!5 漏洞处理CVE-2021-29534

From: @polite2anyone
Reviewed-by: @sinever,@zhu-yuncheng
Signed-off-by: @sinever

CVE-2021-29534.patch

@@ -0,0 +1,64 @@
+diff -Nur a/tensorflow/core/kernels/sparse_tensors_map_ops.cc b/tensorflow/core/kernels/sparse_tensors_map_ops.cc
+--- a/tensorflow/core/kernels/sparse_tensors_map_ops.cc	2020-09-22 09:57:17.000000000 +0800
++++ b/tensorflow/core/kernels/sparse_tensors_map_ops.cc	2021-06-28 22:53:37.005305788 +0800
+@@ -21,16 +21,12 @@
+ #include <utility>
+ #include <vector>
+ 
+-#include "tensorflow/core/framework/op_kernel.h"
+-#include "tensorflow/core/framework/register_types.h"
+-
+-#include "tensorflow/core/framework/op_kernel.h"
+-#include "tensorflow/core/framework/register_types.h"
+ #include "tensorflow/core/framework/resource_mgr.h"
+ #include "tensorflow/core/framework/tensor.h"
+ #include "tensorflow/core/framework/tensor_util.h"
+ #include "tensorflow/core/framework/types.h"
+ #include "tensorflow/core/lib/gtl/inlined_vector.h"
++#include "tensorflow/core/util/overflow.h"
+ #include "tensorflow/core/util/sparse/sparse_tensor.h"
+ 
+ namespace tensorflow {
+@@ -254,7 +250,22 @@
+         errors::InvalidArgument(
+             "Rank of input SparseTensor should be > 1, but saw rank: ", rank));
+ 
+-    TensorShape tensor_input_shape(input_shape->vec<int64>());
++    auto input_shape_vec = input_shape->vec<int64>();
++    int new_num_elements = 1;
++    bool overflow_ocurred = false;
++    for (int i = 0; i < input_shape_vec.size(); i++) {
++  	  new_num_elements =
++            MultiplyWithoutOverflow(new_num_elements, input_shape_vec(i));
++          if (new_num_elements < 0) {
++            overflow_ocurred = true;
++          }
++    }
++
++    OP_REQUIRES(
++       context, !overflow_ocurred,
++       errors::Internal("Encountered overflow from large input shape."));
++    
++    TensorShape tensor_input_shape(input_shape_vec);
+     gtl::InlinedVector<int64, 8> std_order(rank);
+     std::iota(std_order.begin(), std_order.end(), 0);
+     SparseTensor input_st;
+@@ -262,8 +273,7 @@
+                                                  tensor_input_shape, std_order,
+                                                  &input_st));
+ 
+-    auto input_shape_t = input_shape->vec<int64>();
+-    const int64 N = input_shape_t(0);
++    const int64 N = input_shape_vec(0);
+ 
+     Tensor sparse_handles(DT_INT64, TensorShape({N}));
+     auto sparse_handles_t = sparse_handles.vec<int64>();
+@@ -274,7 +284,7 @@
+     // minibatch entries.
+     TensorShape output_shape;
+     OP_REQUIRES_OK(context, TensorShapeUtils::MakeShape(
+-                                input_shape_t.data() + 1,
++                                input_shape_vec.data() + 1,
+                                 input_shape->NumElements() - 1, &output_shape));
+ 
+     // Get groups by minibatch dimension

tensorflow.spec

@@ -1,7 +1,7 @@
 %global _empty_manifest_terminate_build 0
 Name:		tensorflow
 Version:	2.3.1
-Release:	3
+Release:	4
 Summary:	An Open Source Machine Learning Framework for Everyone
 License:	Apache License 2.0
 URL:		https://www.tensorflow.org/
@@ -13,6 +13,7 @@ Patch0001:      0001-Add-arm-source-file-into-aws-checksums.patch
 Patch0002:      CVE-2021-29538.patch
 Patch0003:      CVE-2021-29535.patch
 Patch0004:      CVE-2021-29566.patch
+Patch0005:	CVE-2021-29534.patch
 Requires:	python3-future
 Requires:	python3-numpy
 
@@ -59,6 +60,9 @@ bazel --output_user_root=`pwd`/../output_user_root build //tensorflow/tools/pip_
 %{_bindir}/*
 
 %changelog
+* Mon Jun 28 2021 polite2anyone <zhangyao05@outlook,com> - 2.3.1-4
+- Add patch CVE-2021-29534
+
 * Fri Jun 25 2021 yaozc7 <yaozc7@foxmail.com> - 2.3.1-3
 - Add patch CVE-2021-29538,CVE-2021-29535,CVE-2021-29566