trailofbits.python.waiting-with-pytorch-distributed.waiting-with-pytorch-distributed
trailofbitsAuthor
unknown
Download Count*
License
Not waiting for requests is a source of undefined behavior
Run Locally
Run in CI
Defintion
rules:
- id: waiting-with-pytorch-distributed
message: Not waiting for requests is a source of undefined behavior
languages:
- python
severity: WARNING
metadata:
category: security
cwe: "CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined
Behavior"
subcategory:
- vuln
confidence: MEDIUM
likelihood: LOW
impact: LOW
technology:
- pytorch
description: Possible `PyTorch` undefined behavior when not waiting for requests
references:
- https://pytorch.org/docs/stable/distributed.html#torch.distributed.isend
license: AGPL-3.0 license
vulnerability_class:
- Other
patterns:
- pattern-either:
- pattern: $REQ = torch.distributed.irecv(...)
- pattern: $REQ = torch.distributed.isend(...)
- pattern-not-inside: |
...
$REQ.wait()
Examples
waiting-with-pytorch-distributed.py
import torch.distributed as dist
def bad():
def run(rank, size):
tensor = torch.zeros(1)
req = None
if rank == 0:
tensor += 1
# ok: waiting-with-pytorch-distributed
req = dist.isend(tensor=tensor, dst=1)
print('Rank 0 started sending')
else:
# ok: waiting-with-pytorch-distributed
req = dist.irecv(tensor=tensor, src=0)
print('Rank 1 started receiving')
req.wait()
print('Rank ', rank, ' has data ', tensor[0])
# ruleid: waiting-with-pytorch-distributed
req = dist.isend(tensor=tensor, dst=1)
# ruleid: waiting-with-pytorch-distributed
req = dist.irecv(tensor=tensor, src=0)
return req
Short Link: https://sg.run/LpoX