tensorflow/CVE-2021-37644.patch

From 8a6e874437670045e6c7dc6154c7412b4a2135e2 Mon Sep 17 00:00:00 2001
From: Laura Pak <lpak@google.com>
Date: Fri, 9 Jul 2021 17:32:55 -0700
Subject: [PATCH] Validate num_elements input in tf.raw_ops.TensorListReserve

PiperOrigin-RevId: 383954564
Change-Id: I454bd78eff85bc4f16ddb7e608596971cca47f8f
---
 tensorflow/core/kernels/list_kernels.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tensorflow/core/kernels/list_kernels.cc b/tensorflow/core/kernels/list_kernels.cc
index 9a2f373f5ce0c..488e02337f707 100644
--- a/tensorflow/core/kernels/list_kernels.cc
+++ b/tensorflow/core/kernels/list_kernels.cc
@@ -302,6 +302,10 @@ class TensorListReserve : public OpKernel {
     PartialTensorShape element_shape;
     OP_REQUIRES_OK(c, TensorShapeFromTensor(c->input(0), &element_shape));
     int32 num_elements = c->input(1).scalar<int32>()();
+    OP_REQUIRES(c, num_elements >= 0,
+                errors::InvalidArgument("The num_elements to reserve must be a "
+                                        "non negative number, but got ",
+                                        num_elements));
     TensorList output;
     output.element_shape = element_shape;
     output.element_dtype = element_dtype_;
fix CVE-2021-29512 CVE-2021-29514 CVE-2021-29519 CVE-2021-29520 CVE-2021-29522 CVE-2021-29524 CVE-2021-29527-to-CVE-2021-29530 CVE-2021-29532 CVE-2021-29536 CVE-2021-29539 CVE-2021-29541-to-CVE-2021-29543 CVE-2021-29545-to-CVE-2021-29547 CVE-2021-29549 CVE-2021-29550 CVE-2021-29552-to-CVE-2021-29559 CVE-2021-29561-to-CVE-2021-29564 CVE-2021-29567-to-CVE-2021-29570 CVE-2021-29572-to-CVE-2021-29582 CVE-2021-29585-to-CVE-2021-29588 CVE-2021-29590-to-CVE-2021-29593 CVE-2021-29596-to-CVE-2021-29601 CVE-2021-29603 CVE-2021-29605-to-CVE-2021-29609 CVE-2021-29613 CVE-2021-29615-to-CVE-2021-29617 CVE-2021-29619 CVE-2021-37637-to-CVE-2021-37639 CVE-2021-37641 CVE-2021-37644 CVE-2021-37646-to-CVE-2021-37649 CVE-2021-37652 CVE-2021-37656 CVE-2021-37659 CVE-2021-37660 CVE-2021-37663 CVE-2021-37667 CVE-2021-37670-to-CVE-2021-37673 CVE-2021-37676 CVE-2021-37677 CVE-2021-37680 CVE-2021-37682 CVE-2021-37685 CVE-2021-37687-to-CVE-2021-37689 2021-08-26 16:45:57 +08:00			`From 8a6e874437670045e6c7dc6154c7412b4a2135e2 Mon Sep 17 00:00:00 2001`
			`From: Laura Pak <lpak@google.com>`
			`Date: Fri, 9 Jul 2021 17:32:55 -0700`
			`Subject: [PATCH] Validate num_elements input in tf.raw_ops.TensorListReserve`

			`PiperOrigin-RevId: 383954564`
			`Change-Id: I454bd78eff85bc4f16ddb7e608596971cca47f8f`
			`---`
			`tensorflow/core/kernels/list_kernels.cc \| 4 ++++`
			`1 file changed, 4 insertions(+)`

			`diff --git a/tensorflow/core/kernels/list_kernels.cc b/tensorflow/core/kernels/list_kernels.cc`
			`index 9a2f373f5ce0c..488e02337f707 100644`
			`--- a/tensorflow/core/kernels/list_kernels.cc`
			`+++ b/tensorflow/core/kernels/list_kernels.cc`
			`@@ -302,6 +302,10 @@ class TensorListReserve : public OpKernel {`
			`PartialTensorShape element_shape;`
			`OP_REQUIRES_OK(c, TensorShapeFromTensor(c->input(0), &element_shape));`
			`int32 num_elements = c->input(1).scalar<int32>()();`
			`+ OP_REQUIRES(c, num_elements >= 0,`
			`+ errors::InvalidArgument("The num_elements to reserve must be a "`
			`+ "non negative number, but got ",`
			`+ num_elements));`
			`TensorList output;`
			`output.element_shape = element_shape;`
			`output.element_dtype = element_dtype_;`