The following issues were found

torch/csrc/autograd/engine.cpp
1 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 247 Column: 28 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                stopped_ = true;
  // Under some conditions, autograd threads can hang on shutdown
  // Do not wait for them to shutdown indefinitely but rely on timeout
  auto wait_duration_str = getenv("TORCH_AUTOGRAD_SHUTDOWN_WAIT_LIMIT");
  if (!wait_duration_str) {
    wait_duration_str = "10.0";
  }
  auto wait_duration = std::atof(wait_duration_str);
  bool noBackward = true;

Reported by FlawFinder.

torch/csrc/autograd/VariableTypeManual.cpp
1 issues
syntax error
Error

Line: 251 

              //   and they have manual_kernel_registration=True in native_functions.yaml.
// - Ops registered to DispatchKey::Autograd below must be included in `MANUAL_AUTOGRAD` in tools/autograd/gen_variable_type.py

TORCH_LIBRARY_IMPL(aten, Autograd, m) {
  m.impl("resize_", torch::dispatch(DispatchKey::Autograd, TORCH_FN(VariableType::resize_)));
  m.impl("resize_as_", torch::dispatch(DispatchKey::Autograd, TORCH_FN(VariableType::resize_as_)));
  m.impl("detach", torch::dispatch(DispatchKey::Autograd, TORCH_FN(VariableType::detach)));
  m.impl("detach_", torch::dispatch(DispatchKey::Autograd, TORCH_FN(VariableType::detach_)));
  m.impl("copy_", torch::dispatch(DispatchKey::Autograd, TORCH_FN(VariableType::copy_)));

Reported by Cppcheck.

torch/csrc/jit/tensorexpr/eval.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 92 Column: 8 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              To raw_bitcast(const From& src) {
  TORCH_CHECK(sizeof(To) == sizeof(From), "Invalid bitcast invocation");
  To storage;
  std::memcpy(&storage, &src, sizeof(From));
  return reinterpret_cast<To&>(storage);
}

class SimpleIREvaluatorImpl;
class TORCH_API SimpleIREvaluator : public CodeGen {

Reported by FlawFinder.

torch/csrc/autograd/TraceTypeManual.cpp
1 issues
syntax error
Error

Line: 129 

              
// Invariant:
// - Ops registered to DispatchKey::Tracer below must be included in `MANUAL_TRACER` in tools/autograd/gen_variable_type.py
TORCH_LIBRARY_IMPL(aten, Tracer, m) {
  m.impl("resize_", resize_);
  m.impl("resize_as_", resize_as_);
  m.impl("detach", TORCH_FN(detach));
  m.impl("detach_", detach_);
  m.impl("copy_", copy_);

Reported by Cppcheck.

torch/csrc/api/src/optim/sgd.cpp
1 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 53 Column: 17 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              }

bool operator==(const SGDParamState& lhs, const SGDParamState& rhs) {
  return torch::equal(lhs.momentum_buffer(), rhs.momentum_buffer());
}

void SGDParamState::serialize(torch::serialize::OutputArchive& archive) const {
  _TORCH_OPTIM_SERIALIZE_TORCH_ARG(momentum_buffer);
}

Reported by FlawFinder.

test/onnx/test_onnx_common.py
1 issues
Missing module docstring
Error

Line: 1 Column: 1 

              import os


onnx_model_dir = os.path.join(os.path.dirname(
    os.path.realpath(__file__)), os.pardir, "repos", "onnx", "onnx",
    "backend", "test", "data")


pytorch_converted_dir = os.path.join(onnx_model_dir, "pytorch-converted")

Reported by Pylint.

torch/csrc/api/src/optim/serialize.cpp
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 26 Column: 11 CWE codes: 120 20 

                  const std::string& key,
    int64_t& value) {
  IValue ivalue;
  archive.read(key, ivalue);
  value = ivalue.toInt();
}

void serialize(
    serialize::OutputArchive& archive,

Reported by FlawFinder.

torch/csrc/jit/tensorexpr/cuda_codegen.cpp
1 issues
The address of local variable 'rand_seed' might be accessed at non-zero index.
Error

Line: 1143 CWE codes: 758 

                    rand_offset = philox_engine_inputs.second;
    }
    ptr_to_args[buffer_args.size()] = &rand_seed;
    ptr_to_args[buffer_args.size() + 1] = &rand_offset;
  }

  auto prior_device = at::cuda::current_device();
  if (prior_device != this->device().index()) {
    at::cuda::set_device(this->device().index());

Reported by Cppcheck.

torch/csrc/jit/tensorexpr/codegen.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 149 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
#define ARG_TYPE_CTOR(Type, Name)     \
  CallArg(Type v) {                   \
    memcpy(&data_, &v, sizeof(Type)); \
  }
  // NOLINTNEXTLINE(cppcoreguidelines-pro-type-member-init)
  AT_FORALL_SCALAR_TYPES_AND2(Bool, Half, ARG_TYPE_CTOR);
#undef ARG_TYPE_CTOR

Reported by FlawFinder.

torch/distributed/elastic/utils/log_level.py
1 issues
Missing module docstring
Error

Line: 1 Column: 1 

              #!/usr/bin/env python3

# Copyright (c) Facebook, Inc. and its affiliates.
# All rights reserved.
#
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.

Reported by Pylint.