tensorflow/CVE-2021-29569.patch

From ef0c008ee84bad91ec6725ddc42091e19a30cf0e Mon Sep 17 00:00:00 2001
From: Laura Pak <lpak@google.com>
Date: Wed, 5 May 2021 08:16:13 -0700
Subject: [PATCH] Fix out of bound read in requantization_range_op.cc

PiperOrigin-RevId: 372129031
Change-Id: Ie684ab98a3840c5186ead3eafffc0e0ed0e8030d
---
 tensorflow/core/kernels/requantization_range_op.cc | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tensorflow/core/kernels/requantization_range_op.cc b/tensorflow/core/kernels/requantization_range_op.cc
index cc6e891a6b352..f6e217499d198 100644
--- a/tensorflow/core/kernels/requantization_range_op.cc
+++ b/tensorflow/core/kernels/requantization_range_op.cc
@@ -46,6 +46,10 @@ class RequantizationRangeOp : public OpKernel {
 
   void Compute(OpKernelContext* ctx) override {
     const Tensor& input = ctx->input(0);
+    OP_REQUIRES(ctx, ctx->input(1).NumElements() > 0,
+                errors::InvalidArgument("Input min must not be empty."));
+    OP_REQUIRES(ctx, ctx->input(2).NumElements() > 0,
+                errors::InvalidArgument("Input max must not be empty."));
     const float input_min_float = ctx->input(1).flat<float>()(0);
     const float input_max_float = ctx->input(2).flat<float>()(0);
     Tensor* output_min = nullptr;
fix CVE-2021-29512 CVE-2021-29514 CVE-2021-29519 CVE-2021-29520 CVE-2021-29522 CVE-2021-29524 CVE-2021-29527-to-CVE-2021-29530 CVE-2021-29532 CVE-2021-29536 CVE-2021-29539 CVE-2021-29541-to-CVE-2021-29543 CVE-2021-29545-to-CVE-2021-29547 CVE-2021-29549 CVE-2021-29550 CVE-2021-29552-to-CVE-2021-29559 CVE-2021-29561-to-CVE-2021-29564 CVE-2021-29567-to-CVE-2021-29570 CVE-2021-29572-to-CVE-2021-29582 CVE-2021-29585-to-CVE-2021-29588 CVE-2021-29590-to-CVE-2021-29593 CVE-2021-29596-to-CVE-2021-29601 CVE-2021-29603 CVE-2021-29605-to-CVE-2021-29609 CVE-2021-29613 CVE-2021-29615-to-CVE-2021-29617 CVE-2021-29619 CVE-2021-37637-to-CVE-2021-37639 CVE-2021-37641 CVE-2021-37644 CVE-2021-37646-to-CVE-2021-37649 CVE-2021-37652 CVE-2021-37656 CVE-2021-37659 CVE-2021-37660 CVE-2021-37663 CVE-2021-37667 CVE-2021-37670-to-CVE-2021-37673 CVE-2021-37676 CVE-2021-37677 CVE-2021-37680 CVE-2021-37682 CVE-2021-37685 CVE-2021-37687-to-CVE-2021-37689 2021-08-26 16:45:57 +08:00			`From ef0c008ee84bad91ec6725ddc42091e19a30cf0e Mon Sep 17 00:00:00 2001`
			`From: Laura Pak <lpak@google.com>`
			`Date: Wed, 5 May 2021 08:16:13 -0700`
			`Subject: [PATCH] Fix out of bound read in requantization_range_op.cc`

			`PiperOrigin-RevId: 372129031`
			`Change-Id: Ie684ab98a3840c5186ead3eafffc0e0ed0e8030d`
			`---`
			`tensorflow/core/kernels/requantization_range_op.cc \| 4 ++++`
			`1 file changed, 4 insertions(+)`

			`diff --git a/tensorflow/core/kernels/requantization_range_op.cc b/tensorflow/core/kernels/requantization_range_op.cc`
			`index cc6e891a6b352..f6e217499d198 100644`
			`--- a/tensorflow/core/kernels/requantization_range_op.cc`
			`+++ b/tensorflow/core/kernels/requantization_range_op.cc`
			`@@ -46,6 +46,10 @@ class RequantizationRangeOp : public OpKernel {`

			`void Compute(OpKernelContext* ctx) override {`
			`const Tensor& input = ctx->input(0);`
			`+ OP_REQUIRES(ctx, ctx->input(1).NumElements() > 0,`
			`+ errors::InvalidArgument("Input min must not be empty."));`
			`+ OP_REQUIRES(ctx, ctx->input(2).NumElements() > 0,`
			`+ errors::InvalidArgument("Input max must not be empty."));`
			`const float input_min_float = ctx->input(1).flat<float>()(0);`
			`const float input_max_float = ctx->input(2).flat<float>()(0);`
			`Tensor* output_min = nullptr;`