packages/tensorflow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add patch CVE-2021-29538,CVE-2021-29566.patch,CVE-2021-29535.patch

Browse Source
This commit is contained in:
yaozc701 2021-06-23 23:38:35 +08:00
parent f26f76e173
commit c17f2970db
4 changed files with 158 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
CVE-2021-29535.patch Normal file
View File

@ -0,0 +1,42 @@
From efea03b38fb8d3b81762237dc85e579cc5fc6e87 Mon Sep 17 00:00:00 2001
From: Mihai Maruseac <mihaimaruseac@google.com>
Date: Wed, 21 Apr 2021 16:15:46 -0700
Subject: [PATCH] Validate inputs to `QuantizedMul`
PiperOrigin-RevId: 369756982
Change-Id: I00d960cc3b9316fd7a86bd37a44e341c96e17624
---
tensorflow/core/kernels/quantized_mul_op.cc | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/tensorflow/core/kernels/quantized_mul_op.cc b/tensorflow/core/kernels/quantized_mul_op.cc
index fb56f68bf14db..22cff8939449a 100644
--- a/tensorflow/core/kernels/quantized_mul_op.cc
+++ b/tensorflow/core/kernels/quantized_mul_op.cc
@@ -284,10 +284,22 @@ class QuantizedMulOp : public OpKernel {
void Compute(OpKernelContext* context) override {
const Tensor& x = context->input(0);
const Tensor& y = context->input(1);
- const float min_x = context->input(2).flat<float>()(0);
- const float max_x = context->input(3).flat<float>()(0);
- const float min_y = context->input(4).flat<float>()(0);
- const float max_y = context->input(5).flat<float>()(0);
+ auto& min_x_tensor = context->input(2);
+ OP_REQUIRES(context, TensorShapeUtils::IsScalar(min_x_tensor.shape()),
+ errors::InvalidArgument("min_x must be a scalar"));
+ const float min_x = min_x_tensor.flat<float>()(0);
+ auto& max_x_tensor = context->input(3);
+ OP_REQUIRES(context, TensorShapeUtils::IsScalar(max_x_tensor.shape()),
+ errors::InvalidArgument("max_x must be a scalar"));
+ const float max_x = max_x_tensor.flat<float>()(0);
+ auto& min_y_tensor = context->input(4);
+ OP_REQUIRES(context, TensorShapeUtils::IsScalar(min_y_tensor.shape()),
+ errors::InvalidArgument("min_y must be a scalar"));
+ const float min_y = min_y_tensor.flat<float>()(0);
+ auto& max_y_tensor = context->input(5);
+ OP_REQUIRES(context, TensorShapeUtils::IsScalar(max_y_tensor.shape()),
+ errors::InvalidArgument("max_y must be a scalar"));
+ const float max_y = max_y_tensor.flat<float>()(0);
BCast bcast(BCast::FromShape(x.shape()), BCast::FromShape(y.shape()));
if (!bcast.IsValid()) {

42
CVE-2021-29538.patch Normal file
View File

@ -0,0 +1,42 @@
From c570e2ecfc822941335ad48f6e10df4e21f11c96 Mon Sep 17 00:00:00 2001
From: Mihai Maruseac <mihaimaruseac@google.com>
Date: Wed, 21 Apr 2021 17:50:10 -0700
Subject: [PATCH] Fix issues in Conv2DBackpropFilter.
PiperOrigin-RevId: 369772454
Change-Id: I49b465f2ae2ce91def61b56cea8000197d5177d8
---
tensorflow/core/kernels/conv_grad_filter_ops.cc | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/tensorflow/core/kernels/conv_grad_filter_ops.cc b/tensorflow/core/kernels/conv_grad_filter_ops.cc
index fb48e3e285a27..2645d850ab7cf 100644
--- a/tensorflow/core/kernels/conv_grad_filter_ops.cc
+++ b/tensorflow/core/kernels/conv_grad_filter_ops.cc
@@ -495,6 +495,14 @@ class Conv2DCustomBackpropFilterOp : public OpKernel {
const int filter_total_size = dims.spatial_dims[0].filter_size *
dims.spatial_dims[1].filter_size *
dims.in_depth;
+ OP_REQUIRES(
+ context,
+ filter_total_size * dims.out_depth == filter_backprop->NumElements(),
+ errors::InvalidArgument(
+ "filter_size does not have enough elements, requested ",
+ filter_total_size * dims.out_depth, ", got ",
+ filter_backprop->NumElements()));
+
// The output image size is the spatial size of the output.
const int output_image_size =
dims.spatial_dims[0].output_size * dims.spatial_dims[1].output_size;
@@ -518,6 +526,11 @@ class Conv2DCustomBackpropFilterOp : public OpKernel {
const size_t work_unit_size = size_A + size_B + size_C;
+ OP_REQUIRES(
+ context, work_unit_size != 0,
+ errors::InvalidArgument(
+ "Work size for convolution would be 0, which is not acceptable"));
+
const size_t shard_size =
(target_working_set_size + work_unit_size - 1) / work_unit_size;

65
CVE-2021-29566.patch Normal file
View File

@ -0,0 +1,65 @@
From 3f6fe4dfef6f57e768260b48166c27d148f3015f Mon Sep 17 00:00:00 2001
From: Mihai Maruseac <mihaimaruseac@google.com>
Date: Tue, 4 May 2021 18:33:28 -0700
Subject: [PATCH] Add missing validations in dillation ops.
PiperOrigin-RevId: 372037158
Change-Id: I4ee304c84a02550c030288a6534000b934fc1599
---
tensorflow/core/kernels/dilation_ops.cc | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/tensorflow/core/kernels/dilation_ops.cc b/tensorflow/core/kernels/dilation_ops.cc
index 738ea31d555d5..996ddb62bfefe 100644
--- a/tensorflow/core/kernels/dilation_ops.cc
+++ b/tensorflow/core/kernels/dilation_ops.cc
@@ -130,6 +130,7 @@ class DilationOp : public OpKernel {
ParseSizes(context, strides_, rates_, padding_, &stride_rows, &stride_cols,
&rate_rows, &rate_cols, &pad_top, &pad_left, &out_rows,
&out_cols);
+ if (!context->status().ok()) return;
// Output tensor is of the following dimensions:
// [ batch, out_rows, out_cols, depth ]
@@ -229,6 +230,7 @@ class DilationBackpropInputOp : public OpKernel {
ParseSizes(context, strides_, rates_, padding_, &stride_rows, &stride_cols,
&rate_rows, &rate_cols, &pad_top, &pad_left, &out_rows,
&out_cols);
+ if (!context->status().ok()) return;
// Verify that the incoming gradient tensor has the expected size
// [ batch, out_rows, out_cols, depth ]
@@ -318,8 +320,10 @@ struct DilationBackpropInput<CPUDevice, T> {
}
}
}
- in_backprop(b, h_in_max, w_in_max, d) +=
- out_backprop(b, h_out, w_out, d);
+ if (h_in_max < input_rows && w_in_max < input_cols) {
+ in_backprop(b, h_in_max, w_in_max, d) +=
+ out_backprop(b, h_out, w_out, d);
+ }
}
}
}
@@ -349,6 +353,7 @@ class DilationBackpropFilterOp : public OpKernel {
ParseSizes(context, strides_, rates_, padding_, &stride_rows, &stride_cols,
&rate_rows, &rate_cols, &pad_top, &pad_left, &out_rows,
&out_cols);
+ if (!context->status().ok()) return;
// Verify that the incoming gradient tensor has the expected size
// [ batch, out_rows, out_cols, depth ]
@@ -438,8 +443,10 @@ struct DilationBackpropFilter<CPUDevice, T> {
}
}
}
- filter_backprop(h_max, w_max, d) +=
- out_backprop(b, h_out, w_out, d);
+ if (h_max < filter_rows && w_max < filter_cols) {
+ filter_backprop(h_max, w_max, d) +=
+ out_backprop(b, h_out, w_out, d);
+ }
}
}
}

13
tensorflow.spec
View File

@ -1,16 +1,18 @@
%global _empty_manifest_terminate_build 0
Name: tensorflow
Version: 2.3.1
Release: 2
Release: 3
Summary: An Open Source Machine Learning Framework for Everyone
License: Apache License 2.0
URL: https://www.tensorflow.org/
Source0: https://github.com/tensorflow/tensorflow/archive/v%{version}.tar.gz#/tensorflow-%{version}.tar.gz
#sh -x updateSource1.sh
Source1: external-%{_arch}.tar.bz2
Patch0001: 0001-Add-arm-source-file-into-aws-checksums.patch
Source1: external-%{_arch}.tar.bz2
Patch0001: 0001-Add-arm-source-file-into-aws-checksums.patch
Patch0002: CVE-2021-29538.patch
Patch0003: CVE-2021-29535.patch
Patch0004: CVE-2021-29566.patch
Requires: python3-future
Requires: python3-numpy
@ -57,6 +59,9 @@ bazel --output_user_root=`pwd`/../output_user_root build //tensorflow/tools/pip_
%{_bindir}/*
%changelog
* Fri Jun 25 2021 yaozc7 <yaozc7@foxmail.com> - 2.3.1-3
- Add patch CVE-2021-29538,CVE-2021-29535,CVE-2021-29566
* Mon May 31 2021 huanghaitao <huanghaitao8@huawei.com> - 2.3.1-2
- Completing build dependencies to fix gcc/gcc-c++ compiler missing error