The following issues were found
caffe2/core/nomnigraph/tests/SubgraphMatcherTest.cc
2 issues
Line: 533
Column: 14
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
nodes.emplace_back(node);
}
TestRandom random(517);
for (int i = 0; i < numPatterns; i++) {
std::vector<int> nodeIdx;
for (int k = 0; k < 5; k++) {
// NOLINTNEXTLINE(performance-inefficient-vector-operation)
nodeIdx.emplace_back(random.nextInt() % numNodes);
Reported by FlawFinder.
Line: 538
Column: 28
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
std::vector<int> nodeIdx;
for (int k = 0; k < 5; k++) {
// NOLINTNEXTLINE(performance-inefficient-vector-operation)
nodeIdx.emplace_back(random.nextInt() % numNodes);
}
graph.createEdge(nodes[nodeIdx[0]], nodes[nodeIdx[1]]);
graph.createEdge(nodes[nodeIdx[0]], nodes[nodeIdx[2]]);
graph.createEdge(nodes[nodeIdx[1]], nodes[nodeIdx[3]]);
graph.createEdge(nodes[nodeIdx[2]], nodes[nodeIdx[3]]);
Reported by FlawFinder.
caffe2/mobile/contrib/ulp2/ulp.cc
2 issues
Line: 233
Column: 18
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// We can do a larger memcpy, of size KW * KC
size_t off = kh * KW * KC + ow * KH * KW * KC + oh * KH * KW * KC * OW +
n * KH * KW * KC * OW * OH;
std::memcpy(&XQcoldata[off],
&XQdata[((int32_t)w_pad) * KC + ih * IW * KC + n * IW * KC * IH],
KW * KC);
} else {
for (size_t kw = 0; kw < KW; ++kw) {
int32_t iw = (int32_t)kw + w_pad;
Reported by FlawFinder.
Line: 243
Column: 22
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t off = kw * KC + kh * KW * KC + ow * KH * KW * KC + oh * KH * KW * KC * OW +
n * KH * KW * KC * OW * OH;
if ((size_t)ih < (size_t)IH && (size_t)iw < (size_t)IW) {
std::memcpy(
&XQcoldata[off], &XQdata[iw * KC + ih * IW * KC + n * KC * IW * IH], KC);
} else {
// This should be simply padded with zero.
std::memset(&XQcoldata[off], 0, KC);
}
Reported by FlawFinder.
caffe2/operators/batch_permutation_op.cc
2 issues
Line: 33
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (int n = 0; n < N; n++) {
int origIdx = n * K;
int permuteIdx = indices[n] * K;
std::memcpy(dst + origIdx, src + permuteIdx, numBytes);
}
} else {
std::vector<int> backward_indices(N);
for (int i = 0; i < N; ++i) {
backward_indices[indices[i]] = i;
Reported by FlawFinder.
Line: 43
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (int n = 0; n < N; n++) {
int permuteIdx = n * K;
int origIdx = backward_indices[n] * K;
std::memcpy(dst + permuteIdx, src + origIdx, numBytes);
}
}
}
template <>
Reported by FlawFinder.
caffe2/operators/copy_rows_to_tensor_op.h
2 issues
Line: 46
Column: 12
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
IsInputOutputAlias(0, 0), "Input 0 and Output 0 should be alias.");
// NOLINTNEXTLINE(clang-diagnostic-sign-compare)
for (size_t i = 0; i < indices.sizes()[0]; ++i) {
std::memcpy(
output_data + indices_data[i] * tensor_width,
row_data,
tensor_width * sizeof(T));
}
return true;
Reported by FlawFinder.
Line: 77
Column: 10
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
auto* output_data = output->template mutable_data<T>();
auto& input = Input(0);
const auto* input_data = input.template data<T>();
std::memcpy(output_data, input_data, input.size(0) * sizeof(T));
return true;
}
};
Reported by FlawFinder.
caffe2/operators/elementwise_op_test.cc
2 issues
Line: 9
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
template <>
void CopyVector<caffe2::CPUContext, bool>(const int N, const bool* x, bool* y) {
memcpy(y, x, N * sizeof(bool));
}
template <>
void CopyVector<caffe2::CPUContext, int32_t>(
const int N,
Reported by FlawFinder.
Line: 17
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
const int N,
const int32_t* x,
int32_t* y) {
memcpy(y, x, N * sizeof(int32_t));
}
TEST(ElementwiseCPUTest, And) {
elementwiseAnd<caffe2::CPUContext>();
}
Reported by FlawFinder.
caffe2/operators/half_float_ops.cc
2 issues
Line: 38
CWE codes:
908
auto& input = Input(0);
auto* output = Output(0, input.sizes(), at::dtype<at::Half>());
const float* data = input.template data<float>();
at::Half* out = output->template mutable_data<at::Half>();
auto N = input.numel();
#ifdef USE_FBGEMM
// There exists a verion fbgemm::FloatToFloat16_simd which will issue avx-512
Reported by Cppcheck.
Line: 65
CWE codes:
908
auto& input = Input(0);
auto* output = Output(0, input.sizes(), at::dtype<float>());
const at::Half* data = input.template data<at::Half>();
float* out = output->template mutable_data<float>();
auto N = input.numel();
#ifdef USE_FBGEMM
// Same reasoning of sticking to avx2
Reported by Cppcheck.
caffe2/operators/load_save_op.h
2 issues
Line: 357
Column: 7
CWE codes:
134
Suggestion:
Use a constant for the format specification
// Start with an initial buffer size that is probably enough most of the time.
std::string buffer(256, '\0');
auto bytes_written =
snprintf(&buffer[0], buffer.size(), pattern.c_str(), values...);
if (bytes_written < 0) {
throw std::runtime_error("FormatString failed");
}
// NOLINTNEXTLINE(clang-diagnostic-sign-compare)
if (bytes_written > buffer.size()) {
Reported by FlawFinder.
Line: 366
Column: 9
CWE codes:
134
Suggestion:
Use a constant for the format specification
// Our initial buffer size wasn't enough, resize and run again.
buffer.resize(bytes_written + 1);
bytes_written =
snprintf(&buffer[0], buffer.size(), pattern.c_str(), values...);
if (bytes_written < 0) {
throw std::runtime_error("FormatString failed");
}
}
// Truncate the string to the correct size to trim off the nul terminator.
Reported by FlawFinder.
caffe2/operators/pool_op_cudnn.cc
2 issues
Line: 58
Column: 29
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
: ConvPoolOpBase<CUDAContext>(std::forward<Args>(args)...),
cudnn_wrapper_(&context_),
functor_(*this),
equal_padding_(std::equal(
pads_.cbegin(),
pads_.cbegin() + kernel_.size(),
pads_.cbegin() + kernel_.size())) {
CUDNN_ENFORCE(cudnnCreateTensorDescriptor(&X_desc_));
CUDNN_ENFORCE(cudnnCreateTensorDescriptor(&Y_desc_));
Reported by FlawFinder.
Line: 199
Column: 29
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
: ConvPoolOpBase<CUDAContext>(std::forward<Args>(args)...),
cudnn_wrapper_(&context_),
functor_(*this),
equal_padding_(std::equal(
pads_.cbegin(),
pads_.cbegin() + kernel_.size(),
pads_.cbegin() + kernel_.size())) {
CUDNN_ENFORCE(cudnnCreateTensorDescriptor(&X_desc_));
CUDNN_ENFORCE(cudnnCreateTensorDescriptor(&Y_desc_));
Reported by FlawFinder.
caffe2/operators/quantized/int8_slice_op.h
2 issues
Line: 63
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{static_cast<int64_t>(ends_.size())},
at::dtype<SIndex>().device(CPU));
memcpy(
starts_host_.template mutable_data<SIndex>(),
starts_.data(),
sizeof(SIndex) * starts_.size());
memcpy(
ends_host_.template mutable_data<SIndex>(),
Reported by FlawFinder.
Line: 67
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
starts_host_.template mutable_data<SIndex>(),
starts_.data(),
sizeof(SIndex) * starts_.size());
memcpy(
ends_host_.template mutable_data<SIndex>(),
ends_.data(),
sizeof(SIndex) * ends_.size());
statically_inited_ = true;
}
Reported by FlawFinder.
caffe2/operators/string_ops.cc
2 issues
Line: 55
Column: 17
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
explicit StartsWith(OperatorBase& op)
: prefix_(op.GetSingleArgument<std::string>("prefix", "")) {}
bool operator()(const std::string& str) {
return std::mismatch(prefix_.begin(), prefix_.end(), str.begin()).first ==
prefix_.end();
}
private:
std::string prefix_;
Reported by FlawFinder.
Line: 67
Column: 17
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
explicit EndsWith(OperatorBase& op)
: suffix_(op.GetSingleArgument<std::string>("suffix", "")) {}
bool operator()(const std::string& str) {
return std::mismatch(suffix_.rbegin(), suffix_.rend(), str.rbegin())
.first == suffix_.rend();
}
private:
std::string suffix_;
Reported by FlawFinder.