Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pytorch-vision-0.8.1/examples/cpp/hello_world/main.cpp
Examining data/pytorch-vision-0.8.1/test/test_models.cpp
Examining data/pytorch-vision-0.8.1/test/tracing/frcnn/test_frcnn_tracing.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/DeformConv.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/PSROIAlign.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/PSROIPool.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/ROIAlign.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/ROIPool.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/autocast.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/DeformConv_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/PSROIAlign_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/PSROIPool_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/ROIAlign_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/ROIPool_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/audio_sampler.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/audio_sampler.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/audio_stream.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/audio_stream.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/cc_stream.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/cc_stream.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/decoder.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/decoder.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/defs.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/memory_buffer.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/memory_buffer.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/seekable_buffer.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/seekable_buffer.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/stream.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/stream.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/subtitle_sampler.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/subtitle_sampler.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/subtitle_stream.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/subtitle_stream.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder_test.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/time_keeper.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/time_keeper.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util_test.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/video_sampler.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/video_sampler.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/video_stream.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/video_stream.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/image.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/image.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/jpegcommon.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/jpegcommon.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/read_image_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/read_image_cpu.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/read_write_file_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/read_write_file_cpu.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/readjpeg_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/readjpeg_cpu.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/readpng_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/readpng_cpu.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/writejpeg_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/writejpeg_cpu.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/writepng_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/writepng_cpu.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/nms_cpu.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/video/Video.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/video/Video.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/video/register.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/video_reader/VideoReader.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/video_reader/VideoReader.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cpu/vision_cpu.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cuda/cuda_helpers.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/cuda/vision_cuda.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/empty_tensor_op.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/alexnet.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/alexnet.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/densenet.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/densenet.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/general.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/googlenet.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/googlenet.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/inception.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/inception.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/mnasnet.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/mnasnet.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/mobilenet.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/mobilenet.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/models.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/modelsimpl.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/resnet.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/resnet.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/shufflenetv2.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/shufflenetv2.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/squeezenet.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/squeezenet.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/vgg.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/models/vgg.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/nms.h
Examining data/pytorch-vision-0.8.1/torchvision/csrc/vision.cpp
Examining data/pytorch-vision-0.8.1/torchvision/csrc/vision.h
FINAL RESULTS:
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder_test.cpp:86:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(time(nullptr));
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/decoder.cpp:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[kLogBufferSize] = {0};
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/memory_buffer.cpp:12:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, buffer_ + pos_, available);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/seekable_buffer.cpp:115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, buffer_.data() + pos_, available);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/subtitle_sampler.cpp:37:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out->writableTail(), in->data(), len);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder_test.cpp:48:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen(item.name.c_str(), "rb");
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder_test.cpp:88:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen(item.name.c_str(), "rb");
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder_test.cpp:320:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen(
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder_test.cpp:347:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen("pytorch/vision/test/assets/videos/R6llTwEh07w.mp4", "rb");
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder_test.cpp:386:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen("pytorch/vision/test/assets/videos/R6llTwEh07w.mp4", "rb");
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:25:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + pos, &src, required);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:40:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dest, src + pos, required);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:102:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + p, x.pict.data[i], x.pict.linesize[i]);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:114:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + p, x.text, s);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:126:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d + p, x.ass, s);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:182:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x.pict.data[i], y + p, x.pict.linesize[i]);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:195:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x.text, y + p, s);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:209:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x.ass, y + p, s);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/jpegcommon.h:16:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jpegLastErrorMsg[JMSG_LENGTH_MAX]; /* error messages */
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/read_write_file_cpu.cpp:47:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* outfile = fopen(fileCStr, "wb");
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/readjpeg_cpu.cpp:30:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(myerr->jpegLastErrorMsg, "Image is incomplete or truncated");
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/writejpeg_cpu.cpp:99:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(outPtr, jpegBuf, sizeof(uint8_t) * outTensor.numel());
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/writepng_cpu.cpp:61:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->buffer + p->size, data, length);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/image/writepng_cpu.cpp:170:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(outPtr, buf_info.buffer, sizeof(uint8_t) * outTensor.numel());
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/video/Video.cpp:39:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frameData, msg.payload->data(), sizeInBytes);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/video_reader/VideoReader.cpp:110:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frameData + offset, msg.payload->data(), sizeInBytes);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/decoder.cpp:187:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return seekableBuffer_.read(buf, size, params_.timeoutMs);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/memory_buffer.cpp:9:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int MemoryBuffer::read(uint8_t* buf, int size) {
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/memory_buffer.cpp:60:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return object.read(out, size);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/memory_buffer.h:14:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(uint8_t* buf, int size);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/seekable_buffer.cpp:108:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int SeekableBuffer::read(uint8_t* buf, int size, uint64_t timeoutMs) {
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/seekable_buffer.h:28:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(uint8_t* buf, int size, uint64_t timeoutMs);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder_test.cpp:363:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return object.read(out, size);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/sync_decoder_test.cpp:402:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return object.read(out, size);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:58:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(y.text);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:62:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(y.ass);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:107:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t s = strlen(x.text);
data/pytorch-vision-0.8.1/torchvision/csrc/cpu/decoder/util.cpp:119:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t s = strlen(x.ass);
ANALYSIS SUMMARY:
Hits = 38
Lines analyzed = 12412 in approximately 0.35 seconds (35264 lines/second)
Physical Source Lines of Code (SLOC) = 9883
Hits@level = [0] 5 [1] 12 [2] 25 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 43 [1+] 38 [2+] 26 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 4.35091 [1+] 3.84499 [2+] 2.63078 [3+] 0.101184 [4+] 0 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.