Line: 17 Column: 7 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

              namespace caffe2 {

int NumCudaDevices() {
  if (getenv("CAFFE2_DEBUG_CUDA_INIT_ORDER")) {
    static bool first = true;
    if (first) {
      first = false;
      std::cerr << "DEBUG: caffe2::NumCudaDevices() invoked for the first time"
                << std::endl;

            

Line: 19

              TYPED_TEST_CASE(TensorGPUTest, TensorTypes);
TYPED_TEST_CASE(TensorGPUDeathTest, TensorTypes);

TYPED_TEST(TensorGPUTest, TensorInitializedEmpty) {
  if (!caffe2::HasCudaGPU()) return;
  Tensor tensor(CUDA);
  EXPECT_EQ(tensor.numel(), 0);
  EXPECT_EQ(tensor.dim(), 1);
  vector<int> dims(3);

            

Line: 65 Column: 27 CWE codes: 126

                auto& ctx = GetSingleton();

  cl::Program::Sources source(1,
      std::make_pair(src, strlen(src)));

  cl::Program p = cl::Program(ctx.context, source);
  cl_int err = CL_SUCCESS;
  std::string options = "-cl-std=CL1.1 -cl-fast-relaxed-math -cl-single-precision-constant";
  options += additional_options;

            

Line: 264 Column: 42 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                  T* Y_data = Y->template mutable_data<T>();

    const int batch_dim = ndim - 2;
    const bool is_broadcast_dims = !std::equal(
        A_broadcast_dims.cbegin(),
        A_broadcast_dims.cbegin() + batch_dim,
        B_broadcast_dims.cbegin());
    if (is_broadcast_dims) {
      CAFFE_ENFORCE(broadcast_);

            

Line: 214 Column: 19 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)

                    if (entry->d_name[0] == '.') {
        continue;
      }
      pid_t tid = atoi(entry->d_name);
      // If we've found the current thread then we'll jump into the SIGUSR2
      // handler before calling pthread_cond_wait thus deadlocking, so branch
      // our directly to the backtrace handler instead of signaling it.
      if (tid != currentTid) {
        syscall(SYS_tgkill, pid, tid, SIGUSR2);

            

Line: 137 Column: 19 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)

              template <>
C10_EXPORT bool C10FlagParser::Parse<int>(const string& content, int* value) {
  try {
    *value = std::atoi(content.c_str());
    return true;
  } catch (...) {
    GlobalInitStream() << "C10 flag error: Cannot convert argument to int: "
                       << content << std::endl;
    return false;

            

Line: 17 Column: 21 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

              // NB:
// Issues a warning if the value of the environment variable is not 0 or 1.
optional<bool> check_env(const char* name) {
  auto envar = std::getenv(name);
  if (envar) {
    if (strcmp(envar, "0") == 0) {
      return false;
    }
    if (strcmp(envar, "1") == 0) {

            

Line: 178 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                      } else {
          // C++ io has stateful formatting settings. Messing with
          // them is probably worse than doing this manually.
          char buf[4] = "000";
          buf[2] += s % 8;
          s /= 8;
          buf[1] += s % 8;
          s /= 8;
          buf[0] += s;

            

Line: 41 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                    throw std::bad_alloc();

    // Copy the elements over.  No need to run dtors on PODs.
    memcpy(NewElts, this->BeginX, CurSizeBytes);
  } else {
    // If this wasn't grown from the inline copy, grow the allocated space.
    // NOLINTNEXTLINE(cppcoreguidelines-no-malloc)
    NewElts = realloc(this->BeginX, NewCapacityInBytes);
    if (NewElts == nullptr)

            

Line: 478 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                constexpr bool initialized() const noexcept {
    typename storage::raw repr;
    // Cast to void* to suppress GCC's -Wclass-memaccess.
    memcpy(
        static_cast<void*>(&repr),
        static_cast<const void*>(&storage_),
        sizeof(storage_));
    return repr.p != nullptr || repr.sz == 0;
  }