packages/tensorflow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!13 漏洞处理 CVE-2021-29513

Browse Source 
From: @d85
Reviewed-by: @yangzhao_kl
Signed-off-by: @yangzhao_kl
This commit is contained in:
openeuler-ci-bot 2021-08-12 07:35:24 +00:00 committed by Gitee
commit 66883d457b
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
CVE-2021-29513.patch Normal file
View File

@ -0,0 +1,37 @@
From 030af767d357d1b4088c4a25c72cb3906abac489 Mon Sep 17 00:00:00 2001
From: Amit Patankar <amitpatankar@google.com>
Date: Tue, 13 Apr 2021 14:25:01 -0700
Subject: [PATCH] Fix `tf.raw_ops.ResourceCountUpTo` null pointer dereference.
PiperOrigin-RevId: 368294347
Change-Id: I2c16fbfc9b4966c402c3d8e311f0d665a9c852d8
---
tensorflow/python/lib/core/ndarray_tensor.cc | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/tensorflow/python/lib/core/ndarray_tensor.cc b/tensorflow/python/lib/core/ndarray_tensor.cc
index 03fbea397485e..6cf51ceebbdaa 100644
--- a/tensorflow/python/lib/core/ndarray_tensor.cc
+++ b/tensorflow/python/lib/core/ndarray_tensor.cc
@@ -16,6 +16,7 @@ limitations under the License.
#include "tensorflow/python/lib/core/ndarray_tensor.h"
#include <cstring>
+#include <optional>
#include "tensorflow/c/eager/tfe_context_internal.h"
#include "tensorflow/c/tf_tensor_internal.h"
@@ -74,6 +75,13 @@ Status PyArrayDescr_to_TF_DataType(PyArray_Descr* descr,
PyObject* key;
PyObject* value;
Py_ssize_t pos = 0;
+
+ // Return an error if the fields attribute is null.
+ // Occurs with an improper conversion attempt to resource.
+ if (descr->fields == nullptr) {
+ return errors::Internal("Unexpected numpy data type");
+ }
+
if (PyDict_Next(descr->fields, &pos, &key, &value)) {
// In Python 3, the keys of numpy custom struct types are unicode, unlike
// Python 2, where the keys are bytes.

6
tensorflow.spec
View File

@ -1,7 +1,7 @@
%global _empty_manifest_terminate_build 0 %global _empty_manifest_terminate_build 0
Name: tensorflow Name: tensorflow
Version: 2.3.1 Version: 2.3.1
Release: 5 Release: 6
Summary: An Open Source Machine Learning Framework for Everyone Summary: An Open Source Machine Learning Framework for Everyone
License: Apache License 2.0 License: Apache License 2.0
URL: https://www.tensorflow.org/ URL: https://www.tensorflow.org/
@ -15,6 +15,7 @@ Patch0003: CVE-2021-29535.patch
Patch0004: CVE-2021-29566.patch Patch0004: CVE-2021-29566.patch
Patch0005: CVE-2021-29534.patch Patch0005: CVE-2021-29534.patch
Patch0006: fix_compile.patch Patch0006: fix_compile.patch
Patch0007: CVE-2021-29513.patch
Requires: python3-future Requires: python3-future
Requires: python3-numpy Requires: python3-numpy
@ -61,6 +62,9 @@ bazel --output_user_root=`pwd`/../output_user_root build --host_copt=-Wno-string
%{_bindir}/* %{_bindir}/*
%changelog %changelog
* Fri Aug 06 2021 Ding Taixin <1315774958@qq.com> - 2.3.1-6
- Add patch CVE-2021-29513
* Fri Aug 06 2021 linjiaxin5 <linjiaxin5@huawei.com> - 2.3.1-5 * Fri Aug 06 2021 linjiaxin5 <linjiaxin5@huawei.com> - 2.3.1-5
- Fix failure caused by GCC upgrade to 10 - Fix failure caused by GCC upgrade to 10
- add patch fix_compile.patch - add patch fix_compile.patch