The following issues were found

torch/csrc/jit/tensorexpr/bounds_inference.cpp
1 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 25 Column: 14 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

                  const std::unordered_map<VarPtr, BufPtr>& varToBuf,
    bool distinctAccessKinds) {
  BoundsInfo ret;
  for (auto& access : accesses) {
    if (access->type() == AccessType::Input ||
        access->type() == AccessType::Output) {
      continue;
    }

Reported by FlawFinder.

torch/csrc/api/src/optim/rmsprop.cpp
1 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 54 Column: 17 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              
bool operator==(const RMSpropParamState& lhs, const RMSpropParamState& rhs) {
  return (lhs.step() == rhs.step()) &&
         torch::equal(lhs.square_avg(), rhs.square_avg()) &&
         torch::equal_if_defined(lhs.momentum_buffer(), rhs.momentum_buffer()) &&
         torch::equal_if_defined(lhs.grad_avg(), rhs.grad_avg());
}

void RMSpropParamState::serialize(torch::serialize::OutputArchive& archive) const {

Reported by FlawFinder.

third_party/miniz-2.0.8/examples/example6.c
1 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 149 Column: 21 CWE codes: 362 

                    fprintf(stderr, "tdefl_write_image_to_png_file_in_memory_ex() failed!\n");
    else
    {
      FILE *pFile = fopen(pFilename, "wb");
      fwrite(pPNG_data, 1, png_data_size, pFile);
      fclose(pFile);
      printf("Wrote %s\n", pFilename);
    }

Reported by FlawFinder.

torch/distributed/launcher/__init__.py
1 issues
Missing module docstring
Error

Line: 1 Column: 1 

              #!/usr/bin/env/python3

# Copyright (c) Facebook, Inc. and its affiliates.
# All rights reserved.
#
# This source code is licensed under the BSD-style license found in the
# LICENSE file in the root directory of this source tree.

Reported by Pylint.

torch/csrc/jit/serialization/python_print.cpp
1 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 323 Column: 55 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

                        continue;
        }
        auto& t2 = constant_table_[i].toTensor();
        if (t.options().type_equal(t2.options()) && t.equal(t2)) {
          return i;
        }
      }
    }
    constant_table_.emplace_back(std::move(val));

Reported by FlawFinder.

torch/csrc/api/src/optim/lbfgs.cpp
1 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 63 Column: 17 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              bool if_container_equal(T lhs, T rhs) {
  if (!(lhs.size() == rhs.size())) return false;
  for(const auto i : c10::irange(lhs.size())) {
    if (!torch::equal(lhs.at(i), rhs.at(i))) return false;
  }
  return true;
}

bool operator==(const LBFGSParamState& lhs, const LBFGSParamState& rhs) {

Reported by FlawFinder.

torch/csrc/jit/serialization/pickler.h
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 226 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                    flushNonEmpty();
    }
    static_assert(sizeof(T) <= kBufferSize, "Buffer size assumption");
    memcpy(buffer_.data() + bufferPos_, begin, sizeof(T));
    bufferPos_ += sizeof(T);
  }

  // Stream to write binary data to
  // Code shouldn't call writer_ directly without first flush()ing.

Reported by FlawFinder.

torch/csrc/Dtype.cpp
1 issues
strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 21 Column: 8 CWE codes: 120 

                if (!self) throw python_error();
  auto self_ = reinterpret_cast<THPDtype*>(self.get());
  self_->scalar_type = scalar_type;
  std::strncpy(self_->name, name.c_str(), DTYPE_NAME_LEN);
  return self.release();
}

PyObject *THPDtype_is_floating_point(THPDtype *self, PyObject *noargs)
{

Reported by FlawFinder.

torch/distributed/elastic/agent/server/__init__.py
1 issues
Unable to import '__init__.api'
Error

Line: 31 Column: 1 

              in the same job) to make a collective decision.
"""

from .api import (  # noqa: F401
    ElasticAgent,
    SimpleElasticAgent,
    Worker,
    WorkerGroup,
    RunResult,

Reported by Pylint.

torch/csrc/Device.cpp
1 issues
There is an unknown macro here somewhere. Configuration is required. If HANDLE_TH_ERRORS is a macro then please configure it.
Error

Line: 105 

              
static Py_ssize_t THPDevice_hash(THPDevice *self)
{
  HANDLE_TH_ERRORS
  return static_cast<Py_ssize_t>(std::hash<at::Device>{}(self->device) % std::numeric_limits<Py_ssize_t>::max());
  END_HANDLE_TH_ERRORS_RET(-1)
}

PyObject *THPDevice_rc(PyObject *a, PyObject *b, int op) {

Reported by Cppcheck.