_bytes, 1, dst);
  fclose(dst);
  munmap(mem, n_bytes);
  close(fd_);

Reported by FlawFinder.