packages/tensorflow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add patch CVE-2021-29534

Browse Source
This commit is contained in:
boris 2021-06-28 22:59:18 +08:00
parent 2be88c1be0
commit f37c38c5d3
2 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
CVE-2021-29534.patch Normal file
View File

@ -0,0 +1,64 @@
diff -Nur a/tensorflow/core/kernels/sparse_tensors_map_ops.cc b/tensorflow/core/kernels/sparse_tensors_map_ops.cc
--- a/tensorflow/core/kernels/sparse_tensors_map_ops.cc 2020-09-22 09:57:17.000000000 +0800
+++ b/tensorflow/core/kernels/sparse_tensors_map_ops.cc 2021-06-28 22:53:37.005305788 +0800
@@ -21,16 +21,12 @@
#include <utility>
#include <vector>
-#include "tensorflow/core/framework/op_kernel.h"
-#include "tensorflow/core/framework/register_types.h"
-
-#include "tensorflow/core/framework/op_kernel.h"
-#include "tensorflow/core/framework/register_types.h"
#include "tensorflow/core/framework/resource_mgr.h"
#include "tensorflow/core/framework/tensor.h"
#include "tensorflow/core/framework/tensor_util.h"
#include "tensorflow/core/framework/types.h"
#include "tensorflow/core/lib/gtl/inlined_vector.h"
+#include "tensorflow/core/util/overflow.h"
#include "tensorflow/core/util/sparse/sparse_tensor.h"
namespace tensorflow {
@@ -254,7 +250,22 @@
errors::InvalidArgument(
"Rank of input SparseTensor should be > 1, but saw rank: ", rank));
- TensorShape tensor_input_shape(input_shape->vec<int64>());
+ auto input_shape_vec = input_shape->vec<int64>();
+ int new_num_elements = 1;
+ bool overflow_ocurred = false;
+ for (int i = 0; i < input_shape_vec.size(); i++) {
+ new_num_elements =
+ MultiplyWithoutOverflow(new_num_elements, input_shape_vec(i));
+ if (new_num_elements < 0) {
+ overflow_ocurred = true;
+ }
+ }
+
+ OP_REQUIRES(
+ context, !overflow_ocurred,
+ errors::Internal("Encountered overflow from large input shape."));
+
+ TensorShape tensor_input_shape(input_shape_vec);
gtl::InlinedVector<int64, 8> std_order(rank);
std::iota(std_order.begin(), std_order.end(), 0);
SparseTensor input_st;
@@ -262,8 +273,7 @@
tensor_input_shape, std_order,
&input_st));
- auto input_shape_t = input_shape->vec<int64>();
- const int64 N = input_shape_t(0);
+ const int64 N = input_shape_vec(0);
Tensor sparse_handles(DT_INT64, TensorShape({N}));
auto sparse_handles_t = sparse_handles.vec<int64>();
@@ -274,7 +284,7 @@
// minibatch entries.
TensorShape output_shape;
OP_REQUIRES_OK(context, TensorShapeUtils::MakeShape(
- input_shape_t.data() + 1,
+ input_shape_vec.data() + 1,
input_shape->NumElements() - 1, &output_shape));
// Get groups by minibatch dimension

6
tensorflow.spec
View File

@ -1,7 +1,7 @@
%global _empty_manifest_terminate_build 0 %global _empty_manifest_terminate_build 0
Name: tensorflow Name: tensorflow
Version: 2.3.1 Version: 2.3.1
Release: 3 Release: 4
Summary: An Open Source Machine Learning Framework for Everyone Summary: An Open Source Machine Learning Framework for Everyone
License: Apache License 2.0 License: Apache License 2.0
URL: https://www.tensorflow.org/ URL: https://www.tensorflow.org/
@ -13,6 +13,7 @@ Patch0001: 0001-Add-arm-source-file-into-aws-checksums.patch
Patch0002: CVE-2021-29538.patch Patch0002: CVE-2021-29538.patch
Patch0003: CVE-2021-29535.patch Patch0003: CVE-2021-29535.patch
Patch0004: CVE-2021-29566.patch Patch0004: CVE-2021-29566.patch
Patch0005: CVE-2021-29534.patch
Requires: python3-future Requires: python3-future
Requires: python3-numpy Requires: python3-numpy
@ -59,6 +60,9 @@ bazel --output_user_root=`pwd`/../output_user_root build //tensorflow/tools/pip_
%{_bindir}/* %{_bindir}/*
%changelog %changelog
* Mon Jun 28 2021 polite2anyone <zhangyao05@outlook,com> - 2.3.1-4
- Add patch CVE-2021-29534
* Fri Jun 25 2021 yaozc7 <yaozc7@foxmail.com> - 2.3.1-3 * Fri Jun 25 2021 yaozc7 <yaozc7@foxmail.com> - 2.3.1-3
- Add patch CVE-2021-29538,CVE-2021-29535,CVE-2021-29566 - Add patch CVE-2021-29538,CVE-2021-29535,CVE-2021-29566