The following issues were found
aten/src/ATen/native/EmbeddingBag.cpp
2 issues
Line: 152
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
output_size = offsets.numel();
offsets_include_last.resize(offsets.numel() + 1);
if (offsets.numel() > 0) {
std::memcpy(
offsets_include_last.data(),
offsets.data_ptr<index_t>(),
sizeof(index_t) * offsets.numel());
}
offsets_include_last[offsets.numel()] = select_indices.numel();
Reported by FlawFinder.
Line: 314
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
} else {
output_size = offsets.numel();
offsets_include_last.resize(offsets.numel() + 1);
std::memcpy(
offsets_include_last.data(),
offsets.data_ptr<index_t>(),
sizeof(index_t) * offsets.numel());
offsets_include_last[offsets.numel()] = select_indices.numel();
offsets_data = offsets_include_last.data();
Reported by FlawFinder.
aten/src/ATen/native/NaiveDilatedConvolution.cpp
2 issues
Line: 539
CWE codes:
562
stride_size,
pad_size,
dilation_size);
return std::tie(grad_input, grad_weight, grad_bias);
}
Tensor slow_conv_dilated3d_cpu(
const Tensor& input,
const Tensor& weight,
Reported by Cppcheck.
Line: 645
CWE codes:
562
stride_size,
pad_size,
dilation_size);
return std::tie(grad_input, grad_weight, grad_bias);
}
} // namespace native
} // namespace at
Reported by Cppcheck.
aten/src/ATen/native/TensorFactories.cpp
2 issues
Line: 238
return self.to(ScalarType::n, non_blocking); \
}
AT_FORALL_SCALAR_TYPES_AND3(Bool, Half, BFloat16, DEFINE_CAST_OP)
#undef DEFINE_CAST_OP
Tensor empty_like(
const Tensor& self,
Reported by Cppcheck.
Line: 876
Column: 28
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
for(int64_t i = 0; i < n - 1; i++)
{
// NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.rand)
int64_t z = generator->random() % (n-i);
scalar_t sav = r__data[i*r__stride_0];
r__data[i*r__stride_0] = r__data[(z+i)*r__stride_0];
r__data[(z+i)*r__stride_0] = sav;
}
}
Reported by FlawFinder.
aten/src/ATen/native/quantized/cpu/qnnpack/generate-wrapper.py
2 issues
Line: 1
Column: 1
import os
QNNPACK_SOURCES = {
# Generic functions
None: [
"requantization/fp32-psimd.c",
"requantization/fp32-scalar.c",
"requantization/gemmlowp-scalar.c",
Reported by Pylint.
Line: 1
Column: 1
import os
QNNPACK_SOURCES = {
# Generic functions
None: [
"requantization/fp32-psimd.c",
"requantization/fp32-scalar.c",
"requantization/gemmlowp-scalar.c",
Reported by Pylint.
aten/src/ATen/native/vulkan/Vulkan.cpp
2 issues
Line: 345
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void* const outputData, const int64_t size) const {
auto mm = map();
TORCH_INTERNAL_ASSERT(mm.ptr(), "Vulkan: Failed to map Vulkan Buffer memory");
::memcpy(outputData, mm.ptr(), size);
mm.flushWriteToHost();
}
void VBuffer::copy_from_host_to_device(
const void* const data, const int64_t size) {
Reported by FlawFinder.
Line: 353
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const void* const data, const int64_t size) {
auto mm = map();
TORCH_INTERNAL_ASSERT(mm.ptr(), "Vulkan: Failed to map Vulkan Buffer memory");
::memcpy(mm.ptr(), data, size);
mm.flushWriteToDevice();
}
void VBuffer::set_zeros() {
auto mm = map();
Reported by FlawFinder.
aten/src/ATen/native/vulkan/ops/Copy.cpp
2 issues
Line: 70
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
Future::Payload v_self_payload = v_self_future.wait();
memcpy(
v_self_payload.get(),
cpu_src.contiguous().data_ptr<float>(),
std::min(src.nbytes(), self.nbytes()));
}
}
Reported by FlawFinder.
Line: 105
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const Future::Payload v_src_payload = v_src_future.wait();
memcpy(
self.data_ptr<float>(),
v_src_payload.get(),
std::min(src.nbytes(), self.nbytes()));
}
else {
Reported by FlawFinder.
aten/src/ATen/test/cpu_rng_test.cpp
2 issues
Line: 132
return at::native::templates::bernoulli_out_impl<native::templates::cpu::BernoulliKernel, TestCPUGenerator>(result, self, gen);
}
TORCH_LIBRARY_IMPL(aten, CustomRNGKeyId, m) {
// Random
m.impl("random_.from", random_from_to);
m.impl("random_.to", random_to);
m.impl("random_", random_);
// Normal
Reported by Cppcheck.
Line: 24
Column: 12
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
TestCPUGenerator(uint64_t value) : GeneratorImpl{Device(DeviceType::CPU), DispatchKeySet(kCustomRNG)}, value_(value) { }
// NOLINTNEXTLINE(modernize-use-override)
~TestCPUGenerator() = default;
uint32_t random() { return value_; }
uint64_t random64() { return value_; }
c10::optional<float> next_float_normal_sample() { return next_float_normal_sample_; }
c10::optional<double> next_double_normal_sample() { return next_double_normal_sample_; }
void set_next_float_normal_sample(c10::optional<float> randn) { next_float_normal_sample_ = randn; }
void set_next_double_normal_sample(c10::optional<double> randn) { next_double_normal_sample_ = randn; }
Reported by FlawFinder.
aten/src/ATen/test/dlconvertor_test.cpp
2 issues
Line: 20
Column: 17
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
Tensor b = fromDLPack(dlMTensor);
ASSERT_TRUE(a.equal(b));
}
TEST(TestDlconvertor, TestDlconvertorNoStrides) {
manual_seed(123);
Reported by FlawFinder.
Line: 32
Column: 17
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
Tensor b = fromDLPack(dlMTensor);
ASSERT_TRUE(a.equal(b));
}
Reported by FlawFinder.
aten/src/ATen/test/test_parallel.cpp
2 issues
Line: 42
Column: 24
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
as[0] = 1;
as[1] = 0;
as[2] = 0;
ASSERT_TRUE(a.sum(0).equal(as));
}
TEST(TestParallel, NestedParallel) {
Tensor a = ones({1024, 1024});
auto expected = a.sum();
Reported by FlawFinder.
Line: 51
Column: 27
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
// check that calling sum() from within a parallel block computes the same result
at::parallel_for(0, 10, 1, [&](int64_t begin, int64_t end) {
if (begin == 0) {
ASSERT_TRUE(a.sum().equal(expected));
}
});
}
#ifdef TH_BLAS_MKL
Reported by FlawFinder.
aten/src/THC/THCGeneral.cpp
2 issues
Line: 132
Column: 42
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
THCudaCheck(cudaSetDevice(dev));
int access = 0;
THCudaCheck(cudaDeviceCanAccessPeer(&access, dev, devToAccess));
if (access) {
cudaError_t err = cudaDeviceEnablePeerAccess(devToAccess, 0);
if (err == cudaErrorPeerAccessAlreadyEnabled) {
// ignore and clear the error if access was already enabled
cudaGetLastError();
Reported by FlawFinder.
Line: 133
Column: 9
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
int access = 0;
THCudaCheck(cudaDeviceCanAccessPeer(&access, dev, devToAccess));
if (access) {
cudaError_t err = cudaDeviceEnablePeerAccess(devToAccess, 0);
if (err == cudaErrorPeerAccessAlreadyEnabled) {
// ignore and clear the error if access was already enabled
cudaGetLastError();
} else {
Reported by FlawFinder.