tensorflow/CVE-2021-29537.patch

From f6c40f0c6cbf00d46c7717a26419f2062f2f8694 Mon Sep 17 00:00:00 2001
From: Mihai Maruseac <mihaimaruseac@google.com>
Date: Wed, 21 Apr 2021 17:00:39 -0700
Subject: [PATCH] Validate min and max arguments to `QuantizedResizeBilinear`.

---
 .../core/kernels/quantized_resize_bilinear_op.cc       | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc b/tensorflow/core/kernels/quantized_resize_bilinear_op.cc
index 8270fc11..a94f56a5 100644
--- a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc
+++ b/tensorflow/core/kernels/quantized_resize_bilinear_op.cc
@@ -703,8 +703,14 @@ class QuantizedResizeBilinearOp : public OpKernel {
 
   void Compute(OpKernelContext* context) override {
     const Tensor& input = context->input(0);
-    const float in_min = context->input(2).flat<float>()(0);
-    const float in_max = context->input(3).flat<float>()(0);
+    const auto& in_min_tensor = context->input(2);
+    OP_REQUIRES(context, TensorShapeUtils::IsScalar(in_min_tensor.shape()),
+		errors::InvalidArgument("min must be a scalar"));
+    const float in_min = in_min_tensor.flat<float>()(0);
+    const auto& in_max_tensor = context->input(3);
+    OP_REQUIRES(context, TensorShapeUtils::IsScalar(in_max_tensor.shape()),
+		errors::InvalidArgument("max must be a scalar"));
+    const float in_max = in_max_tensor.flat<float>()(0);
 
     ImageResizerState st(align_corners_, false);
     st.ValidateAndCreateOutput(context, input);
-- 
2.23.0
fix the cves to tensorflow 2021-08-31 15:06:16 +08:00			`From f6c40f0c6cbf00d46c7717a26419f2062f2f8694 Mon Sep 17 00:00:00 2001`
			`From: Mihai Maruseac <mihaimaruseac@google.com>`
			`Date: Wed, 21 Apr 2021 17:00:39 -0700`
			Subject: [PATCH] Validate min and max arguments to `QuantizedResizeBilinear`.

			`---`
			`.../core/kernels/quantized_resize_bilinear_op.cc \| 10 ++++++++--`
			`1 file changed, 8 insertions(+), 2 deletions(-)`

			`diff --git a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc b/tensorflow/core/kernels/quantized_resize_bilinear_op.cc`
			`index 8270fc11..a94f56a5 100644`
			`--- a/tensorflow/core/kernels/quantized_resize_bilinear_op.cc`
			`+++ b/tensorflow/core/kernels/quantized_resize_bilinear_op.cc`
			`@@ -703,8 +703,14 @@ class QuantizedResizeBilinearOp : public OpKernel {`

			`void Compute(OpKernelContext* context) override {`
			`const Tensor& input = context->input(0);`
			`- const float in_min = context->input(2).flat<float>()(0);`
			`- const float in_max = context->input(3).flat<float>()(0);`
			`+ const auto& in_min_tensor = context->input(2);`
			`+ OP_REQUIRES(context, TensorShapeUtils::IsScalar(in_min_tensor.shape()),`
			`+ errors::InvalidArgument("min must be a scalar"));`
			`+ const float in_min = in_min_tensor.flat<float>()(0);`
			`+ const auto& in_max_tensor = context->input(3);`
			`+ OP_REQUIRES(context, TensorShapeUtils::IsScalar(in_max_tensor.shape()),`
			`+ errors::InvalidArgument("max must be a scalar"));`
			`+ const float in_max = in_max_tensor.flat<float>()(0);`

			`ImageResizerState st(align_corners_, false);`
			`st.ValidateAndCreateOutput(context, input);`
			`--`
			`2.23.0`