packages/pytorch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2024-31584

Browse Source
This commit is contained in:
wangxiaomeng 2024-05-10 14:01:04 +08:00
parent 84f48fb6cd
commit a35ad35368
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
0001-Fix-for-PyTorch-mobile-flatbuffer-loader-out-of-bounds-reads.patch Normal file
View File

@ -0,0 +1,37 @@
From 0d3ceb3058201868765ff3aa1126685f3f7f9ecc Mon Sep 17 00:00:00 2001
From: Andrew Calvano <calvano@fb.com>
Date: Fri, 17 Nov 2023 17:29:04 +0000
Subject: [PATCH] Fix for PyTorch mobile flatbuffer loader out of bounds reads
(#110162)
Summary:
The mobile_ivalue_size field in the mobile_bytecode flatbuffer schema can be larger than the ivalues vector. This introduces potential for memory corruption when parsing the mobile_bytecode Module.
This diff fixes the issue by ensuring that mobile_ivalue_size is less than the size of the ivalues vector.
Test Plan: contbuild & OSS CI
Differential Revision: D49687548
Pull Request resolved: https://github.com/pytorch/pytorch/pull/110162
Approved by: https://github.com/malfet
---
torch/csrc/jit/mobile/flatbuffer_loader.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/torch/csrc/jit/mobile/flatbuffer_loader.cpp b/torch/csrc/jit/mobile/flatbuffer_loader.cpp
index 2fb12a4f..2069330b 100644
--- a/torch/csrc/jit/mobile/flatbuffer_loader.cpp
+++ b/torch/csrc/jit/mobile/flatbuffer_loader.cpp
@@ -302,7 +302,7 @@ mobile::Module FlatbufferLoader::parseModule(
storage_loaded_.resize(module->storage_data_size(), false);
mobile_ivalue_size_ = module_->mobile_ivalue_size();
- if (mobile_ivalue_size_ == 0) {
+ if (mobile_ivalue_size_ == 0 || mobile_ivalue_size_ > ivalues->size()) {
mobile_ivalue_size_ = ivalues->size();
}
--
2.43.0

6
pytorch.spec
View File

@ -1,13 +1,14 @@
%global _empty_manifest_terminate_build 0 %global _empty_manifest_terminate_build 0
Name: pytorch Name: pytorch
Version: 2.1.2 Version: 2.1.2
Release: 2 Release: 3
Summary: Tensors and Dynamic neural networks in Python with strong GPU acceleration Summary: Tensors and Dynamic neural networks in Python with strong GPU acceleration
License: BSD-3-Clause License: BSD-3-Clause
URL: https://pytorch.org/ URL: https://pytorch.org/
Source0: https://github.com/pytorch/pytorch/releases/download/v%{version}/pytorch-v%{version}.tar.gz Source0: https://github.com/pytorch/pytorch/releases/download/v%{version}/pytorch-v%{version}.tar.gz
Patch1: 0001-add-Wno-error-nonnull-for-test-cpp-api.patch Patch1: 0001-add-Wno-error-nonnull-for-test-cpp-api.patch
Patch2: 0001-Fix-for-PyTorch-mobile-flatbuffer-loader-out-of-bounds-reads.patch
BuildRequires: g++ BuildRequires: g++
Requires: python3-future Requires: python3-future
Requires: python3-numpy Requires: python3-numpy
@ -86,6 +87,9 @@ mv %{buildroot}/doclist.lst .
%{_docdir}/* %{_docdir}/*
%changelog %changelog
* Mon Apr 22 2024 wangxiaomeng <wangxiaomeng@kylinos.cn> - 2.1.2-3
- Fix CVE-2024-31584
* Thu Jan 11 2024 Dongxing Wang <dongxing.wang_a@thundersoft.com> - 2.1.2-2 * Thu Jan 11 2024 Dongxing Wang <dongxing.wang_a@thundersoft.com> - 2.1.2-2
- Patch: Add -Wno-error=nonnull for test/cpp/api/ - Patch: Add -Wno-error=nonnull for test/cpp/api/